On Mon, Aug 08, 2005 at 05:43:29PM +0000, Bart De Schuymer wrote: > Op ma, 08-08-2005 te 15:24 +0200, schreef Harald Welte: > > > There is one case missing: the brouter case. If br0=eth0+eth1 and a > > > packet arrives at eth0 (not br0) in the IP code (not the bridge code), > > > then the indev must be eth0, not br0. How about something like this? > > > > Ok, I've implemented your suggested modifications now. > > There's still one small issue: if CONFIG_BRIDGE_NETFILTER isn't set in > the kernel configuration but ebtables is enabled,
Doesn't ebtables attach to netfilter hooks? Ah, BRIDGE_NETFILTER
actually only selects the {ip,ip6,arp}tables emulation, not netfilter
support in bridging.
> then the physindev should still be filled in if ebt_ulog is used. I'm
> afraid this will result in more ugly ifdef's.
well, If you can send me a patch for those ugly ifdef's after you get
back from holidays, I'll apply it. Until then I think we can live
without that missing bit.
> I don't mind making CONFIG_BRIDGE_NETFILTER mandatory for people wanting
> to log the logical {in,out}put device, if you feel it would uglify the
> code too much otherwise...
No, I don't think we should force people to use certain config options
if they're technically not required.
--
- Harald Welte <[EMAIL PROTECTED]> http://netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
pgpuR3sjXM6yG.pgp
Description: PGP signature
