search for: schuymer

Tom Eastep wrote: > | Have you applied the ipsec+netfilter patches ? Without them, packets > are > | only seen encrypted in the OUTPUT chain. > | > Yes -- the ipsec+netfilter patches are applied. Here is the same test > with the bridge removed and the local ip address transfered to one of > the network cards: The problem is ipv4_sabotage_out in the briding code. It

Hi, I've been running RH 7.2 with a kernel-2.4.9-13brnf0.0.3 for a very long time and works just fine. A couple of weeks ago I thought I'd install a new fresh installation with rh9 and load the bridge module that comes with the rh kernel ( 2.4.20-24.9 ). The bridge itself works just fine but the firewalling dont. There is no packets passing the FORWARD chain... Have I missed something

Hello, I am running into a strange problem here. I wrote you a mail earlier also regarding this. 1. I am trying to run the bridge mode over Redhat 7.3 (kernel 2.4.18). I tried the latest version of brdige mode utility and also I tried version 0.94 as well. But whenever I run the brdige mode on this kernel - the kernel goes panic saying "aiee - killing interrupt handler". Now I am in a

-----Original Message----- >From: Tommy Christensen [mailto:tommy.christensen@tpack.net] >Sent: Wednesday, October 08, 2003 10:09 AM >To: Christian Darnell >Cc: 'Linux 802.1Q VLAN'; Bart De Schuymer; netdev@oss.sgi.com; bridge >Subject: Re: [Bridge] RE: [VLAN] Re: [PATCH/RFC] Let {ip, arp}tables >"see" bridged VLAN tagged{I,AR}P packets > > > >This is because the VLAN code is mangling shared data. >You need to do something like this: > > >--- linux-2.4/n...

> From: "Roy" <roy@xxx.lt> > > I want to set interface to promisc mode and do all routing with iptables. > Is it somehow possible? as I see now kernel do not pass everything to > ipables. > > Basicaly I want to ignore ethernet addess and use only ip for routing. > > I suppose this may require writting special kernel driver or it > is possible > in

...LEN; + dev_queue_xmit(skb); return 0; --- linux-2.6.0-test6/net/bridge/br_netfilter.c Sun Sep 28 02:51:07 2003 +++ linux-2.6.0-test6-new/net/bridge/br_netfilter.c Mon Oct 6 21:10:40 2003 @@ -4,7 +4,13 @@ * * Authors: * Lennert Buytenhek <buytenh@gnu.org> - * Bart De Schuymer <bdschuym@pandora.be> + * Bart De Schuymer (maintainer) <bdschuym@pandora.be> + * + * Changes: + * Apr 29 2003: physdev module support (bdschuym) + * Jun 19 2003: let arptables see bridged ARP traffic (bdschuym) + * Oct 06 2003: filter encapsulated IP/ARP VLAN traffic on untagged bridg...

...n on 'real' 64bit/64bit architectures [ Ryan Veety ] - libip6tc: fix ipv6_prefix_length endianness bugs [ Mikko Markus Torni ] - MASQUERADE target: don't accept negative port numbers [ Yasuyuki Kozakai ] - physdev match: fix new structure layout for kernel > 2.6.0-test8 [ Bart De Schuymer ] Changes from 1.2.8: - build plugins for connlimit, iprange, realm, CLASSIFY, CONNMARK, NETMAP [ Harald Welte ] - libip(6)tc: Speedup due to inceremental chain cache updates [ Harald Welte ] - recent match: Update to version 0.3.1 that was submitted to the kernel [ Stephen Frost ] - physdev m...

>-----Original Message----- >From: Ben Greear [mailto:greearb@candelatech.com] >Sent: Monday, October 06, 2003 10:24 PM >To: Bart De Schuymer >Cc: netdev@oss.sgi.com; vlan@wanfear.com; bridge >Subject: [VLAN] Re: [PATCH/RFC] Let {ip,arp}tables "see" bridged VLAN >tagged{I,AR}P packets > > >Bart De Schuymer wrote: >> - add some code in vlan_dev.c::vlan_dev_hard_start_xmit(): >> skb->protocol = __...

Hello, Due to a recent change in the bridge code, we now need a way of knowing if a packet has been defragmented. The bridge code now checks on the packet size and drops packets that are too big for the output port. Defragmented packets will get refragmented later, so they shouldn't be dropped. I've been reading the defragmentation code and can't find an easy way of knowing if a

Hi, I had successfully setup my bridge (br0) but after few minutes the br0 interface seems not working. ifconfig eth0 0.0.0.0 ifconfig eth5 0.0.0.0 brctl addbr br0 brctl addif br0 eth0 brctl addif br0 eth5 brctl stp br0 on I check on my system's /var/log/syslog file. It shows something strange messages as below: - Jan 2 10:44:22 fw01 kernel: ipt_tcpmss_target: bad length (64 bytes)

On Fri, 07 Jan 2005 17:05:59 +0000 David Woodhouse <dwmw2@infradead.org> wrote: > On Sat, 2004-12-18 at 08:50 +0100, Andi Kleen wrote: > > It's not really an oops, just a warning that stack space got quiet > > tight. > > > > The problem seems to be that the br netfilter code is nesting far too > > deeply and recursing several times. Looks like a design

Hi, [sorry for the crosspost, I don''t know whether this is a routing or ebtables problem] I want to redirect all HTTP traffic passing through my bridge to a squid proxy on another machine. However, setting up brouting as suggested in the ebtables examples doesn''t work and the packets get dropped on the floor completely. /\/\/\/\/\/\/\/\ +----------------------+

Hi, please Cc: all replies, I'm not subscribed I seem to have troubles with my Linux bridge (2.6.8-rc2), which is apparently not bridging UDP fragments (NFS) when passing packets through iptables, but I do not see in the iptables stats where the packets are dropped. Policies for INPUT, FORWARD, OUTPUT are all "ACCEPT", and I grepped for all REJECT and DROP rules in iptables -nvL,

I am planning to schedule a monthly XCP meeting for the community and am struggling with when to host the call. As we are a global community, there is no single optimal time to host the meeting. In an effort to support the most likely attendees, please send me your time zone if you plan to participate in these calls. I will track the most common time zones in an effort to maximize attendance. All

I am planning to schedule a monthly XCP meeting for the community and am struggling with when to host the call. As we are a global community, there is no single optimal time to host the meeting. In an effort to support the most likely attendees, please send me your time zone if you plan to participate in these calls. I will track the most common time zones in an effort to maximize attendance. All

Hi Dave, Please apply this compiler warning fix from Randy. Signed-off-by: Bart De Schuymer <bdschuym@telenet.be> Signed-off-by: Randy Dunlap <rddunlap@osdl.org> diff -Naurp ./net/bridge/netfilter/ebt_ulog.c~brnetf_types ./net/bridge/netfilter/ebt_ulog.c --- ./net/bridge/netfilter/ebt_ulog.c~brnetf_types 2005-01-10 10:38:40.531343592 -0800 +++ ./net/bridge/netfilter/ebt_ulog...

Hiyas, Is there a patch for the 2.4.x series to do ip6tables bridging of IPv6 packets? I was unable to go to 2.6 due to issues with large packets so still living in 2.4 land. If there are no patches, any ideas on what gets patched in IPv4 to allow this bridging? -Scott __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages!

...d to tell was: the following cmd DOES NOT WORK..(here 0x828 is my protocol no. that encapsulates the IP data, like VLAN) ebtables -A INPUT -p 0x828 -j DROP BUT the following does work... ebtables -A INPUT -p 0x800 -j DROP So, ebtables is not seeing the frame before decapsulation. For that as Bart schuymer said I need to register my function on NF_BR_PRE_ROUTING with lower priority. I don't want any new filter table or extension modules. I only want the ability to do regular stuff like: ebtables -A INPUT -p 0x828 -j DROP So, do you think I still need to create a module.? or get away editing some...

Hi, I found this block of code in br_dev_queue_xmit() @ br_forward.c, after applying 'netfilter' patch for 2.4.21 kernel Can someone explain what this block of code is doin? #ifdef CONFIG_NETFILTER if (skb->nf_bridge) memcpy(skb->data - 16, skb->nf_bridge->hh, 16); #endif 1. What is 16 bytes here...? Ethernet hdr is just 14 bytes 2. Why the ethernet

Hi, At http://sourceforge.net/projects/ebtables/ you can find the following new releases: ebtables-brnf-3-vs-2.4.22 Changes: - let iptables see VLAN tagged IP traffic - bugfix for queued packets that get mangled in userspace - ebt_among module (Grzegorz Borowiak) - ebt_limit module (Tom Marshall) The patch compiles but I've done no further tests, but I probably didn't screw up.