Re: [Bridge] Make 2.4.7 bridge-netfilter work

Wed, 29 Aug 2001 14:02:45 -0700 

Hello,

----- Original Message -----
From: "Drew Einhorn" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 29, 2001 8:17 PM
Subject: [Bridge] Make 2.4.7 bridge-netfilter work


> >     1.patch 2.4.7 kernel with
> >
>
http://users.pandora.be/bart.de.schuymer/brepf/patch-fix/bridge-nf-20010801-
against-2.4.6-3.diff
>
> >
> >
>
http://users.pandora.be/bart.de.schuymer/brepf/development/ebtables-20010801
-against-2.4.6.diff
>
> >
> > I think if you only want a ip firewall,perhaps the second patch is not
> needed.but I have
> > used it.
> >
>
> Just did the first on.  Seemed to work just fine.
>
> >     2.change the code as Lennert advised.
> >
> >    In net/ipv4/netfilter/ip_conntrack_standalone.c, try
> > replacing the check
> >
> >       if ((*pskb)->len > rt->u.dst.pmtu) {
> >
> > by
> >
> >       if (rt != NULL && (*pskb)->len > rt->u.dst.pmtu) {
> >
>
> Did that, no problem
>
> >     3.use the cleanup skb->data handling  patch posted by  Lennert
> >
> >
> http://www.math.leidenuniv.nl/pipermail/bridge/2001-August/000591.html
> >
>
> But this patch didn't work at all against 2.4.7.  Is there something
> wrong with the instructions
> or is it me?

No, it's not you :-)
Didn't work with me either. You have to manually update the source files:
(looking at the patch itself could give you enough clues)
in net/bridge/br_device.c
search for 'dest = skb->data;'
and replace that line by these 2 lines:
'dest = skb->mac.raw = skb->data;'
'skb_pull(skb, ETH_HLEN);'
(obviously without the ')

same kind of thing for net/bridge/br_forward.c and net/bridge/br_input.c
A bit complicated to tell it all in detail, the patch file itself should
make it clear what to do where.
a '-' in a patch file always means the line has to be deleted
a '+' means the line has to be added. There are always some lines of the
original file included to make clear where they have to be added...

I don't know why the patch doesn't work (and don't really care), but if you
do the obvious deletes and adds it should be ok.
As Lennert stated in that mail the patch will probably be in one of the
coming new kernel releases, so soon this won't be necessary anymore...

cheers,
Bart
>
> >
> >     Then it will work.I have tested conntract_ftp. it did work.
> >
>
> _______________________________________________
> Bridge mailing list
> [EMAIL PROTECTED]
> http://www.math.leidenuniv.nl/mailman/listinfo/bridge
>

_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge

Reply via email to