Displaying 15 results from an estimated 15 matches for "nf_hook".
2007 Apr 18
3
[Bridge] Re: do_IRQ: stack overflow: 872..
On Fri, 07 Jan 2005 17:05:59 +0000
David Woodhouse <dwmw2@infradead.org> wrote:
> On Sat, 2004-12-18 at 08:50 +0100, Andi Kleen wrote:
> > It's not really an oops, just a warning that stack space got quiet
> > tight.
> >
> > The problem seems to be that the br netfilter code is nesting far too
> > deeply and recursing several times. Looks like a design
2007 Apr 18
1
[Bridge] [PATCH/RFC] Reduce call chain length in netfilter (take 2)
Hi,
This is a second try to fix the long chain call lengths in netfilter.
The difference with the previous patch is that I got rid of the extra
argument. I somehow didn't see it could be done without using the 'int
*ret2' argument.
A comment on the number of arguments to nf_hook_slow: I don't think the
number of arguments should be decreased. For the bridge-nf code, f.e.,
the indev argument does not equal (*pskb)->dev (this is an answer to a
question of Rusty in the old thread).
A comment on the argument change of nf_hook_slow (sk_buff * to sk_buff
**) and the bad...
2007 Apr 18
1
[Bridge] bridge at start up
...voke2() gets a tail-call
> > >whereas invoke() does not. Hmmm...
> >
> > Apparently support for indirect tail-calls was added to gcc 3.4.
>
> Good data point.
>
> I've been trying to figure out ways to decrease the number of
> args that get sent to nf_hook_slow but this would require
> some API changes unfortunately.
>
> One idea goes like this, we create little descriptors of the form:
>
> struct nf_hook_desc {
> int (*okfn)(struct sk_buff *);
> int pf;
> int hook;
> };
>
> Then NF_HOOK*() callsites...
2004 Aug 09
1
rp_filter and fib_validate_source sequence in KPTD
...y, the functions are traversed in this
order (from most deeply nested first):
fib_validate_source()
ip_route_input_slow()
ip_route_input()
ip_rcv_finish()
ip_rcv()
It seems that ip_rcv() (in ip_input.c) calls the following, and I simply
do not understand what this means:
return NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, dev, NULL,
ip_rcv_finish);
I''m guessing that NF_IP_PRE_ROUTING (the PREROUTING hooks) are called
before ip_rcv_finish is called, which means that the rp_filter action
doesn''t occur until after the PREROUTING hooks.
Is this ac...
2002 May 08
0
Security Advisory
...-434,7 +450,8 @@
unsigned length,
struct ipcm_cookie *ipc,
struct rtable *rt,
- int flags)
+ int flags,
+ struct nf_ct_info *nfct)
{
unsigned int fraglen, maxfraglen, fragheaderlen;
int err;
@@ -599,6 +616,7 @@
=20
nfrags++;
=20
+ nfct_attach(skb, nfct);
err =3D NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL,=20
skb->dst->dev, output_maybe_reroute);
if (err) {
@@ -633,7 +651,8 @@
unsigned length,
struct ipcm_cookie *ipc,
struct rtable *rt,
- int flags)
+ int flags,
+ struct nf_ct_info *nfct)
{
int err;
struct sk_buff *s...
2007 Apr 18
4
[Bridge] [PATCH/RFC] Let {ip, arp}tables "see" bridged VLAN tagged {I, AR}P packets
...tos,
@@ -186,6 +204,11 @@ bridged_dnat:
nf_bridge->mask |= BRNF_BRIDGED_DNAT;
skb->dev = nf_bridge->physindev;
clear_cb(skb);
+ if (skb->protocol ==
+ __constant_htons(ETH_P_8021Q)) {
+ skb_push(skb, VLAN_HLEN);
+ skb->nh.raw -= VLAN_HLEN;
+ }
NF_HOOK_THRESH(PF_BRIDGE, NF_BR_PRE_ROUTING,
skb, skb->dev, NULL,
br_nf_pre_routing_finish_bridge,
@@ -202,6 +225,10 @@ bridged_dnat:
clear_cb(skb);
skb->dev = nf_bridge->physindev;
+ if (skb->protocol == __constant_htons(ETH_P_8021Q)) {
+ skb_push(skb, VLAN_HLE...
2007 Apr 18
0
[Bridge] [PATCH 2.4] clear hw checksum flags when bridging
...auses an oops.
diff -Nru a/net/bridge/br_forward.c b/net/bridge/br_forward.c
--- a/net/bridge/br_forward.c Mon Sep 8 09:29:44 2003
+++ b/net/bridge/br_forward.c Mon Sep 8 09:29:44 2003
@@ -59,6 +59,7 @@
indev = skb->dev;
skb->dev = to->dev;
+ skb->ip_summed = CHECKSUM_NONE;
NF_HOOK(PF_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev,
__br_forward_finish);
2007 Apr 18
1
[Bridge] [PATCH 2.6] clear hw checksum flags when bridging
...s are changed.
diff -Nru a/net/bridge/br_forward.c b/net/bridge/br_forward.c
--- a/net/bridge/br_forward.c Mon Sep 8 09:31:19 2003
+++ b/net/bridge/br_forward.c Mon Sep 8 09:31:19 2003
@@ -69,6 +69,7 @@
indev = skb->dev;
skb->dev = to->dev;
+ skb->ip_summed = CHECKSUM_NONE;
NF_HOOK(PF_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev,
br_forward_finish);
2004 Sep 09
0
Setting priority in userspace gets ignored
...ng is that
my application simply sets all of the outgoing data to a single priority.
And it is not set to the default :-)
I have tracked it down as far as the ip_queue_xmit function in
net/ipv4/ip_output.c.
There the skb->priority and the skb->sk field are correct however we go
through the NF_HOOK,
which is where I got lost.
There is no reason I can think of that a socket should lose any of it''s
options between these two
points in the code. Could someone who understands the intermediate code
let me know if this is a
problem with the code or with the way I am setting the option on...
2014 Apr 10
0
questions about ebtable ip extension
br_nf_forward_ip() {
parent = bridge_parent(out);
NF_HOOK(pf, NF_INET_FORWARD, skb, brnf_get_logical_dev(skb, in), parent, br_nf_forward_finish);
}
here, let us suppose pf = NFPROTO_IPV4, i think the return value of brnf_get_logical_dev(skb, in) equals parent ?
its comment 'This is the 'purely bridged' case. For IP, we pass the packet to
* n...
2014 Apr 10
0
questions about ebtable ip extension
br_nf_forward_ip() {
parent = bridge_parent(out);
NF_HOOK(pf, NF_INET_FORWARD, skb, brnf_get_logical_dev(skb, in), parent, br_nf_forward_finish);
}
here, let us suppose pf = NFPROTO_IPV4, i think the return value of brnf_get_logical_dev(skb, in) equals parent ?
its comment 'This is the 'purely bridged' case. For IP, we pass the packet to
* n...
2014 Apr 10
0
questions about ebtable ip extension
br_nf_forward_ip() {
parent = bridge_parent(out);
NF_HOOK(pf, NF_INET_FORWARD, skb, brnf_get_logical_dev(skb, in), parent, br_nf_forward_finish);
}
here, let us suppose pf = NFPROTO_IPV4, i think the return value of brnf_get_logical_dev(skb, in) equals parent ?
its comment 'This is the 'purely bridged' case. For IP, we pass the packet to
* n...
2003 Mar 25
29
Intelligent P2P detection
Probably, I''m not the first one who needs solve problem with p2p.
Because, large part of my traffic is eaten by p2p software like KazAA,
e-mule, Direct Connect etc, I''m looking for the way of detection of such
traffic and marking it. However simple way with for instance 1214 port
for KazAA doesn''t work because this software uses floating port
technology. This traffic can
2007 Apr 18
6
[Bridge] No UDP NFS over bridges in Linux 2.6.16.x?
Hi,
I have 2 servers which are connected to a gateway machine. The gateway and one server are running
Linux 2.6.16.2, while the third machine is running 2.6.16.5. The two ethernet ports on the gateway
which are connected to the servers are combined into a single ethernet bridge device.
Ever since 2.6.16, I have noticed that I can no longer cross-mount the two servers' /home
directories via
2007 Apr 18
5
[Bridge] RFC: [PATCH] bridge vlan integration
...ndev;
+ if (br_vlan_filter(skb, &br->vlan)) {
+ kfree_skb(skb);
+ return;
+ }
+
br->statistics.rx_packets++;
br->statistics.rx_bytes += skb->len;
indev = skb->dev;
skb->dev = br->dev;
+ if (br_vlan_output_frame(&skb, br->vlan.untagged))
+ return;
+
NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_IN, skb, indev, NULL,
netif_receive_skb);
}
@@ -136,6 +144,10 @@ int br_handle_frame(struct net_bridge_po
}
if (p->state == BR_STATE_FORWARDING || p->state == BR_STATE_LEARNING) {
+ if (br_vlan_input_frame(skb, &p->vlan)) {
+ return 1;
+ }
+
if (...