From: Patrick McHardy <kaber@trash.net>
To: Amin Azez <azez@ufomechanic.net>
Cc: Netfilter Development Mailinglist
<netfilter-devel@lists.netfilter.org>,
Bart De Schuymer <bdschuym@pandora.be>,
Tom Eastep <teastep@shorewall.net>
Subject: Re: RFC: Disable defered bridge hooks by default
Date: Wed, 19 Jul 2006 18:36:46 +0200 [thread overview]
Message-ID: <44BE5F9E.8020603@trash.net> (raw)
In-Reply-To: <44B666C5.8040603@ufomechanic.net>
Amin Azez wrote:
> Intercepting some traffic types and sending them via alternate gateways,
> (i.e. VPN gateways if the VPN is up) for errr... people who don't want
> to change the network default gateway for the whole network; also, for
> managing certain services for multi-subnet'd segments. I guess its part
> of the fashion to do things in layer2 these days as it involves less
> infrastructure change. For them.
>
> I think Philip was right and my slight suggestion is wrong; I can't
> "look ahead" as ebtables would need to process the "look ahead" also,
> and influencing the look ahead (as well as counting the look-ahead packets)
>
> I think cracking open the bridge code to fit the same model as the ip
> routing code, so it works out how to bridge it at just the same point
> the routing code calculates a route and then output device; but saves
> the answer for later when the final hooks have been traversed.
The routing code shouldn't know anything about the bridge FDB.
> I think if ebtables becomes the answer it will just grow to be as big as
> iptables with all the extra matches iptables has, just as iptables has
> extra -p tcp and -p udp matches.
Thats where MARK will be useful, but only if the target is available
in ebtables. SNAT based on bridge port won't be possible anymore.
next prev parent reply other threads:[~2006-07-19 16:36 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-04 9:26 RFC: Disable defered bridge hooks by default Patrick McHardy
2006-07-04 9:27 ` Patrick McHardy
2006-07-08 0:36 ` Tom Eastep
2006-07-08 3:01 ` Patrick McHardy
2006-07-10 9:56 ` Amin Azez
2006-07-11 8:28 ` Patrick McHardy
2006-07-11 9:33 ` Amin Azez
2006-07-11 20:34 ` Tom Eastep
2006-07-11 21:29 ` Patrick McHardy
2006-07-12 22:41 ` Tom Eastep
2006-07-13 7:35 ` Patrick McHardy
2006-07-13 14:11 ` Tom Eastep
2006-07-13 14:45 ` Patrick McHardy
2006-07-13 15:31 ` Tom Eastep
2006-07-15 14:32 ` Tom Eastep
2006-07-19 14:21 ` Patrick McHardy
2006-07-19 15:50 ` Tom Eastep
2006-07-19 16:02 ` Patrick McHardy
2006-07-13 9:56 ` Amin Azez
2006-07-12 6:16 ` Philip Craig
2006-07-13 0:20 ` Tom Eastep
2006-07-13 0:42 ` David Miller
2006-07-13 0:45 ` Tom Eastep
2006-07-13 9:45 ` Amin Azez
2006-07-13 7:31 ` Patrick McHardy
2006-07-13 7:46 ` Patrick McHardy
2006-07-13 8:12 ` Philip Craig
2006-07-13 8:36 ` Patrick McHardy
2006-07-13 14:11 ` Amin Azez
2006-07-13 14:50 ` Patrick McHardy
2006-07-13 15:29 ` Amin Azez
2006-07-19 16:36 ` Patrick McHardy [this message]
[not found] ` <44BE624E.5080307@ufomechanic.net>
2006-07-19 17:15 ` Patrick McHardy
[not found] <W8195318669268441152182124@nocme1bl6.telenet-ops.be>
2006-07-06 10:49 ` Patrick McHardy
2006-07-07 3:37 ` Patrick McHardy
-- strict thread matches above, loose matches on Subject: below --
2006-07-07 10:17 bdschuym@pandora.be
2006-07-07 10:24 ` Patrick McHardy
2006-07-13 12:56 bdschuym@pandora.be
2006-07-13 14:38 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44BE5F9E.8020603@trash.net \
--to=kaber@trash.net \
--cc=azez@ufomechanic.net \
--cc=bdschuym@pandora.be \
--cc=netfilter-devel@lists.netfilter.org \
--cc=teastep@shorewall.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.