----- Original Message ----- From: "Lennert Buytenhek" <[EMAIL PROTECTED]> To: "Bart De Schuymer" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Sunday, December 09, 2001 3:14 PM Subject: Re: [Bridge] about brctl use.
> > Note that with the current bridge/iptables patch I believe brouting could > > stop working correctly. This is because the ip filtering code hooked on > > PRE_ROUTING (so e.g. NAT and connection tracking) will get executed twice. > > The first time by the bridge code. This is necessary to make NAT possible > > for bridged ip packets (so with the MAC destination address not one of the > > bridge's nics). This is executed before the bridge looks at the destination > > MAC address to see where the packet must go. The second time it gets > > executed is in the normal ip code, after the bridge has queued the packet in > > the receive buffer. > > Solving this problem will imply an ugly hack in the netfilter NF_HOOK() I > > think :-( > > If I understand correctly what you're talking about: this > implementation wart has been fixed in 0.0.4-pre (grep for > ipv4_sabotage_in). > Aha. I noticed the problem in 0.0.3 and didn't see it fixed at first glance in 0.0.4. Very nice solution! :-) cheers, Bart > > cheers, > Lennert _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
