forked from luck/tmp_suning_uos_patched
8e2f311a68
Following command: iptables -D FORWARD -m physdev ... causes connectivity loss in some setups. Reason is that iptables userspace will probe kernel for the module revision of the physdev patch, and physdev has an artificial dependency on br_netfilter (xt_physdev use makes no sense unless a br_netfilter module is loaded). This causes the "phydev" module to be loaded, which in turn enables the "call-iptables" infrastructure. bridged packets might then get dropped by the iptables ruleset. The better fix would be to change the "call-iptables" defaults to 0 and enforce explicit setting to 1, but that breaks backwards compatibility. This does the next best thing: add a request_module call to checkentry. This was a stray '-D ... -m physdev' won't activate br_netfilter anymore. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
||
|---|---|---|
| .. | ||
| netfilter | ||
| br_arp_nd_proxy.c | ||
| br_device.c | ||
| br_fdb.c | ||
| br_forward.c | ||
| br_if.c | ||
| br_input.c | ||
| br_ioctl.c | ||
| br_mdb.c | ||
| br_multicast.c | ||
| br_netfilter_hooks.c | ||
| br_netfilter_ipv6.c | ||
| br_netlink_tunnel.c | ||
| br_netlink.c | ||
| br_nf_core.c | ||
| br_private_stp.h | ||
| br_private_tunnel.h | ||
| br_private.h | ||
| br_stp_bpdu.c | ||
| br_stp_if.c | ||
| br_stp_timer.c | ||
| br_stp.c | ||
| br_switchdev.c | ||
| br_sysfs_br.c | ||
| br_sysfs_if.c | ||
| br_vlan_tunnel.c | ||
| br_vlan.c | ||
| br.c | ||
| Kconfig | ||
| Makefile | ||