[Ebtables-devel] Host can receive martian_source packet when dnat on bridge
Brought to you by:
bdschuym
Menu
▾
▴
[Ebtables-devel] Host can receive martian_source packet when dnat on bridge
|
From: lepton <yth...@gm...> - 2006-11-02 12:46:51
|
I found some times we can receive martian_source packet
after dnat on bridge.
After looking into some code, I found the problem is related
a patch posted here before, why we added the check for rt->rt_type==RTN_LOCAL
here? what problem is this patch fixed for?
With this patch, if redirect take place on a martin_source packet, the
packet will not be dropped(because we ignore the result of route_input,
then we call route_output_key with a zero source addr).
The following is the patch posted here before:
Hi Dave,
Here's a slightly altered patch, originally from Mark Glines who
diagnosed and fixed the problem.
Please apply,
Bart
Signed-off-by: Bart De Schuymer <bdschuym@pa...>
--- linux-2.6.13/net/bridge/br_netfilter.c.old 2005-09-14 19:35:17.410164848 +0000
+++ linux-2.6.13/net/bridge/br_netfilter.c 2005-09-14 19:38:20.233371496 +0000
@@ -214,9 +214,11 @@ static int br_nf_pre_routing_finish(stru
.tos = RT_TOS(iph->tos)} }, .proto = 0};
if (!ip_route_output_key(&rt, &fl)) {
- /* Bridged-and-DNAT'ed traffic doesn't
- * require ip_forwarding. */
- if (((struct dst_entry *)rt)->dev == dev) {
+ /* - Bridged-and-DNAT'ed traffic doesn't
+ * require ip_forwarding.
+ * - Deal with redirected traffic. */
+ if (((struct dst_entry *)rt)->dev == dev ||
+ rt->rt_type == RTN_LOCAL) {
skb->dst = (struct dst_entry *)rt;
goto bridged_dnat;
}
|
