search for: nf_br_pre_routing

Hi, I found this block of code in br_dev_queue_xmit() @ br_forward.c, after applying 'netfilter' patch for 2.4.21 kernel Can someone explain what this block of code is doin? #ifdef CONFIG_NETFILTER if (skb->nf_bridge) memcpy(skb->data - 16, skb->nf_bridge->hh, 16); #endif 1. What is 16 bytes here...? Ethernet hdr is just 14 bytes 2. Why the ethernet

In the past when I said: ebtables -A INPUT -p 0x828 -j DROP !!DOES NOT WORK!! ebtables -A INPUT -p 0x800 -j DROP !!WORKS!! Group members told me that: > What you need to do is register your function > on the existing NF_BR_PRE_ROUTING hook, with a priority number lower than > that of the ebtables nat PREROUTING chain (prio=NF_BR_PRI_NAT_SRC). ebt INPUT | | ebt (PREROUTING)------Bridging-----ebt (FORWARD) I think my code is decapsulating (changing eth hdr) before INPUT chain is traversed. So, I am confused as...

...(here 0x828 is my protocol no. that encapsulates the IP data, like VLAN) ebtables -A INPUT -p 0x828 -j DROP BUT the following does work... ebtables -A INPUT -p 0x800 -j DROP So, ebtables is not seeing the frame before decapsulation. For that as Bart schuymer said I need to register my function on NF_BR_PRE_ROUTING with lower priority. I don't want any new filter table or extension modules. I only want the ability to do regular stuff like: ebtables -A INPUT -p 0x828 -j DROP So, do you think I still need to create a module.? or get away editing some stuff..? PS: OUTPUT and FORWARD chains work..I didn'...

...bridged_dnat: nf_bridge->mask |= BRNF_BRIDGED_DNAT; skb->dev = nf_bridge->physindev; clear_cb(skb); + if (skb->protocol == + __constant_htons(ETH_P_8021Q)) { + skb_push(skb, VLAN_HLEN); + skb->nh.raw -= VLAN_HLEN; + } NF_HOOK_THRESH(PF_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL, br_nf_pre_routing_finish_bridge, @@ -202,6 +225,10 @@ bridged_dnat: clear_cb(skb); skb->dev = nf_bridge->physindev; + if (skb->protocol == __constant_htons(ETH_P_8021Q)) { + skb_push(skb, VLAN_HLEN); + skb->nh.raw -= VLAN_HLEN;...