----- Original Message ----- From: "Lennert Buytenhek" <[EMAIL PROTECTED]> Sent: Friday, April 05, 2002 11:45 AM Subject: Re: [Bridge] DNAT'ing
> To cover these cases, two tests are needed. > > 1. If the function ip_route_input returns success, it means > that #2 was the case, and we have to overwrite the destination > ethernet address with our own address and pass the packet > up the stack to have it routed. > > 2. If not, #1 was the case. We call ip_route_output to > attach a needed dst_entry structure to the packet and we > send the packet out. Aha, now I get it :-) Never did quite understand br_nf_pre_routing_finish. > What I did not consider was the case where IP forwarding is > disabled. In that case, ip_route_input will fail, not for the > reason that the new destination IP address is in the same bridge > port group, but for the reason because the IP stack notices > that this packet would have to be forwarded, and it refuses to > do so. > > I'm not totally sure what the best way is, but I guess I should > turn the 'crash now' into a 'drop packet and write a message > to the system log'. > > Ideas? I agree. The cause for this problem is not a kernel bug, it's the forgetful/unknowing nature of the user. You could write a message stating that he maybe should turn on ip_forward. cheers, Bart _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
