I think the new mac ageing (sometime since 2.6.8.1) may be too aggressive.
Now it updates the table at a much later time, with a comment in the
code that leads me to believe
this is to prevent counting spoofed packets and a DOS.
My problem is that the update occurs after the netfilter hooks which may
do weird things to change the course of the packet so that it does not
get counted.
(in my case, redirecting, queueing to userspace, nonlocally bound
sockets, etc).
For me this causes packets to go spewing out on the wrong interface when
the timer expires.
I used the attached patch to revert back to the old method.
-Dirk
diff -urN linux-2.6.12.3/net/bridge/br_input.c linux-2.6.12.3-bridgefix/net/bridge/br_input.c
--- linux-2.6.12.3/net/bridge/br_input.c 2005-07-15 14:18:57.000000000 -0700
+++ linux-2.6.12.3-bridgefix/net/bridge/br_input.c 2005-07-25 23:19:30.903355408 -0700
@@ -111,7 +111,8 @@
if (!is_valid_ether_addr(eth_hdr(skb)->h_source))
goto err;
- if (p->state == BR_STATE_LEARNING)
+ if (p->state == BR_STATE_LEARNING ||
+ p->state == BR_STATE_FORWARDING)
br_fdb_update(p->br, p, eth_hdr(skb)->h_source);
if (p->br->stp_enabled &&
_______________________________________________
Bridge mailing list
[email protected]
https://lists.osdl.org/mailman/listinfo/bridge
