Displaying 2 results from an estimated 2 matches for "nf_br_local_out".
2007 Apr 18
0
[Bridge] Netfilter hooks
Pardon me if this a little off-topic, I don't know where else to post
this question.
We are trying to add encryption support at layer II. Decrypting-hook on
NF_BR_LOCAL_IN and encrypting-hook at NF_BR_LOCAL_OUT. But, this is
breaking iptables pre-routing chain (Now I am not able to do
port-forwarding). Any ideas?
Thanks,
-Raj
2007 Apr 18
4
[Bridge] [PATCH/RFC] Let {ip, arp}tables "see" bridged VLAN tagged {I, AR}P packets
...NF_ACCEPT;
+ }
*d = (struct net_device *)in;
NF_HOOK(NF_ARP, NF_ARP_FORWARD, skb, (struct net_device *)in,
(struct net_device *)out, br_nf_forward_finish);
@@ -381,6 +430,10 @@ static int br_nf_local_out_finish(struct
#ifdef CONFIG_NETFILTER_DEBUG
skb->nf_debug &= ~(1 << NF_BR_LOCAL_OUT);
#endif
+ if (skb->protocol == __constant_htons(ETH_P_8021Q)) {
+ skb_push(skb, VLAN_HLEN);
+ skb->nh.raw -= VLAN_HLEN;
+ }
NF_HOOK_THRESH(PF_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
br_forward_finish, NF_BR_PRI_FIRST + 1);
@@ -419,8 +472,9 @@ static unsigned int br_nf_loc...