On Sat, Oct 04, 2014 at 12:04:13PM +0200, Florian Westphal wrote: > > > The reason I asked for the IPCB to be built is to handle exactly > > that case. > > Why do we need to compile ip options, exactly? If the packet > is locally delivered, we hand it up to the ip stack which will > compile ip options normally. Good point. I thought we added this because Bandan Das wanted options. But rereading the thread in question http://lkml.org/lkml/2010/9/3/16 it seems that he doesn't actually need options. So what happened appears to be a misunderstanding. Bandan tried to improve my original memset hack by compiling options which would have been fine except that his approach ended up mangling the packet which is a big no-no. So the most straightforward solution is to go back to my original hack and just do a straight memset zero of the cb area before each entry into the IP stack from the bridge. I'll try to create a patch that essentially reverts the patch that led us here. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
