[PATCH RESENT] Don't postpone netfilter in bridging sabotage function when XFRMing.

Ludo Stellingwerff Fri, 19 Aug 2005 02:20:00 -0700

[NETFILTER BRIDGE]

Do not postpone netfilter in the bridge sabotage function
when the packet will be transformed. I need this in combination
with the ipsec-NAT patches (from Patrick McHardy) to be able to
get ipsec traffic over a bridge device.


Signed-off-by: Ludo Stellingwerff <[EMAIL PROTECTED]>

---

 net/bridge/br_netfilter.c |    1 +
 1 files changed, 1 insertion(+)

--- linux-2.6.12.3/net/bridge/br_netfilter.c    2005-07-15 23:18:57.000000000 
+0200
+++ new/net/bridge/br_netfilter.c       2005-07-29 12:45:34.712409993 +0200
@@ -845,6 +845,7 @@
        struct sk_buff *skb = *pskb;
 
        if ((out->hard_start_xmit == br_dev_xmit &&
+           (!skb->dst || !skb->dst->xfrm) &&
            okfn != br_nf_forward_finish &&
            okfn != br_nf_local_out_finish &&
            okfn != br_dev_queue_push_xmit)

[PATCH RESENT] Don't postpone netfilter in bridging sabotage function when XFRMing.

Reply via email to