Displaying 3 results from an estimated 3 matches for "ipv4_sabotage_out".
2007 Apr 18
2
[Bridge] Re: Policy match with a bridge
...c+netfilter patches ? Without them, packets
> are
> | only seen encrypted in the OUTPUT chain.
> |
> Yes -- the ipsec+netfilter patches are applied. Here is the same test
> with the bridge removed and the local ip address transfered to one of
> the network cards:
The problem is ipv4_sabotage_out in the briding code. It prevents the
packet from hitting the LOCAL_OUT hook while it is still unencrypted.
When it hits the bridging code and its LOCAL_OUT hook it's too late.
Not sure how to handle it yet.
Regards
Patrick
2007 Apr 18
2
[Bridge] IPv6 + ip6tables packet bridging?
Hiyas,
Is there a patch for the 2.4.x series to do
ip6tables bridging of IPv6 packets? I was unable to
go to 2.6 due to issues with large packets so still
living in 2.4 land. If there are no patches, any
ideas on what gets patched in IPv4 to allow this
bridging?
-Scott
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
2007 Apr 18
4
[Bridge] [PATCH/RFC] Let {ip, arp}tables "see" bridged VLAN tagged {I, AR}P packets
...))
{
- if (in->hard_start_xmit == br_dev_xmit &&
- okfn != br_nf_pre_routing_finish) {
+ if ((*pskb)->nf_bridge &&
+ !((*pskb)->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)) {
okfn(*pskb);
return NF_STOLEN;
}
@@ -552,10 +631,15 @@ static unsigned int ipv4_sabotage_out(un
const struct net_device *in, const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- if (out->hard_start_xmit == br_dev_xmit &&
+ if ((out->hard_start_xmit == br_dev_xmit &&
okfn != br_nf_forward_finish &&
okfn != br_nf_local_out_finish...