From eef579a0cfc165d31252d19718843bba33348939 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Fri, 11 Jan 2008 18:02:18 -0800 Subject: [PATCH] --- yaml --- r: 75499 b: refs/heads/master c: 2948d2ebbb98747b912ac6d0c864b4d02be8a6f5 h: refs/heads/master i: 75497: fc83d30737d6d85709124dedccee1314adc3ca1a 75495: c0896dc80a27c4fd4c8575967303ffa34beda4a9 v: v3 --- [refs] | 2 +- trunk/net/bridge/br_netfilter.c | 18 ++++++++++++------ 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/[refs] b/[refs] index 59671b904206..33fb0ff26ec0 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: 0ff4d77bd9fe86ca1bc7f44839d79f8a349a62f0 +refs/heads/master: 2948d2ebbb98747b912ac6d0c864b4d02be8a6f5 diff --git a/trunk/net/bridge/br_netfilter.c b/trunk/net/bridge/br_netfilter.c index c1757c79dfbb..5d8b939eded1 100644 --- a/trunk/net/bridge/br_netfilter.c +++ b/trunk/net/bridge/br_netfilter.c @@ -247,8 +247,9 @@ static void __br_dnat_complain(void) * Let us first consider the case that ip_route_input() succeeds: * * If skb->dst->dev equals the logical bridge device the packet - * came in on, we can consider this bridging. We then call - * skb->dst->output() which will make the packet enter br_nf_local_out() + * came in on, we can consider this bridging. The packet is passed + * through the neighbour output function to build a new destination + * MAC address, which will make the packet enter br_nf_local_out() * not much later. In that function it is assured that the iptables * FORWARD chain is traversed for the packet. * @@ -285,12 +286,17 @@ static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb) skb->nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING; skb->dev = bridge_parent(skb->dev); - if (!skb->dev) - kfree_skb(skb); - else { + if (skb->dev) { + struct dst_entry *dst = skb->dst; + nf_bridge_pull_encap_header(skb); - skb->dst->output(skb); + + if (dst->hh) + return neigh_hh_output(dst->hh, skb); + else if (dst->neighbour) + return dst->neighbour->output(skb); } + kfree_skb(skb); return 0; }