Hi. On Wed, Mar 11, 2009 at 11:29 AM, Nir Tzachar <nir.tzachar@xxxxxxxxx> wrote: > Hello. > > Thanks for your reply. > > On Tue, Mar 10, 2009 at 7:43 AM, Philip Craig <philipc@xxxxxxxxxxxx> wrote: >> Nir Tzachar wrote: >>>> The problem arises from the following code >>>> (net/ipv4/netfilter/ipt_REJECT.c line 221:) >>>> >>>> if (hook != NF_INET_FORWARD >>>> #ifdef CONFIG_BRIDGE_NETFILTER >>>> || (nskb->nf_bridge && nskb->nf_bridge->mask & BRNF_BRIDGED) >>>> #endif >>>> ) >>>> addr_type = RTN_LOCAL; >>>> >>>> but, as nskb was newly allocated just a few line back, the >>>> oldskb->nf_bridge was never copied, so nskb->nf_bridge is always NULL. >> >> Is there a reason you need to copy it into nskb, rather >> than just changing the test to check oldskb? >> >> I don't think ipv4 netfilter should be setting this field >> for new packets. The bridging code will do that if needed >> when it receives the packet. > > I agree. However, when I tried it (before setting the bridge argument > on the new skb), the kernel crashes. I do not exactly remember where, > but I think route_me_harder tries to dereference the nf_bridge > pointer. I may be entirely wrong, so I'll give it another check. I have checked the change you proposed (checking oldskb instead of nskb) , and indeed it works. Should I resubmit a patch for it? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
