br_nf_forward_ip() {
parent = bridge_parent(out);
NF_HOOK(pf, NF_INET_FORWARD, skb, brnf_get_logical_dev(skb, in), parent,
br_nf_forward_finish);
}
here, let us suppose pf = NFPROTO_IPV4, i think the return value of
brnf_get_logical_dev(skb, in) equals parent ?
its comment 'This is the 'purely bridged' case. For IP, we pass the packet to
* netfilter with indev and outdev set to the bridge device'
so when calls hooks at ipv4 level like
iptable_filter_hook,iptable_mangle_hook, we can not distinct in and out devices?
in other word, we can not use in/out dev with ebtables's ip extension.
thanks_______________________________________________
Virtualization mailing list
[email protected]
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
