Re: Fw: Problems with nf_nat_ftp.ko and nf_conntrack_ftp.ko in 2.6.22.6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Patrick McHardy wrote:
>  > Another solution I think is this:
>> in br_nf_post_routing():
>> change
>> if (!nf_bridge)
>> to
>> if (!nf_bridge || !(nf_bridge->mask & BRNF_BRIDGED_DNAT))
> 
> Wouldn't that break the regular case of packets forwarded
> through a single bridge?

How about:

if (!nf_bridge || !(nf_bridge->mask & (BRNF_BRIDGED | BRNF_BRIDGED_DNAT))

(I didn't follow the code enough to see if BRNF_BRIDGED_DNAT
implies BRNF_BRIDGED.)

> Yes, though the underlying problem seems to be that skb->nf_bridge
> has no clearly defined lifetime. We want to pass the bridge port
> information up exactly one layer, and then it should disappear.
> But that seems to require sprinkling nf_bridge_put in lots of places.

An alternative to clearing nf_bridge is settings flags in the mask,
whether that is existing flags or a new one.

-
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux