[Bridge] Re: Policy match with a bridge
Bart De Schuymer
bdschuym at pandora.be
Sat Oct 16 06:30:58 PDT 2004
On Thursday 14 October 2004 02:23, Tom Eastep wrote:
> Bart De Schuymer wrote:
> > On Monday 16 August 2004 03:31, Patrick McHardy wrote:
> >>The problem is ipv4_sabotage_out in the briding code. It prevents the
> >>packet from hitting the LOCAL_OUT hook while it is still unencrypted.
> >>When it hits the bridging code and its LOCAL_OUT hook it's too late.
> >>Not sure how to handle it yet.
> >
> > I'll have a look at that after I'm finished with the IPv6 bridge
>
> firewalling
>
> > stuff.
>
> Any progress on this?
You should be able to do what you want in the iptables mangle OUTPUT chain
instead of the one in the filter table.
Patrick, a hack solution would be to temporarily change out->hard_start_xmit
to something else than br_dev_xmit, that way you fool ipv4_sabotage_out.
cheers,
Bart
More information about the Bridge
mailing list