From: Patrick McHardy <kaber@trash.net>
To: Bart De Schuymer <bdschuym@pandora.be>
Cc: "bdschuym@pandora.be" <bdschuym@telenet.be>,
ron lai <ronlai@cs.stanford.edu>,
netfilter@vger.kernel.org, netfilter-devel@vger.kernel.org
Subject: Re: Fw: Problems with nf_nat_ftp.ko and nf_conntrack_ftp.ko in 2.6.22.6
Date: Mon, 12 Nov 2007 07:00:22 +0100 [thread overview]
Message-ID: <4737EBF6.6000506@trash.net> (raw)
In-Reply-To: <1194478191.2983.7.camel@localhost.localdomain>
[-- Attachment #1: Type: text/plain, Size: 651 bytes --]
Bart De Schuymer wrote:
> Op wo, 07-11-2007 te 12:55 +0100, schreef Patrick McHardy:
>> Could you check the attached patch?
>
> Looks ok to me.
>
>> > Another solution I think is this:
>>> in br_nf_post_routing():
>>> change
>>> if (!nf_bridge)
>>> to
>>> if (!nf_bridge || !(nf_bridge->mask & BRNF_BRIDGED_DNAT))
>> Wouldn't that break the regular case of packets forwarded
>> through a single bridge?
>
> Hmm, yes, we'd need to or it with BRNF_BRIDGED. I personally prefer
> something like that, leaving the call to nf_bridge_put when the skbuff
> is removed. But it's your call :)
Both are fine with me. Does this patch look correct to you?
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 425 bytes --]
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index da22f90..ce68284 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -766,6 +766,9 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb,
if (!nf_bridge)
return NF_ACCEPT;
+ if (!nf_bridge->mask & (BRNF_BRIDGED | BRNF_BRIDGED_DNAT))
+ return NF_ACCEPT;
+
if (!realoutdev)
return NF_DROP;
next prev parent reply other threads:[~2007-11-12 6:00 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-07 11:44 Fw: Problems with nf_nat_ftp.ko and nf_conntrack_ftp.ko in 2.6.22.6 bdschuym@pandora.be
2007-11-07 11:44 ` bdschuym@pandora.be
2007-11-07 11:55 ` Patrick McHardy
2007-11-07 23:29 ` Bart De Schuymer
2007-11-12 6:00 ` Patrick McHardy [this message]
2007-11-12 7:35 ` Philip Craig
2007-11-12 7:39 ` Patrick McHardy
2007-11-08 2:16 ` Philip Craig
-- strict thread matches above, loose matches on Subject: below --
2007-11-12 7:30 bdschuym@pandora.be
2007-11-12 7:30 ` bdschuym@pandora.be
2007-11-01 21:16 Ron Lai
2007-11-01 21:16 ` Ron Lai
2007-11-05 11:03 ` Amin Azez
2007-11-05 16:36 ` ron lai
2007-11-05 16:36 ` ron lai
2007-11-06 10:14 ` Patrick McHardy
2007-11-06 13:19 ` ron lai
2007-11-06 13:19 ` ron lai
2007-11-06 13:24 ` Patrick McHardy
2007-11-06 13:50 ` ron lai
2007-11-06 13:50 ` ron lai
2007-11-06 14:05 ` Patrick McHardy
2007-11-06 15:17 ` Pascal Hambourg
2007-11-07 5:08 ` ron lai
2007-11-07 5:08 ` ron lai
2007-11-07 9:49 ` Patrick McHardy
2007-11-07 10:33 ` Patrick McHardy
2007-11-07 10:59 ` Pascal Hambourg
2007-11-07 11:37 ` Patrick McHardy
2007-11-07 15:17 ` ron lai
2007-11-07 15:17 ` ron lai
2007-11-07 23:19 ` Patrick McHardy
2007-11-07 23:54 ` Ron Lai
2007-11-07 23:54 ` Ron Lai
2007-11-08 9:03 ` Pascal Hambourg
2007-11-08 11:43 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4737EBF6.6000506@trash.net \
--to=kaber@trash.net \
--cc=bdschuym@pandora.be \
--cc=bdschuym@telenet.be \
--cc=netfilter-devel@vger.kernel.org \
--cc=netfilter@vger.kernel.org \
--cc=ronlai@cs.stanford.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.