On Tuesday 2008-03-25 14:49, Patrick McHardy wrote:
Greg Scott wrote:
It could be something in the order of execution changed. I'm using
RedHat kernels right now and I know they tweak the kernels a little bit.
But surely the RedHat guys would not change something this fundamental?
No, that was us :) Bridge-netfilter used to defer the IPv4 OUTPUT
Do you have the commit id at hand? Was it
2bf540b73ed5b304e84bb4d4c390d49d1cfa0ef8?
and POSTROUTING hook until the outgoing bridge port was determined
by the bridge code. This "feature" was removed because it broke
all kinds of things, now the order matches the layering and IPv4
hooks are always processed entirely before bridging.
Now the order is .. non-consistent.
On a pure bridge forward (-i br -o br), as I have determined,
ebtables-nat-POSTROUTING comes _before_ the IPv4 hooks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
