similar to: [Bridge] bridge netfilter question

Hi all, The patch below does four trivial changes and one big change Trivial changes, these are all in br_netfilter.c: - check ar_pln==4 when giving bridged ARP packets to arptables - delete unnecessary if in br_nf_local_in - add more logging for the "Argh" message - add some brag-comments in the file head comment Big change: let {ip,arp}tables see VLAN tagged {I,AR}P packets. This

Hi, This is a second try to fix the long chain call lengths in netfilter. The difference with the previous patch is that I got rid of the extra argument. I somehow didn't see it could be done without using the 'int *ret2' argument. A comment on the number of arguments to nf_hook_slow: I don't think the number of arguments should be decreased. For the bridge-nf code, f.e., the

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=479 ------- Additional Comments From kaber@trash.net 2006-05-22 14:42 MET ------- It is not entirely clear what you are trying to show with that LOG line. How is the traffic flowing, what do you expect? And why is it visible in plaintext on the br0 device? Please also include your kernel version. -- Configure bugmail:

On Fri, 07 Jan 2005 17:05:59 +0000 David Woodhouse <dwmw2@infradead.org> wrote: > On Sat, 2004-12-18 at 08:50 +0100, Andi Kleen wrote: > > It's not really an oops, just a warning that stack space got quiet > > tight. > > > > The problem seems to be that the br netfilter code is nesting far too > > deeply and recursing several times. Looks like a design

Hi, The attached patches enables the bridge to filter and forward packets according to their IEEE 802.1q headers. The goals behind this change include : - Enable running STP on 802.1q tagged networks. STP packets must be untagged. It isn't obvious how else to enable STP with the current bridge and vlan code. - Add native support for an untagged vlan. Currently an untagged vlan can

In the past when I said: ebtables -A INPUT -p 0x828 -j DROP !!DOES NOT WORK!! ebtables -A INPUT -p 0x800 -j DROP !!WORKS!! Group members told me that: > What you need to do is register your function > on the existing NF_BR_PRE_ROUTING hook, with a priority number lower than > that of the ebtables nat PREROUTING chain (prio=NF_BR_PRI_NAT_SRC). ebt INPUT | | ebt

Hi, I have 2 servers which are connected to a gateway machine. The gateway and one server are running Linux 2.6.16.2, while the third machine is running 2.6.16.5. The two ethernet ports on the gateway which are connected to the servers are combined into a single ethernet bridge device. Ever since 2.6.16, I have noticed that I can no longer cross-mount the two servers' /home directories via

Hi Stephen, Thanks for your prompt response. What I wanted to tell was: the following cmd DOES NOT WORK..(here 0x828 is my protocol no. that encapsulates the IP data, like VLAN) ebtables -A INPUT -p 0x828 -j DROP BUT the following does work... ebtables -A INPUT -p 0x800 -j DROP So, ebtables is not seeing the frame before decapsulation. For that as Bart schuymer said I need to register my