From: Patrick McHardy <kaber@trash.net>
To: Bart De Schuymer <bdschuym@pandora.be>
Cc: Netfilter Developer Mailing List <netfilter-devel@vger.kernel.org>
Subject: Re: [PATCH][BRIDGE-NETFILTER] fix REJECT for bridged traffic
Date: Fri, 06 Nov 2009 18:36:17 +0100 [thread overview]
Message-ID: <4AF45E91.9050203@trash.net> (raw)
In-Reply-To: <4AF45DFB.3070606@pandora.be>
Bart De Schuymer wrote:
> Patrick McHardy schreef:
>> Yes, we need to save it at some point. My idea was that we might be able
>> to save it in PREROUTING instead of POSTROUTING and only do
>>
>> nskb->nf_bridge = nf_bridge_get(oskb->nf_bridge)
>>
>> in ipt_REJECT and probably also the ICMP code. MAC NAT could be handled
>> by updating the bridge info simultaneously.
>>
>>
> The code creates a new skbuf and the correct source MAC address is lost
> if you don't attach it to the skbuf at that time.
That's what I'm doing above.
> How will you know in
> PREROUTING what SMAC to use if you didn't save it when you created the
> skbuf?
I'm not sure I understand what you're getting at. The above
line of code would do exactly that, attach the nf_bridge
data from the original packet to the newly created one.
But for this to work we need to make sure its valid in all
hooks, hence my suggestion to save it in PREROUTING instead
of POSTROUTING.
next prev parent reply other threads:[~2009-11-06 17:36 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-04 19:05 [PATCH][BRIDGE-NETFILTER] fix REJECT for bridged traffic Bart De Schuymer
2009-11-05 14:32 ` Patrick McHardy
2009-11-05 19:19 ` Bart De Schuymer
2009-11-06 16:03 ` Patrick McHardy
2009-11-06 17:33 ` Bart De Schuymer
2009-11-06 17:36 ` Patrick McHardy [this message]
2009-11-06 17:45 ` Patrick McHardy
2009-11-06 17:46 ` Patrick McHardy
2009-11-06 17:46 ` Patrick McHardy
2009-11-06 18:21 ` Bart De Schuymer
2009-11-06 18:30 ` Patrick McHardy
2009-11-06 19:51 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AF45E91.9050203@trash.net \
--to=kaber@trash.net \
--cc=bdschuym@pandora.be \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.