[Bridge] [PATCH] netfilter: Fix br_nf_pre_routing() in conjunction with bridge-nf-call-ip(6)tables=0

If net.bridge.bridge-nf-call-iptables or net.bridge.bridge-nf-call-ip6tables are set to zero xt_physdev has no effect because skb->nf_bridge has not been set up. Signed-off-by: Richard Weinberger --- net/bridge/br_netfilter.c | 31 +++ 1 files changed, 23 insertion

Re: [Bridge] [PATCH] netfilter: Fix br_nf_pre_routing() in conjunction with bridge-nf-call-ip(6)tables=0

On Tue, 3 Jan 2012 14:26:04 +0100 Richard Weinberger wrote: > If net.bridge.bridge-nf-call-iptables or net.bridge.bridge-nf-call-ip6tables > are set to zero xt_physdev has no effect because skb->nf_bridge has not been > set up. > > Signed-off-by: Richard Weinberger I am not sure if this is a

Re: [Bridge] [PATCH] netfilter: Fix br_nf_pre_routing() in conjunction with bridge-nf-call-ip(6)tables=0

Op 3/01/2012 18:42, Richard Weinberger schreef: Am 03.01.2012 17:15, schrieb Stephen Hemminger: On Tue, 3 Jan 2012 14:26:04 +0100 Richard Weinberger wrote: If net.bridge.bridge-nf-call-iptables or net.bridge.bridge-nf-call-ip6tables are set to zero xt_physdev has no effect because skb->nf_br

Re: [Bridge] [PATCH] netfilter: Fix br_nf_pre_routing() in conjunction with bridge-nf-call-ip(6)tables=0

Op 3/01/2012 21:29, Richard Weinberger schreef: Am 03.01.2012 21:15, schrieb Bart De Schuymer: The documentation is probably not explicit enough, but I would keep the behavior as it is now. Setting bridge-nf-call-iptables to 0 makes iptables behave as if bridge-netfilter was not enabled at compi

Re: [Bridge] [PATCH] netfilter: Fix br_nf_pre_routing() in conjunction with bridge-nf-call-ip(6)tables=0

Op 5/01/2012 0:13, Richard Weinberger schreef: Let's export brnf_call_iptables and brnf_call_ip6tables, such that physdev_mt_check() can notify the user that his iptables rule will have no effect. I don't want to introduce a runtime dependency between the iptables physdev module and the brid

Re: [Bridge] [PATCH] netfilter: Fix br_nf_pre_routing() in conjunction with bridge-nf-call-ip(6)tables=0

Am 03.01.2012 17:15, schrieb Stephen Hemminger: > On Tue, 3 Jan 2012 14:26:04 +0100 > Richard Weinberger wrote: > >> If net.bridge.bridge-nf-call-iptables or net.bridge.bridge-nf-call-ip6tables >> are set to zero xt_physdev has no effect because skb->nf_bridge has not been >> set up. >> >> Sign

Re: [Bridge] [PATCH] netfilter: Fix br_nf_pre_routing() in conjunction with bridge-nf-call-ip(6)tables=0

Am 03.01.2012 21:15, schrieb Bart De Schuymer: > The documentation is probably not explicit enough, but I would keep the > behavior as it is now. Setting bridge-nf-call-iptables to 0 makes > iptables behave as if bridge-netfilter was not enabled at compilation. > Anyway, your patch is almost certai

Re: [Bridge] [PATCH] netfilter: Fix br_nf_pre_routing() in conjunction with bridge-nf-call-ip(6)tables=0

Am 04.01.2012 18:55, schrieb Bart De Schuymer: > Op 3/01/2012 21:29, Richard Weinberger schreef: >> Am 03.01.2012 21:15, schrieb Bart De Schuymer: >>> The documentation is probably not explicit enough, but I would keep the >>> behavior as it is now. Setting bridge-nf-call-iptables to 0 makes >>> ip

Re: [Bridge] [PATCH] netfilter: Fix br_nf_pre_routing() in conjunction with bridge-nf-call-ip(6)tables=0

Am 05.01.2012 20:50, schrieb Bart De Schuymer: > Op 5/01/2012 0:13, Richard Weinberger schreef: >> >> Let's export brnf_call_iptables and brnf_call_ip6tables, such that >> physdev_mt_check() can notify the user that his iptables rule will have >> no effect. >> > > I don't want to introduce a runti