search for: ipv4_sabotage_out

...c+netfilter patches ? Without them, packets > are > | only seen encrypted in the OUTPUT chain. > | > Yes -- the ipsec+netfilter patches are applied. Here is the same test > with the bridge removed and the local ip address transfered to one of > the network cards: The problem is ipv4_sabotage_out in the briding code. It prevents the packet from hitting the LOCAL_OUT hook while it is still unencrypted. When it hits the bridging code and its LOCAL_OUT hook it's too late. Not sure how to handle it yet. Regards Patrick

Hiyas, Is there a patch for the 2.4.x series to do ip6tables bridging of IPv6 packets? I was unable to go to 2.6 due to issues with large packets so still living in 2.4 land. If there are no patches, any ideas on what gets patched in IPv4 to allow this bridging? -Scott __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages!

...)) { - if (in->hard_start_xmit == br_dev_xmit && - okfn != br_nf_pre_routing_finish) { + if ((*pskb)->nf_bridge && + !((*pskb)->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)) { okfn(*pskb); return NF_STOLEN; } @@ -552,10 +631,15 @@ static unsigned int ipv4_sabotage_out(un const struct net_device *in, const struct net_device *out, int (*okfn)(struct sk_buff *)) { - if (out->hard_start_xmit == br_dev_xmit && + if ((out->hard_start_xmit == br_dev_xmit && okfn != br_nf_forward_finish && okfn != br_nf_local_out_finish...