From: Patrick McHardy <kaber@trash.net>
To: Jan Engelhardt <jengelh@medozas.de>, netfilter-devel@vger.kernel.org
Subject: Re: [PATCH] ebtables: Clone xt_AUDIT to ebt_audit to return EBT_CONTINUE
Date: Wed, 16 Mar 2011 14:58:36 +0100 [thread overview]
Message-ID: <4D80C20C.4090805@trash.net> (raw)
In-Reply-To: <20110316082458.GC26145@canuck.infradead.org>
On 16.03.2011 09:24, Thomas Graf wrote:
> On Wed, Mar 16, 2011 at 06:40:33AM +0100, Patrick McHardy wrote:
>> Am 16.03.2011 01:43, schrieb Jan Engelhardt:
>>> On Wednesday 2011-03-16 01:33, Thomas Graf wrote:
>>>
>>>> Even though ebtables uses xtables it still requires targets to
>>>> return EBT_CONTINUE instead of XT_CONTINUE. This prevented
>>>> xt_AUDIT to work as ebt module.
>>>
>>> Something that just came to mind is that you could probably do
>>> to keep the code at a minimum:
>>>
>>>
>>> static unsigned int ebt_audit(struct xt_target_param *par)
>>> {
>>> unsigned int ret = xt_audit_tg(par);
>>>
>>> if (ret == XT_CONTINUE)
>>> return EBT_CONTINUE;
>>> ...
>>> }
>
> That's a good idea, thanks Jan!
>
>> Seems like a good idea to me. If more modules need this (f.i.
>> MARK) we could also consider doing the mapping based on a target
>> flag in ebtables itself.
>>
>> However please see Dave's mail about net-next, until the merge
>> window is over and -rc1 released only bugfixes will be accepted.
>
> I was considering this a bugfix because the module as-is can be
> loaded with ebtables, will create audit records but won't allow
> for the next rule to drop/reject the packet.
>
> Would you consider Jan's approach a bugfix or should I wait?
Yes, this qualifies as a bugfix in my opinion since we're returning
invalid verdicts to ebtables. I'll apply your patch later today.
next prev parent reply other threads:[~2011-03-16 13:58 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-16 0:33 [PATCH] ebtables: Clone xt_AUDIT to ebt_audit to return EBT_CONTINUE Thomas Graf
2011-03-16 0:43 ` Jan Engelhardt
2011-03-16 5:40 ` Patrick McHardy
2011-03-16 8:24 ` Thomas Graf
2011-03-16 13:58 ` Patrick McHardy [this message]
2011-03-16 9:20 ` [PATCH] ebtables: Fix xt_AUDIT to work with ebtables, return EBT_CONTINUE if NFPROTO_BRIDGE Thomas Graf
2011-03-16 17:33 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D80C20C.4090805@trash.net \
--to=kaber@trash.net \
--cc=jengelh@medozas.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.