search for: nf_bridge

...vlan_dev_hard_start_xmit_p, because br_netfilter.c needs to know the address of vlan_dev_hard_start_xmit(). When the local machine sends a packet through br0.1000, we need to allow filtering in LOCAL_OUT/FILTER on the bridge out port, so we need to be able to postpone the iptables filtering. - add nf_bridge->netoutdev for vlan. When the local machine sends a packet through br0.1000, iptables -o br0.1000 should match instead of iptables -o br0. In the bridge code, it is not known that the out device was br0.1000, so we need to save this info in nf_bridge->netoutdev. - change nf_bridge->hh size...

Hi, I found this block of code in br_dev_queue_xmit() @ br_forward.c, after applying 'netfilter' patch for 2.4.21 kernel Can someone explain what this block of code is doin? #ifdef CONFIG_NETFILTER if (skb->nf_bridge) memcpy(skb->data - 16, skb->nf_bridge->hh, 16); #endif 1. What is 16 bytes here...? Ethernet hdr is just 14 bytes 2. Why the ethernet hdr is being overwritten with nf_bridge->hh? what is there in nf_bridge->hh? and when is nf_bridge is actually assigned this content...

...+unlock: rcu_read_unlock(); return ret; } --- linux-2.6.11-rc3/net/bridge/br_netfilter.c.old 2005-02-12 13:48:22.000000000 +0100 +++ linux-2.6.11-rc3/net/bridge/br_netfilter.c 2005-02-12 17:04:45.000000000 +0100 @@ -829,8 +829,7 @@ static unsigned int ip_sabotage_in(unsig { if ((*pskb)->nf_bridge && !((*pskb)->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)) { - okfn(*pskb); - return NF_STOLEN; + return NF_STOP; } return NF_ACCEPT; @@ -891,8 +890,7 @@ static unsigned int ip_sabotage_out(unsi if (out->priv_flags & IFF_802_1Q_VLAN) nf_bridge->net...

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=479 ------- Additional Comments From kaber@trash.net 2006-05-22 14:42 MET ------- It is not entirely clear what you are trying to show with that LOG line. How is the traffic flowing, what do you expect? And why is it visible in plaintext on the br0 device? Please also include your kernel version. -- Configure bugmail:

On Fri, 07 Jan 2005 17:05:59 +0000 David Woodhouse <dwmw2@infradead.org> wrote: > On Sat, 2004-12-18 at 08:50 +0100, Andi Kleen wrote: > > It's not really an oops, just a warning that stack space got quiet > > tight. > > > > The problem seems to be that the br netfilter code is nesting far too > > deeply and recursing several times. Looks like a design

...lan.o + obj-$(CONFIG_BRIDGE_NF_EBTABLES) += netfilter/ Index: wireless-dev/net/core/skbuff.c =================================================================== --- wireless-dev.orig/net/core/skbuff.c +++ wireless-dev/net/core/skbuff.c @@ -486,6 +486,9 @@ struct sk_buff *skb_clone(struct sk_buff nf_bridge_get(skb->nf_bridge); #endif #endif /*CONFIG_NETFILTER*/ +#ifdef CONFIG_BRIDGE_VLAN + C(vlan); +#endif #ifdef CONFIG_NET_SCHED C(tc_index); #ifdef CONFIG_NET_CLS_ACT @@ -550,6 +553,9 @@ static void copy_skb_header(struct sk_bu nf_bridge_get(old->nf_bridge); #endif #endif +#ifdef CONF...

Hi, I have 2 servers which are connected to a gateway machine. The gateway and one server are running Linux 2.6.16.2, while the third machine is running 2.6.16.5. The two ethernet ports on the gateway which are connected to the servers are combined into a single ethernet bridge device. Ever since 2.6.16, I have noticed that I can no longer cross-mount the two servers' /home directories via