Patrick McHardy schreef:
Patrick McHardy wrote:
Bart De Schuymer wrote:
Patrick McHardy schreef:
Yes, we need to save it at some point. My idea was that we might be able
to save it in PREROUTING instead of POSTROUTING and only do
nskb->nf_bridge = nf_bridge_get(oskb->nf_bridge)
in ipt_REJECT and probably also the ICMP code. MAC NAT could be handled
by updating the bridge info simultaneously.
The code creates a new skbuf and the correct source MAC address is lost
if you don't attach it to the skbuf at that time.
That's what I'm doing above.
How will you know in
PREROUTING what SMAC to use if you didn't save it when you created the
skbuf?
I'm not sure I understand what you're getting at. The above
line of code would do exactly that, attach the nf_bridge
data from the original packet to the newly created one.
But for this to work we need to make sure its valid in all
hooks, hence my suggestion to save it in PREROUTING instead
of POSTROUTING.
This patch demonstrates the idea. Its not compile tested
and incomplete, just to make more clear what I'm suggesting.
OK, that sounds good. Much cleaner. Sorry for misunderstanding you, it's
Friday evening...
I'll look into it.
cheers,
Bart
--
Bart De Schuymer
www.artinalgorithms.be
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
