Hi, I would like to know if it is possible to use ebtables to override the kernel policy of dropping link-local frames from bridging. In particular, I am interested in forwarding 802.1X EAPOL frames being sent to 01:80:c2:00:00:05. At the moment, I hacked the kernel to do this, but I would prefer to use a preexisting solution, if one exists. --- linux/net/bridge/br_input.c.orig 2009-10-08 08:52:13.000000000 +0100 +++ linux/net/bridge/br_input.c 2009-10-07 23:30:41.000000000 +0100 @@ -138,6 +138,9 @@ if (p->br->stp_enabled == BR_NO_STP && dest[5] == 0) goto forward; + if (dest[5] == 3) + goto forward; + if (NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev, NULL, br_handle_local_finish)) return NULL; /* frame consumed by filter */ I guess that what I need to do is to put a rule on frames with destination 01:80:c2:00:00:03 in the INPUT chain, but what action should I set for the rule? Naïvely, I tried jumping to FORWARD, but that doesn't seem to be allowed. Thank you, -- Zhen Lin -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
