Re: bridge-netfilter patch

From: Bart De Schuymer (
Date: Mon Sep 16 2002 - 16:41:17 EST

> This is for purely bridged packets.
> Why is it being added, therefore, to ip_queue_xmit() which is only
> ever invoked by TCP output processing?
> If the patch adds the call somewhere else, please correct me, but
> I specifically remember it being added to ip_queue_xmit() which is
> why I barfed when seeing it :-)

I've never seen this in the patch. It sure isn't in it now.

To be more precise:
net/ipv4/netfilter/ip_conntrack_standalone.c:ip_refrag() is (or can be)
attached to the NF_IP_POST_ROUTING hook. This function calls:
In this function the copy of the Ethernet frame is added for each fragment (by
the br-nf patch).
The bridge-netfilter patch lets IP packets/frames passing the
NF_BR_POST_ROUTING hook go through the NF_IP_POST_ROUTING hook, so the
ip_fragment() code is executed while the IP packet/frame is really in the
bridge code. After this, the fragments get queued:
net/bridge/br_forward.c:br_dev_queue_push_xmit() calls dev_queue_xmit()

Lennert's previous mail says in which cases and why this header copy has to be
explicitly done.

The following document might be useful to know what we are doing:


- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to More majordomo info at Please read the FAQ at

This archive was generated by hypermail 2b29 : Mon Sep 23 2002 - 22:00:17 EST