Re: bridge-netfilter patch - David S. Miller

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: "David S. Miller" <davem@redhat.com>
To: bart.de.schuymer@pandora.be
Cc: buytenh@math.leidenuniv.nl, linux-kernel@vger.kernel.org
Subject: Re: bridge-netfilter patch
Date: Mon, 16 Sep 2002 16:21:23 -0700 (PDT)	[thread overview]
Message-ID: <20020916.162123.116935622.davem@redhat.com> (raw)
In-Reply-To: <200209162341.17032.bart.de.schuymer@pandora.be>

   From: Bart De Schuymer <bart.de.schuymer@pandora.be>
   Date: Mon, 16 Sep 2002 23:41:17 +0200

   net/ipv4/ip_output.c:ip_fragment()
   In this function the copy of the Ethernet frame is added for each fragment (by 
   the br-nf patch).

'output' callback arg to ip_fragment() must generate correct hardware
headers when necessary.  This hack usage of it via netfilter, in this
weird bridging case, is violating this requirement.

Normally ip_finish_output2() is going to make this.

If it can't do the job properly, pass instead a routine that can do
what netfilter needs.

Lennert says:

   So if we postpone FORWARD and POST_ROUTING until after br_dev_xmit,
   we effectively reverse refragmentation and neighbor resolution.
   But refragmentation messes up the hardware header.

   The 16byte hardware header copy fixes this by copying to each
   fragment the hardware header that was tacked onto or was already
   present on the bigger packet.  It's ugly, I admit.  There's
   currently no better way though.

I don't understand why you can't add on the hardware header some other
way.

If ip_finish_output doesn't put the right hardware header on there,
you have to use as 'okfn' (what netfilter sends down as 'output' to
ip_fragment) some routine which will do it correctly.

next prev parent reply	other threads:[~2002-09-16 23:25 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-09-11 22:32 802.1q + device removal causing hang Simon Kirby
2002-09-11 22:31 ` David S. Miller
2002-09-12  6:36   ` [PATCH] ebtables - Ethernet bridge tables, for 2.5.34 Bart De Schuymer
2002-09-12 23:04     ` David S. Miller
2002-09-13  3:20       ` Bart De Schuymer
2002-09-13  4:29         ` David S. Miller
2002-09-13  6:12           ` Bart De Schuymer
2002-09-13  6:09             ` David S. Miller
2002-09-13 12:45               ` bridge-netfilter patch (was: Re: [PATCH] ebtables - Ethernet bridge tables, for 2.5.34) Lennert Buytenhek
2002-09-13 18:22                 ` bridge-netfilter patch David S. Miller
2002-09-14  7:05                   ` Bart De Schuymer
2002-09-16  3:35                     ` David S. Miller
2002-09-16 21:41                       ` Bart De Schuymer
2002-09-16 23:21                         ` David S. Miller [this message]
2002-09-17 19:10                           ` Bart De Schuymer
2002-09-17 19:35                             ` David S. Miller
2002-09-15 21:27                   ` Lennert Buytenhek
2002-09-16  6:50               ` [PATCH] ebtables - Ethernet bridge tables, for 2.5.35 Bart De Schuymer
2002-09-16 23:01                 ` David S. Miller
2002-10-14 18:05     ` [RFC] bridge-nf -- map IPv4 hooks onto bridge hooks, vs 2.5.42 Bart De Schuymer
2002-10-14 18:01       ` David S. Miller
2002-10-14 18:32         ` bert hubert
2002-10-14 18:58         ` Bart De Schuymer
2002-10-14 19:02           ` David S. Miller
2002-10-14 19:29             ` Bart De Schuymer
2002-10-14 19:26               ` David S. Miller
2002-10-20 22:20       ` [RFC] bridge-nf -- map IPv4 hooks onto bridge hooks, vs 2.5.44 Bart De Schuymer
2002-10-20 22:19         ` David S. Miller
2002-10-22 23:40         ` Bart De Schuymer
2002-10-25  6:01           ` [PATCH][RFC] bridge-nf -- map IPv4 hooks onto bridge hooks - try 3, " Bart De Schuymer
2002-10-25  6:22             ` [netfilter-core] " Harald Welte
2002-10-28 13:02             ` David S. Miller
     [not found]     ` <200210141953.38933.bart.de.schuymer@pandora.be>
2002-10-14 19:59       ` [RFC] place to put bridge-netfilter specific data in the skbuff Bart De Schuymer
2002-10-24  8:16         ` [netfilter-core] " Harald Welte
2002-10-24  8:15           ` David S. Miller
2002-10-24 12:22             ` Harald Welte
2002-09-12 23:49   ` 802.1q + device removal causing hang Simon Kirby
2002-09-12 23:53     ` David S. Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20020916.162123.116935622.davem@redhat.com \
    --to=davem@redhat.com \
    --cc=bart.de.schuymer@pandora.be \
    --cc=buytenh@math.leidenuniv.nl \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox