search for: rajashekhar

Hi, I found this block of code in br_dev_queue_xmit() @ br_forward.c, after applying 'netfilter' patch for 2.4.21 kernel Can someone explain what this block of code is doin? #ifdef CONFIG_NETFILTER if (skb->nf_bridge) memcpy(skb->data - 16, skb->nf_bridge->hh, 16); #endif 1. What is 16 bytes here...? Ethernet hdr is just 14 bytes 2. Why the ethernet

Pardon me if this a little off-topic, I don't know where else to post this question. We are trying to add encryption support at layer II. Decrypting-hook on NF_BR_LOCAL_IN and encrypting-hook at NF_BR_LOCAL_OUT. But, this is breaking iptables pre-routing chain (Now I am not able to do port-forwarding). Any ideas? Thanks, -Raj

In the past when I said: ebtables -A INPUT -p 0x828 -j DROP !!DOES NOT WORK!! ebtables -A INPUT -p 0x800 -j DROP !!WORKS!! Group members told me that: > What you need to do is register your function > on the existing NF_BR_PRE_ROUTING hook, with a priority number lower than > that of the ebtables nat PREROUTING chain (prio=NF_BR_PRI_NAT_SRC). ebt INPUT | | ebt

Hi Stephen, Thanks for your prompt response. What I wanted to tell was: the following cmd DOES NOT WORK..(here 0x828 is my protocol no. that encapsulates the IP data, like VLAN) ebtables -A INPUT -p 0x828 -j DROP BUT the following does work... ebtables -A INPUT -p 0x800 -j DROP So, ebtables is not seeing the frame before decapsulation. For that as Bart schuymer said I need to register my