Bart De Schuymer wrote: > bridge-netfilter: Fix MAC header handling with IP DNAT > > - fix IP DNAT on vlan- or pppoe-encapsulated traffic: The functions > neigh_hh_output() or dst->neighbour->output() overwrite the complete > Ethernet header, although we only need the destination MAC address. > For encapsulated packets, they ended up overwriting the encapsulating > header. The new code copies the Ethernet source MAC address and > protocol number before calling dst->neighbour->output(). The Ethernet > source MAC and protocol number are copied back in place in > br_nf_pre_routing_finish_bridge_slow(). This also makes the IP DNAT > more transparent because in the old scheme the source MAC of the > bridge was copied into the source address in the Ethernet header. We > also let skb->protocol equal ETH_P_IP resp. ETH_P_IPV6 during the > execution of the PF_INET resp. PF_INET6 hooks. > - Speed up IP DNAT by calling neigh_hh_bridge() instead of > neigh_hh_output(): if dst->hh is available, we already know the MAC > address so we can just copy it. Applied, thanks Bart. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
