From: Florian Westphal <fw@strlen.de>
To: Sriram Yagnaraman <sriram.yagnaraman@est.tech>
Cc: netfilter-devel@vger.kernel.org, Florian Westphal <fw@strlen.de>,
Pablo Neira Ayuso <pablo@netfilter.org>
Subject: Re: [PATCH nf-next] netfilter: bridge: introduce broute meta statement
Date: Fri, 24 Feb 2023 00:01:46 +0100 [thread overview]
Message-ID: <20230223230146.GD26596@breakpoint.cc> (raw)
In-Reply-To: <20230223202246.15640-1-sriram.yagnaraman@est.tech>
Sriram Yagnaraman <sriram.yagnaraman@est.tech> wrote:
> +void nft_meta_bridge_set_eval(const struct nft_expr *expr,
> + struct nft_regs *regs,
> + const struct nft_pktinfo *pkt)
static?
> +{
> + dest = eth_hdr(skb)->h_dest;
> + if (skb->pkt_type == PACKET_HOST &&
> + !ether_addr_equal(skb->dev->dev_addr, dest) &&
> + ether_addr_equal(p->br->dev->dev_addr, dest))
> + skb->pkt_type = PACKET_OTHERHOST;
We already support override of skb->pkt_type, I would prefer
if users to this explicitly from their ruleset if they need it.
> + priv->key = ntohl(nla_get_be32(tb[NFTA_META_KEY]));
I think you need to check for !tb[NFTA_META_KEY] and bail out
before this line.
> + switch (priv->key) {
> + case NFT_META_BRI_BROUTE:
> + len = sizeof(u8);
> + break;
Can you bail out if this is called from something else
than PREROUTING hook?
You can look at nft_tproxy.c or similar on how to do this.
next prev parent reply other threads:[~2023-02-23 23:01 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-23 20:22 [PATCH nf-next] netfilter: bridge: introduce broute meta statement Sriram Yagnaraman
2023-02-23 22:01 ` Jan Engelhardt
2023-02-23 23:01 ` Florian Westphal [this message]
2023-02-24 9:03 ` Sriram Yagnaraman
2023-02-24 9:10 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230223230146.GD26596@breakpoint.cc \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=sriram.yagnaraman@est.tech \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.