Displaying 20 results from an estimated 58 matches for "config_bridge_netfilter".
2007 Apr 18
1
[PATCH][BRIDGE] br.c depends on CONFIG_BRIDGE_NETFILTER, not CONFIG_NETFILTER
Hi Dave,
The patch below lets the bridge compile when CONFIG_BRIDGE_NETFILTER
isn't enabled.
This patch is an update of M.J. Miroslaw's patch that arrived through
private mail.
cheers,
Bart
--- linux-2.6.0-test10/net/bridge/br.c.old Wed Nov 26 01:28:16 2003
+++ linux-2.6.0-test10/net/bridge/br.c Wed Nov 26 01:31:54 2003
@@ -32,7 +32,7 @@ int (*br_should_route_hook)...
2007 Apr 18
2
[Bridge] large packet size doesn't work
Hi,
I have just configured a Linux box with kernel 2.6.16.7 and configured two
ethernet interfaces (with MTU 1500) in bridge mode. CONFIG_BRIDGE_NETFILTER
is enabled.
The problem is that ping -s 1500 192.168.0.2 doesn't work from 192.168.0.1
if the systems are separated by the bridge. Normal ping with smaller packet
size works ok.
What is wrong?
Best Regards
Fulvio Ricciardi
2007 Apr 18
4
[Bridge] [PATCH/RFC] Let {ip, arp}tables "see" bridged VLAN tagged {I, AR}P packets
...becomes VLAN, the Ethernet
header pointer should be updated correctly. Also, the network header
pointer should now point to the VLAN header.
This code is needed for the code in br_netfilter.c to work, without it
things will get more complicated inside br_netfilter.c.
I can put it between an #ifdef CONFIG_BRIDGE_NETFILTER if you like, but
I think that to keep the skb correct these changes should always happen.
- {arp,ip}tables can filter the VLAN tagged packets thanks to some
playing around with the skb->data and skb->nh.raw pointer inside
br_netfilter.c.
When br0.1000 (or the like) exists, this is what happe...
2019 Mar 12
2
CentOS virt-sig Linux kernel 4.9.155 build
...virt7/xen-kernel/pull/18
> >
> > Hi Karl, I've build and tested your PR, but without the GCC7 patch, and
> > when I've tested it on el6, none of the guests had network access.
> > I had to revert the bridge changes to have them working
> > (CONFIG_BRIDGE_NETFILTER=m and CONFIG_BRIDGE=m).
> >
> > Why did you want the BRIDGE built-in instead of a module?
> >
> > Maybe you have something to setup the bridge (probably filter) properly,
> > or maybe something is different in the xen package between el6 and el7.
>...
2019 Mar 04
2
CentOS virt-sig Linux kernel 4.9.155 build
...t; I updated my PR: https://github.com/CentOS-virt7/xen-kernel/pull/18
>
> Hi Karl, I've build and tested your PR, but without the GCC7 patch, and
> when I've tested it on el6, none of the guests had network access.
> I had to revert the bridge changes to have them working
> (CONFIG_BRIDGE_NETFILTER=m and CONFIG_BRIDGE=m).
>
> Why did you want the BRIDGE built-in instead of a module?
>
> Maybe you have something to setup the bridge (probably filter) properly,
> or maybe something is different in the xen package between el6 and el7.
> Any idea?
>
> I still have to invest...
2019 Mar 23
2
CentOS virt-sig Linux kernel 4.9.155 build
...> Hi Karl, I've build and tested your PR, but without the GCC7
> patch, and
> > > > when I've tested it on el6, none of the guests had network
> access.
> > > > I had to revert the bridge changes to have them working
> > > > (CONFIG_BRIDGE_NETFILTER=m and CONFIG_BRIDGE=m).
> > > >
> > > > Why did you want the BRIDGE built-in instead of a module?
> > > >
> > > > Maybe you have something to setup the bridge (probably filter)
> properly,
> > > > or maybe something is di...
2006 Jan 25
8
[Bug 400] connection tracking does not work on VLANs if underlying interface is a bridge
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=400
------- Additional Comments From kaber@trash.net 2006-01-25 12:55 MET -------
Please add a LOG rule to PRE_ROUTING in the mangle table and post the output.
BTW, are you using hardware checksumming (check with ethtool) on the underlying
ethernet device?
--
Configure bugmail:
2019 Feb 27
3
CentOS virt-sig Linux kernel 4.9.155 build
On Wed, Feb 27, 2019 at 4:44 AM Pasi K?rkk?inen <pasik at iki.fi> wrote:
> Hi,
>
> On Mon, Feb 11, 2019 at 12:49:30PM +0200, Pasi K?rkk?inen wrote:
> > Hi,
> >
> > On Sun, Feb 10, 2019 at 10:35:56PM -0500, Karl Johnson wrote:
> > > Hello,
> > > I built 4.9.155 for both el6 and el7, you can test them here:
> > > [1]
>
2019 Mar 04
0
CentOS virt-sig Linux kernel 4.9.155 build
...t get released.
>
> I updated my PR: https://github.com/CentOS-virt7/xen-kernel/pull/18
Hi Karl, I've build and tested your PR, but without the GCC7 patch, and
when I've tested it on el6, none of the guests had network access.
I had to revert the bridge changes to have them working
(CONFIG_BRIDGE_NETFILTER=m and CONFIG_BRIDGE=m).
Why did you want the BRIDGE built-in instead of a module?
Maybe you have something to setup the bridge (probably filter) properly,
or maybe something is different in the xen package between el6 and el7.
Any idea?
I still have to investigate the Xen pkg, and have a closer...
2019 Mar 05
0
CentOS virt-sig Linux kernel 4.9.155 build
...ttps://github.com/CentOS-virt7/xen-kernel/pull/18
>
> Hi Karl, I've build and tested your PR, but without the GCC7 patch, and
> when I've tested it on el6, none of the guests had network access.
> I had to revert the bridge changes to have them working
> (CONFIG_BRIDGE_NETFILTER=m and CONFIG_BRIDGE=m).
>
> Why did you want the BRIDGE built-in instead of a module?
>
> Maybe you have something to setup the bridge (probably filter) properly,
> or maybe something is different in the xen package between el6 and el7.
> Any idea?
>
>...
2019 Mar 22
0
CentOS virt-sig Linux kernel 4.9.155 build
...> > >
> > > Hi Karl, I've build and tested your PR, but without the GCC7 patch, and
> > > when I've tested it on el6, none of the guests had network access.
> > > I had to revert the bridge changes to have them working
> > > (CONFIG_BRIDGE_NETFILTER=m and CONFIG_BRIDGE=m).
> > >
> > > Why did you want the BRIDGE built-in instead of a module?
> > >
> > > Maybe you have something to setup the bridge (probably filter) properly,
> > > or maybe something is different in the xen package b...
2007 Apr 18
0
[Bridge] packet size
Hi,
I have just configured a Linux box with kernel 2.6.16.7 and configured two
ethernet interfaces (with MTU 1500) in bridge mode. CONFIG_BRIDGE_NETFILTER
is enabled.
The problem is that ping -s 1500 192.168.0.2 doesn't work from 192.168.0.1
if the systems are separated by the bridge. Normal ping with smaller packet
size works ok.
What is wrong?
Best Regards
Fulvio Ricciardi
2007 Apr 18
0
[Bridge] Transparent shaper with 2.6 kernel
...all!
I'm trying to make a transparent shaper with kernel 2.6.11
I have done this and used it many times on 2.4.25 kernel and
ebtables-brnf-5_vs_2.4.25.diff
On 2.4.25 I have been using U32 classifiers and HTB.
On 2.6.11 even with :
newserver ~ # zcat /proc/config.gz | grep -i BRIDGE_NETFILTER
CONFIG_BRIDGE_NETFILTER=y
newserver ~ # ls /proc/sys/net/bridge/
bridge-nf-call-arptables bridge-nf-call-ip6tables
bridge-nf-call-iptables bridge-nf-filter-vlan-tagged
newserver ~ # cat /proc/sys/net/bridge/*
1
1
1
1
I'm still not succeeding ti shape the traffic on the bridge interface
Any ideas please???
2007 Jun 06
0
[Patch] vnet-module
...t; function from kernel to skb_util.c
because pulling in the data will rise a "BUG_ON" in the
kernel.
- the skb_buff is not always possible to modify.
(vnet_forward.c and etherip.c) The code now work''s..
I think with no or less time-penalty.
Info for kernel-option CONFIG_BRIDGE_NETFILTER :
There is a race-condition in the code (nf_iterate), which will
kill the kernel. With hyperthreading and vnet over 2 Server
a scp will kill it in less 1 (one) second. Blocking hyperthreading
the same will work less then 30 seconds. Dropping the bridge-
netfilter code, no error''s in 3 hour...
2007 Oct 01
0
Problem with Julian Anastasov''s routing patches
...order to be able to use these patches?
I''m using a vanilla kernel 2.6.21.7 with the following patches:
- IMQ
- Layer 7
- Julian''s route patches (version for kernel 2.6.21)
relevant parts of .config:
CONFIG_IP_ROUTE_MULTIPATH=y
# CONFIG_IP_ROUTE_MULTIPATH_CACHED is not set
...
# CONFIG_BRIDGE_NETFILTER is not set
# CONFIG_BRIDGE_NF_EBTABLES is not set
CONFIG_BRIDGE=m
Thanks for any help,
François.
2006 Dec 13
0
A word about bridgeing to the wise...
I have seen and responded to many different bridging related firewalling
questions as of late. There seems to be a common assumption that
IPTables does not and / or can not see bridged traffic. This is not the
case.
If you enable the "Bridged IP/ARP packets filtering"
(CONFIG_BRIDGE_NETFILTER) option IPTables can see and act on bridged
traffic. If this is turned on and you have a default filter:FORWARD
policy of DENY, or a catch all rule of DENY, you will need to explicitly
allow bridged traffic to be forwarded.
(excerpt from menuconfig) "Enabling this option will let arptable...
2019 Mar 23
0
CentOS virt-sig Linux kernel 4.9.155 build
...I've build and tested your PR, but without the GCC7
>> patch, and
>> > > > when I've tested it on el6, none of the guests had network
>> access.
>> > > > I had to revert the bridge changes to have them working
>> > > > (CONFIG_BRIDGE_NETFILTER=m and CONFIG_BRIDGE=m).
>> > > >
>> > > > Why did you want the BRIDGE built-in instead of a module?
>> > > >
>> > > > Maybe you have something to setup the bridge (probably filter)
>> properly,
>> > > >...
2007 Apr 18
2
[Bridge] Re: [PATCH] TSO fix in br_dev_queue_push_xmit
...int br_dev_queue_push_xmit(struct sk_buff *skb)
{
- if (skb->len > skb->dev->mtu)
+ /* drop mtu oversized packets except tso */
+ if (skb->len > skb->dev->mtu && !skb_shinfo(skb)->tso_size)
kfree_skb(skb);
else {
#ifdef CONFIG_BRIDGE_NETFILTER
2023 May 15
5
[Bridge] [PATCH net-next 1/2] bridge: Add a limit on FDB entries
...idge/br_private.h
index 2119729ded2b..64fb359c6e3e 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -494,6 +494,8 @@ struct net_bridge {
#endif
struct rhashtable fdb_hash_tbl;
+ u32 fdb_n_entries;
+ u32 fdb_max_entries;
struct list_head port_list;
#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
union {
--
2.40.1
2023 May 15
3
[Bridge] [PATCH net-next 1/2] bridge: Add a limit on FDB entries
...idge {
> #endif
>
> struct rhashtable fdb_hash_tbl;
> + u32 fdb_n_entries;
> + u32 fdb_max_entries;
These are not critical, so I'd use 4 byte holes in net_bridge and pack it better
instead of making it larger.
> struct list_head port_list;
> #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
> union {