On Thu, Dec 20, 2001 at 12:39:12AM +0100, Bart De Schuymer wrote:
> Hello, Hi there, > The patch is located at > http://users.pandora.be/bart.de.schuymer/bridge-nf/bridge-nf-0.0.4.bis-again > st-2.4.16.diff > It's an incremental patch vs the bridge-nf-0.0.4 patch. Could you send patches in smaller bits please? In this case especially since some parts are obvious and some parts aren't.. > - Correct my name, blah Sorry :( > - Change return NF_STOLEN; into return 0; (we are inside an okfn) Integrated. > - Map NF_IP_POST_ROUTING onto NF_BR_POST_ROUTING Nice you noticed this is possible now (I guess the bridge_parent/realindev overhaul helped here); integrated. > - Give bridge netfilter functions priority NF_BR_PRI_LAST (i.e. INT_MAX) Why is this, I guess because of your ebtables hooks? I'd rather hand out priorities properly (i.e. NF_BR_FILTER, NF_BR_IP_PASSTHROUGH in netfilter_bridge.h) instead of having more magic numbers in here.. > - Give sabotage functions netfilter priority NF_IP_PRI_FIRST (i.e. INT_MIN), > except for NF_IP_LOCAL_OUT ofcourse For PRE_ROUTING I agree, for FORWARD not really. There just happens to be nothing before PRI_BRIDGE_SABOTAGE, but I'm sure there could be hooks interested in the 'original' (i.e. possibly un'flooded') packet. cheers, Lennert _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
