Hey guys, first I want to thank you for your hard work on this project. It's central to my development effort :)
Have you had the opportunity to address the dhcpcd issues in this patch? And, what does the bis stand for? And ... where is this patch? The one on the web site is from the 10th? Or am I just reading the tailing end of a long running conversation?
David
-----Original Message-----
From: Lennert Buytenhek [mailto:[EMAIL PROTECTED]]
Sent: Sunday, January 06, 2002 12:25 PM
To: Bart De Schuymer
Cc: [EMAIL PROTECTED]
Subject: Re: [Bridge] [PATCH] bridge-nf-0.0.4.bis patch available
On Wed, Dec 26, 2001 at 06:39:13PM +0100, Bart De Schuymer wrote:
> > > - Give bridge netfilter functions priority NF_BR_PRI_LAST (i.e. INT_MAX)
> >
> > Why is this, I guess because of your ebtables hooks? I'd rather hand out
> > priorities properly (i.e. NF_BR_FILTER, NF_BR_IP_PASSTHROUGH in
> > netfilter_bridge.h) instead of having more magic numbers in here..
>
> Ok, but my main point was that the nf bridge priority of passthrough should
> be INT_MAX, no matter what name you give it.
Please allow me to disagree.
> Any function that attaches to a netfilter hook after the passthrough
> function might as well attach before the passthrough function:
> - if the function does stuff for ip packets it gets useless if it attaches
> after the passthrough function because passthrough steals those packets.
*That* is the bug. We should definitely call NF_HOOK_THRESH after the
passthrough functions.
> > > - Give sabotage functions netfilter priority NF_IP_PRI_FIRST (i.e.
> INT_MIN),
> > > except for NF_IP_LOCAL_OUT ofcourse
> >
> > For PRE_ROUTING I agree, for FORWARD not really. There just happens to be
> > nothing before PRI_BRIDGE_SABOTAGE, but I'm sure there could be hooks
> > interested in the 'original' (i.e. possibly un'flooded') packet.
>
> Ok, but naming that priority also NF_IP_PRI_BRIDGE_SABOTAGE is misleading.
> In essence I believe the priorities for SABOTAGE on NF_IP_LOCAL_OUT and
> NF_IP_FORWARD are unrelated. It just happens that that value (-50) works for
> both hooks.
Well, IPv4 does the same thing with hook priorities. I think it does make
sense in a way.
> Couldn't we put something like (INT_MIN + 10)?
> Suppose someone has an ip netfilter function and decides to put it at
> priority value -60 (not knowing about passthrough).
(This is why we need 'proper' priority registration :)
cheers,
Lennert
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
