Hello. Thanks for your reply. On Tue, Mar 10, 2009 at 7:43 AM, Philip Craig <philipc@xxxxxxxxxxxx> wrote: > Nir Tzachar wrote: >>> The problem arises from the following code >>> (net/ipv4/netfilter/ipt_REJECT.c line 221:) >>> >>> if (hook != NF_INET_FORWARD >>> #ifdef CONFIG_BRIDGE_NETFILTER >>> || (nskb->nf_bridge && nskb->nf_bridge->mask & BRNF_BRIDGED) >>> #endif >>> ) >>> addr_type = RTN_LOCAL; >>> >>> but, as nskb was newly allocated just a few line back, the >>> oldskb->nf_bridge was never copied, so nskb->nf_bridge is always NULL. > > Is there a reason you need to copy it into nskb, rather > than just changing the test to check oldskb? > > I don't think ipv4 netfilter should be setting this field > for new packets. The bridging code will do that if needed > when it receives the packet. I agree. However, when I tried it (before setting the bridge argument on the new skb), the kernel crashes. I do not exactly remember where, but I think route_me_harder tries to dereference the nf_bridge pointer. I may be entirely wrong, so I'll give it another check. Cheers. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
