Re: [PATCH net] bridge: ebtables: fix reception of frames DNAT-ed to bridge device

From: Florian Westphal
Date: Wed Mar 15 2017 - 06:26:46 EST

Next message: Lee Jones: "Re: [PATCH 2/8] mfd: db8500-prcmu: fix stub helper interface"
Previous message: jeffy: "Re: [PATCH v2] drm/rockchip: Refactor the component match logic."
In reply to: Linus LÃssing: "[PATCH net] bridge: ebtables: fix reception of frames DNAT-ed to bridge device"
Next in thread: Pablo Neira Ayuso: "Re: [PATCH net] bridge: ebtables: fix reception of frames DNAT-ed to bridge device"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Linus Lüssing <linus.luessing@xxxxxxxxx> wrote:
> When trying to redirect bridged frames to the bridge device itself
> via the ebtables nat-prerouting chain and the dnat target then this
> currently fails:
>
> The ethernet destination of the frame is dnat'ed to the MAC address of
> the bridge itself just fine and the correctly altered frame can even
> be captured via a tcpdump on br0 (with or without promisc mode).
>
> However, the IP code drops it in the beginning of ip_input.c/ip_rcv()
> as the dnat target did not update the skb->pkt_type.

Right, thats the reason why ebtables also has ebt_redirect target
which does this pkt_type fixup.

> - if (dst->is_local)
> + if (dst->is_local) {
> + /* fix up potential DNAT mess */
> + skb->pkt_type = PACKET_HOST;
> +
> return br_pass_frame_up(skb);
> + }

I don't mind this change though (i.e. I don't see how this would
bite us later).

Next message: Lee Jones: "Re: [PATCH 2/8] mfd: db8500-prcmu: fix stub helper interface"
Previous message: jeffy: "Re: [PATCH v2] drm/rockchip: Refactor the component match logic."
In reply to: Linus LÃssing: "[PATCH net] bridge: ebtables: fix reception of frames DNAT-ed to bridge device"
Next in thread: Pablo Neira Ayuso: "Re: [PATCH net] bridge: ebtables: fix reception of frames DNAT-ed to bridge device"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]