Patrick McHardy wrote: > > Another solution I think is this: >> in br_nf_post_routing(): >> change >> if (!nf_bridge) >> to >> if (!nf_bridge || !(nf_bridge->mask & BRNF_BRIDGED_DNAT)) > > Wouldn't that break the regular case of packets forwarded > through a single bridge? How about: if (!nf_bridge || !(nf_bridge->mask & (BRNF_BRIDGED | BRNF_BRIDGED_DNAT)) (I didn't follow the code enough to see if BRNF_BRIDGED_DNAT implies BRNF_BRIDGED.) > Yes, though the underlying problem seems to be that skb->nf_bridge > has no clearly defined lifetime. We want to pass the bridge port > information up exactly one layer, and then it should disappear. > But that seems to require sprinkling nf_bridge_put in lots of places. An alternative to clearing nf_bridge is settings flags in the mask, whether that is existing flags or a new one. - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
