similar to: [Bridge] Security question

Hi bridge list: Bart de Schuymer suggested that this question might be better placed on this list rather than in the ebtables area. So here it is : ================================================================= Hi listers: I am a relative Penquin Newcomer, and I am (therefore?) encountering problems trying to setup a simple bridge/firewall between two vlans sharing portions of the same

Hi, I tried sending this earlier, but it didn't come through. Apologies if this appers twice on the list. I'm running bridging using the brouter setup described on this page: http://ebtables.sourceforge.net/examples.html "Making a brouter". The setup described there is like this: ifconfig br0 0.0.0.0 ifconfig eth0 172.16.1.1 netmask 255.255.255.0 ifconfig eth1 172.16.2.1

From: "GONG, Ruiqi" <gongruiqi1 at huawei.com> [ Upstream commit a7ed3465daa240bdf01a5420f64336fee879c09d ] When compiling with gcc 13 and CONFIG_FORTIFY_SOURCE=y, the following warning appears: In function ?fortify_memcpy_chk?, inlined from ?size_entry_mwt? at net/bridge/netfilter/ebtables.c:2118:2: ./include/linux/fortify-string.h:592:25: error: call to

From: "GONG, Ruiqi" <gongruiqi1 at huawei.com> [ Upstream commit a7ed3465daa240bdf01a5420f64336fee879c09d ] When compiling with gcc 13 and CONFIG_FORTIFY_SOURCE=y, the following warning appears: In function ?fortify_memcpy_chk?, inlined from ?size_entry_mwt? at net/bridge/netfilter/ebtables.c:2118:2: ./include/linux/fortify-string.h:592:25: error: call to

From: "GONG, Ruiqi" <gongruiqi1 at huawei.com> [ Upstream commit a7ed3465daa240bdf01a5420f64336fee879c09d ] When compiling with gcc 13 and CONFIG_FORTIFY_SOURCE=y, the following warning appears: In function ?fortify_memcpy_chk?, inlined from ?size_entry_mwt? at net/bridge/netfilter/ebtables.c:2118:2: ./include/linux/fortify-string.h:592:25: error: call to

From: "GONG, Ruiqi" <gongruiqi1 at huawei.com> [ Upstream commit a7ed3465daa240bdf01a5420f64336fee879c09d ] When compiling with gcc 13 and CONFIG_FORTIFY_SOURCE=y, the following warning appears: In function ?fortify_memcpy_chk?, inlined from ?size_entry_mwt? at net/bridge/netfilter/ebtables.c:2118:2: ./include/linux/fortify-string.h:592:25: error: call to

From: "GONG, Ruiqi" <gongruiqi1 at huawei.com> [ Upstream commit a7ed3465daa240bdf01a5420f64336fee879c09d ] When compiling with gcc 13 and CONFIG_FORTIFY_SOURCE=y, the following warning appears: In function ?fortify_memcpy_chk?, inlined from ?size_entry_mwt? at net/bridge/netfilter/ebtables.c:2118:2: ./include/linux/fortify-string.h:592:25: error: call to

From: "GONG, Ruiqi" <gongruiqi1 at huawei.com> [ Upstream commit a7ed3465daa240bdf01a5420f64336fee879c09d ] When compiling with gcc 13 and CONFIG_FORTIFY_SOURCE=y, the following warning appears: In function ?fortify_memcpy_chk?, inlined from ?size_entry_mwt? at net/bridge/netfilter/ebtables.c:2118:2: ./include/linux/fortify-string.h:592:25: error: call to

An earlier variant of your patch was applied already, included below. You'll need to submit the newer parts relative to the current tree. diff-tree 7ad4d2f6901437ba4717a26d395a73ea362d25c6 (from b8282dcf0417bbc8a0786c129fdff9cc768f8f3c) Author: Jayachandran C <c.jayachandran@gmail.com> Date: Tue Apr 11 17:25:38 2006 -0700 [BRIDGE] ebtables: fix allocation in

From: "GONG, Ruiqi" <gongruiqi1 at huawei.com> When compiling with gcc 13 and CONFIG_FORTIFY_SOURCE=y, the following warning appears: In function ?fortify_memcpy_chk?, inlined from ?size_entry_mwt? at net/bridge/netfilter/ebtables.c:2118:2: ./include/linux/fortify-string.h:592:25: error: call to ?__read_overflow2_field? declared with attribute warning: detected read beyond

Hello, I'm having a problem getting two (working) NICs enslaved to a bridge to both work in the bridge. The setup is just for testing and looks like this: (NETWORK)-------|bridge|---------|test PC| I'm building a bridge from an old Dell Optiplex GX1 desktop. Using kernel-2.6.9-gentoo-r4, with bridging and ebtables compiled into the kernel; the two PCI NICs are Intel, and the e100

On Monday 29 September 2003 20:44, DarthPeter wrote: > Hi everyone, Hello, I'm CC-ing the bridge mailing list since there are more people on that one and they might be able to shed more light. > We are trying to build a powerful firewall that could handle > several hundred megabits of traffic and we are running into a problem > with it. We'd like to be able to accomplish

Hi, I'm relatively new to linux world.I'm just trying to setup a bridge firewall between a router and LAN. I've installed Red Hat Linux 9.0 - 2.4.20-8 from installation CDs and upgraded to 2.4.25 successfully. I've patched my kernel to support bridge firewall also loaded ebtables module,so far so good.Now I tried to create a bridge using the code given in the following link

Hello I'm iCAROS7 and my syzkaller hit vmalloc-OOB in net/bridge/netfilter/ebtables.c:1168 I not sure about that and related bridge. But report for just-in-case. I attached C reproducer and syzkaller report. Thank you for your deication. >From iCAROS7. <Information of my syzkaller system> CPU: Intel i7-12700K OS: Kubuntu 22.04.1 LTS (amd64) Kernel: 5.18.19-051819-generic Syzkaller

Hello all, I am new to Linux Ethernet bridging. Let me first start with what I am trying to achieve. Well you see - I am attempting to have 2 main firewall running at the same time - one as a master and the other one as a slave. Yes, I would like to make use of Ethernet bridging in this scenario - as I understand it, all I need are two machines and STP enabled. I am running Debian

Hello, I have an issue with ebtables --arp-opcode and vlan support on the bridge. Ebtables support --arp-opcode witch is used for arp manipulation. ebtables -t nat -A PREROUTING -p arp --arp-opcode Request -j arpreply --arpreply-mac 10:11:12:13:14:15 --arpreply-target ACCEPT -i eth1 But it does not work when Ethernet frame comes tag with vlan pid. Can i overcome this limitation? Fanks

In the past when I said: ebtables -A INPUT -p 0x828 -j DROP !!DOES NOT WORK!! ebtables -A INPUT -p 0x800 -j DROP !!WORKS!! Group members told me that: > What you need to do is register your function > on the existing NF_BR_PRE_ROUTING hook, with a priority number lower than > that of the ebtables nat PREROUTING chain (prio=NF_BR_PRI_NAT_SRC). ebt INPUT | | ebt

Hi Rahul, If you're certain that your problem isn't as Stephen suggested, you might want to have a look at this: --- (From http://ebtables.sourceforge.net/brnf-faq.html <http://ebtables.sourceforge.net/brnf-faq.html> ) How do I let vlan-tagged traffic go through a vlan bridge port and the other traffic through a non-vlan bridge port? Suppose eth0 and eth0.15 are ports of br0.

Hi, All: I am tring to use STP function on bridge device that refer the BRIDGE-STP-HOWTO. And I use PING program to test it from PC1 to PC2. But the forward function is become too long when bridge topology change. How can I tuning the STP to make client connect to another again faster? I have been use follow command. But it seen not this issue. Bcause, if I run " arp -d " on

Hello, I'm trying to use bridging in our servers and found a problem with dhcp. Some clients manage to get an IP from the server, using DHCPDISCOVER/DHCPREQUEST. However others use BOOTREQUEST and these don't seem to get an answer. The server sends a BOOTREPLY but the clients continue to send BOOTREQUEST for ever. There are also some (occasional) messages from the dhcp server like