Jan Engelhardt wrote:
On Wednesday 2008-04-02 13:06, Patrick McHardy wrote:
The router is my ISP's internet router, which I do not
control. But I doubt the router is doing anything wrong
though. The weirdness is more on the Linux side..
Sure, for full transparency the packets should ideally use
the original source MAC address. I'll see if I can come
up with a patch for this.
The problem is an interesting one. REJECT itself does not fill
in the MAC address, and probably should not try (there is more
than just Ethernet). Yet the routing code is so deeply buried
that drawing a seam through the entire call chain seems intrusive.
</random thoughts>
One way is to have REJECT specifically handle the bridging case
by setting up an appropriate skb->nf_bridge struct, which will
make the bridging code fill in the correct MAC address. For
REJECT this would be borderline OK, but icmp_send really shouldn't
care about this, so a generic method would be preferrable.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
