Re: conntrack doesn't always work when a bridge is used

2007-12-20 Thread Damien Thébault
On Dec 19, 2007 8:03 PM, Patrick McHardy [EMAIL PROTECTED] wrote: Could you capture the conntrack events of the non-working case with (run in parallel): conntrack -E conntrack -E expect Sure, here it is : conntrack -E : [NEW] tcp 6 120 SYN_SENT src=192.168.1.5 dst=192.168.2.250

Re: conntrack doesn't always work when a bridge is used

2007-12-20 Thread Patrick McHardy
Damien Thébault wrote: On Dec 19, 2007 8:03 PM, Patrick McHardy [EMAIL PROTECTED] wrote: Could you capture the conntrack events of the non-working case with (run in parallel): conntrack -E conntrack -E expect Sure, here it is : That actually looks like it works properly. New control

Re: conntrack doesn't always work when a bridge is used

2007-12-20 Thread Damien Thébault
On Dec 20, 2007 11:06 AM, Patrick McHardy [EMAIL PROTECTED] wrote: That actually looks like it works properly. New control connection: [...] New expectation for data connection: [...] New data connection machting expectation, both source and destination properly NATed: [...] Data

Re: conntrack doesn't always work when a bridge is used

2007-12-20 Thread Damien Thébault
On Dec 20, 2007 12:07 PM, Patrick McHardy [EMAIL PROTECTED] wrote: Don't worry. I was just wondering because I asked for the output of the *non-working* case :) Please post that and I'll look into it. The fact is that this was the output of the non working case, they are similar. I'm

Re: conntrack doesn't always work when a bridge is used

2007-12-20 Thread Patrick McHardy
Damien Thébault wrote: On Dec 20, 2007 12:07 PM, Patrick McHardy [EMAIL PROTECTED] wrote: Don't worry. I was just wondering because I asked for the output of the *non-working* case :) Please post that and I'll look into it. The fact is that this was the output of the non working case, they

Re: conntrack doesn't always work when a bridge is used

2007-12-20 Thread Damien Thébault
On Dec 20, 2007 2:21 PM, Damien Thébault [EMAIL PROTECTED] wrote: I had sequence number errors without the previous bridge patch which get merged in net-2.6. So I'll try again with the net-2.6 kernel. Ok I tried and it's the same behaviour. Oh and last time I forgot to tell, but I'm not

RE: Multiple unicast MACs on the same interface

2007-12-20 Thread Jeff Haran
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Norman Baz Sent: Thursday, December 20, 2007 4:42 AM To: linux-net@vger.kernel.org Subject: Multiple unicast MACs on the same interface Hello, I'm working on a little security project in which

Re: Multiple unicast MACs on the same interface

2007-12-20 Thread Norman Baz
Are you sure your hardware will support this? Most of the MACs I've worked with will receive frames destined to a single station address and can be configured to hash the addresses of frames received with MAC multicast addresses and do a lookup of the hash in a bit table to determine