Hi,
While writing docs I noticed that IP forwarded packets will
traverse part of the PF_BRIDGE/LOCAL_OUT hook, and part of
the PF_BRIDGE/FORWARD hook. This seems bogus.
Considering that my inbox management qualities are rather
poor, there's little doubt in my mind that you had already
noticed this problem and mailed me about it. :-)
Could you give this patch a quick eyeball?
thanks,
Lennert
--- br_netfilter.c.3 Thu Apr 11 15:37:56 2002
+++ br_netfilter.c Thu Apr 11 15:41:31 2002
@@ -310,18 +310,10 @@
/* PF_BRIDGE/LOCAL_OUT ***********************************************/
-static int br_nf_local_out_finish_forward(struct sk_buff *skb)
-{
- NF_HOOK_THRESH(PF_BRIDGE, NF_BR_FORWARD, skb, skb->physindev,
- skb->dev, br_forward_finish, 1);
-
- return 0;
-}
-
static int br_nf_local_out_finish(struct sk_buff *skb)
{
- NF_HOOK_THRESH(PF_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
- br_forward_finish, 1);
+ NF_HOOK_THRESH(PF_BRIDGE, NF_BR_LOCAL_OUT, skb, skb->physindev,
+ skb->dev, br_forward_finish, 1);
return 0;
}
@@ -352,7 +344,6 @@
static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff **pskb, const
struct net_device *in, const struct net_device *out, int (*_okfn)(struct sk_buff *))
{
int hookno;
- int (*okfn)(struct sk_buff *);
struct net_device *realindev;
struct sk_buff *skb = *pskb;
@@ -368,16 +359,15 @@
skb->physoutdev = skb->dev;
hookno = NF_IP_LOCAL_OUT;
- okfn = br_nf_local_out_finish;
if ((realindev = skb->physindev) != NULL) {
hookno = NF_IP_FORWARD;
- okfn = br_nf_local_out_finish_forward;
if (has_bridge_parent(realindev))
realindev = bridge_parent(realindev);
}
NF_HOOK_THRESH(PF_INET, hookno, skb, realindev,
- bridge_parent(skb->dev), okfn,
+ bridge_parent(skb->dev),
+ br_nf_local_out_finish,
NF_IP_PRI_BRIDGE_SABOTAGE + 1);
return NF_STOLEN;
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
