OpenWrt Forum Archive

Topic: Ebtables support for 2.4.35.4 kernel

The content of this topic has been archived on 4 May 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
zedd
26 Jan 2008, 07:07

Hello,
is there any possibility to get kernel support for ebtables? I try to get it work really hard, but probably I'm still missing something. I don't understand complet meaning of this changeset post:
https://dev.openwrt.org/changeset/9801
As I understand it, there is principal possibility to build kmod-ebtables from current development branch. But when i review downloaded patches after:
svn co https://svn.openwrt.org/openwrt/trunk/
then i don't see ~/trunk/target/linux/generic-2.4/patches/116-ebtables-brnf-11.patch at place. When I try to download and install patch manualy, then I get "only garbage" message.
There is no option to move on 2.6 kernel (where is native support for ebtables) for me, because I have some 18+ asus WL500gP routers with broadcom wifi and tthere is not working driver for this wifi.

Thanks for response

Post #2
nbd
26 Jan 2008, 07:14

The patch was removed because it was causing problems (neighbor table overflows), even when ebtables itself was not used.
If someone manages to fix those problems, we can add the patch back to trunk, but until then it needs to stay out of tree.

Post #3
zedd
26 Jan 2008, 09:09

Thanks for fast response.
I'll probably use Whiterussian for some time till broadcom driver kernel 2.6 will be more stable.

Post #4
netprince
26 Jan 2008, 17:23

I have been including ebtables in openwrt for some number of months now, without problems.  Perhaps if someone can help me trigger the problem, we can work out a fix of some sort?  Perhaps there is some kind of traffic condition that helps trigger the problem?

(Last edited by netprince on 26 Jan 2008, 17:24)

Post #5
zedd
14 Feb 2008, 12:08

Hi Prince,
soon I'll intall some 6+ WL-500gp routers on whiterussian (kernel 2.4.30). Now I have 3 working peaces and 1 of them after 3 days up-time started to allow DHCP traffic, which should be blocked. 1 of routers is installed and working for more then one year and never leaked any DHCP message. This is priority #1 for me, so when I'll have more routers running, I'll setup some observation environment. I know nothing about c++/kernel stuff so I'll ask you for some advice how to track problem (should I use strace/ltrace or something different for debug)?

Post #6
netprince
14 Feb 2008, 14:54

Hi zedd,

I'm not familiar with the kernel debug stuff either. 

Perhaps you can look into using iptables to block dhcp packets?  I'm pretty sure you can enable iptables in a filtered bridge by setting a flag somewhere in /proc. 

I dont use ebtables very often, but I do leave it compiled into all my firmwares.  I was hoping to hash out the neighbor table overflows, but I forget who specifically was having the issue...

The discussion might have continued from here.