[Bridge] mac table updates

Dirk Morris dmorris at metaloft.com
Thu Jul 28 16:23:43 PDT 2005


I think the new mac ageing (sometime since 2.6.8.1) may be too aggressive.
Now it updates the table at a much later time, with a comment in the =

code that leads me to believe
this is to prevent counting spoofed packets and a DOS.

My problem is that the update occurs after the netfilter hooks which may =

do weird things to change the course of the packet so that it does not =

get counted.
(in my case, redirecting, queueing to userspace, nonlocally bound =

sockets, etc).
For me this causes packets to go spewing out on the wrong interface when =

the timer expires.

I used the attached patch to revert back to the old method.

-Dirk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bridge-mac-ageing-fix.patch
Type: text/x-patch
Size: 545 bytes
Desc: not available
Url : http://lists.linux-foundation.org/pipermail/bridge/attachments/200507=
28/3874a76d/bridge-mac-ageing-fix-0002.bin


More information about the Bridge mailing list