search for: nf_hooks

On Fri, 07 Jan 2005 17:05:59 +0000 David Woodhouse <dwmw2@infradead.org> wrote: > On Sat, 2004-12-18 at 08:50 +0100, Andi Kleen wrote: > > It's not really an oops, just a warning that stack space got quiet > > tight. > > > > The problem seems to be that the br netfilter code is nesting far too > > deeply and recursing several times. Looks like a design

...H(pf, hook, skb, indev, outdev, okfn, thresh) \ +({int __ret; \ +if ((__ret=nf_hook_slow(pf, hook, &(skb), indev, outdev, okfn, thresh)) == 1) \ + __ret = (okfn)(skb); \ +__ret;}) #else -#define NF_HOOK(pf, hook, skb, indev, outdev, okfn) \ -(list_empty(&nf_hooks[(pf)][(hook)]) \ - ? (okfn)(skb) \ - : nf_hook_slow((pf), (hook), (skb), (indev), (outdev), (okfn), INT_MIN)) -#define NF_HOOK_THRESH(pf, hook, skb, indev, outdev, okfn, thresh) \ -(list_empty(&nf_hooks[(pf)][(hook)]) \ - ? (okfn)(skb) \ - : nf_hook_slow((pf), (hook), (skb...

hi i have gone through the achieves but still could not get my bridge to suvive a reboot . please can anyone help me am using fedora core 2 -----Original message----- From: bridge-request@lists.osdl.org Date: Fri, 28 Jan 2005 03:08:06 +0100 To: bridge@lists.osdl.org Subject: Bridge Digest, Vol 17, Issue 25 > Send Bridge mailing list submissions to > bridge@lists.osdl.org > >

Hello all, My question: - - - - - - - Does anybody know when the reverse path filtering occurs as the packet traverses the kernel? Does it happen before NF_IP_PRE_ROUTING (PREROUTING) or not? Does it only happen at route selection time? What I have tried to do to find the answer: - - - - - - - - - - - - - - - - - - - - - - I find a posting (from many years ago) [0], which suggests that this

--Qz2CZ664xQdCRdPu Content-Type: multipart/mixed; boundary="BI5RvnYi6R4T2M87" Content-Disposition: inline --BI5RvnYi6R4T2M87 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! Unfortunately there is a very unpopular announcement to be made on this list: A netfilter security advisory. Phillipe Biondi has been

Hi all, The patch below does four trivial changes and one big change Trivial changes, these are all in br_netfilter.c: - check ar_pln==4 when giving bridged ARP packets to arptables - delete unnecessary if in br_nf_local_in - add more logging for the "Argh" message - add some brag-comments in the file head comment Big change: let {ip,arp}tables see VLAN tagged {I,AR}P packets. This

The hardware checksumming flags need to be cleared when forwarding packets. Bridging just needs to forward what ever checksum is in the existing skbuff, it doesn't want or need the packet to be resummed. Without this fix, forwarding between smart/dumb interfaces causes an oops. diff -Nru a/net/bridge/br_forward.c b/net/bridge/br_forward.c --- a/net/bridge/br_forward.c Mon Sep 8 09:29:44

same patch as 2.4, just the offsets are changed. diff -Nru a/net/bridge/br_forward.c b/net/bridge/br_forward.c --- a/net/bridge/br_forward.c Mon Sep 8 09:31:19 2003 +++ b/net/bridge/br_forward.c Mon Sep 8 09:31:19 2003 @@ -69,6 +69,7 @@ indev = skb->dev; skb->dev = to->dev; + skb->ip_summed = CHECKSUM_NONE; NF_HOOK(PF_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev,

Briefly what I am trying to achieve is using the HTB qdisc to handle traffic generated from userspace. To achieve this I create a standard Gold/Silver/Bronze configuration as follows; tc qdisc add dev eth0 root handle 1: htb default 12 tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbit tc class add dev eth0 parent 1:1 classid 1:10 htb rate 1mbit ceil 100mbit tc class add dev eth0

br_nf_forward_ip() { parent = bridge_parent(out); NF_HOOK(pf, NF_INET_FORWARD, skb, brnf_get_logical_dev(skb, in), parent, br_nf_forward_finish); } here, let us suppose pf = NFPROTO_IPV4, i think the return value of brnf_get_logical_dev(skb, in) equals parent ? its comment 'This is the 'purely bridged' case. For IP, we pass the packet to * netfilter with indev and outdev set to the

br_nf_forward_ip() { parent = bridge_parent(out); NF_HOOK(pf, NF_INET_FORWARD, skb, brnf_get_logical_dev(skb, in), parent, br_nf_forward_finish); } here, let us suppose pf = NFPROTO_IPV4, i think the return value of brnf_get_logical_dev(skb, in) equals parent ? its comment 'This is the 'purely bridged' case. For IP, we pass the packet to * netfilter with indev and outdev set to the

br_nf_forward_ip() { parent = bridge_parent(out); NF_HOOK(pf, NF_INET_FORWARD, skb, brnf_get_logical_dev(skb, in), parent, br_nf_forward_finish); } here, let us suppose pf = NFPROTO_IPV4, i think the return value of brnf_get_logical_dev(skb, in) equals parent ? its comment 'This is the 'purely bridged' case. For IP, we pass the packet to * netfilter with indev and outdev set to the

Probably, I''m not the first one who needs solve problem with p2p. Because, large part of my traffic is eaten by p2p software like KazAA, e-mule, Direct Connect etc, I''m looking for the way of detection of such traffic and marking it. However simple way with for instance 1214 port for KazAA doesn''t work because this software uses floating port technology. This traffic can

Hi, I have 2 servers which are connected to a gateway machine. The gateway and one server are running Linux 2.6.16.2, while the third machine is running 2.6.16.5. The two ethernet ports on the gateway which are connected to the servers are combined into a single ethernet bridge device. Ever since 2.6.16, I have noticed that I can no longer cross-mount the two servers' /home directories via

Hi, The attached patches enables the bridge to filter and forward packets according to their IEEE 802.1q headers. The goals behind this change include : - Enable running STP on 802.1q tagged networks. STP packets must be untagged. It isn't obvious how else to enable STP with the current bridge and vlan code. - Add native support for an untagged vlan. Currently an untagged vlan can