On Fri, Dec 05, 2014 at 10:12:25PM +0100, Bernhard Thaler wrote:
> diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
> index c190d22..73ea96a 100644
> --- a/net/bridge/br_netfilter.c
> +++ b/net/bridge/br_netfilter.c
[...]
> +static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb)
> +{
> + struct nf_bridge_info *nf_bridge = skb->nf_bridge;
> + struct rtable *rt;
> + struct net_device *dev = skb->dev;
> +
> + if (nf_bridge->mask & BRNF_PKT_TYPE) {
> + skb->pkt_type = PACKET_OTHERHOST;
> + nf_bridge->mask ^= BRNF_PKT_TYPE;
> + }
> + nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING;
There is no fragmentation handling here. Actually, not your fault, the
original br_nf_pre_routing_finish_ipv6() doesn't consider this case.
I can take this patch, it doesn't do any worse than the existing code,
but probably you want to have a look at this.
Please, let me know. Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
