Re: [Ebtables-devel] Host can receive martian_source packet when dnat on bridge
Brought to you by:
bdschuym
Menu
▾
▴
Re: [Ebtables-devel] Host can receive martian_source packet when dnat on bridge
|
From: lepton <yth...@gm...> - 2006-11-03 04:20:27
|
In most case, redirected packets will not go here ( ip_route_input will return 0). I do some test: ifconfig br0 192.168.3.100 iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to 3128 Redirect is working without this patch. So what is the exactly case that redirected packets will get dropped? Thanks 2006/11/3, Bart De Schuymer <bds...@pa...>: > > Op do, 02-11-2006 te 20:46 +0800, schreef lepton: > > I found some times we can receive martian_source packet > > after dnat on bridge. > > > > After looking into some code, I found the problem is related > > a patch posted here before, why we added the check for > rt->rt_type==RTN_LOCAL > > here? what problem is this patch fixed for? > > > > With this patch, if redirect take place on a martin_source packet, the > > packet will not be dropped(because we ignore the result of route_input, > > then we call route_output_key with a zero source addr). > > The patch was to deal with the problem that ip_route_output_key > reportedly returns 0 for redirected packets, which would normally mean > the packet is dropped and the message "Performing cross-bridge DNAT > requires IP forwarding to be enabled" is printed. By checking for > RTN_LOCAL, these redirected packets aren't stopped. > > Are you saying that except for martian source packets and other > anomalies, redirected packets aren't dropped if this patch isn't used? > > cheers, > Bart > > > |
