From: Patrick McHardy <kaber@trash.net>
To: Stephen Hemminger <shemminger@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org, Linux Netdev List <netdev@vger.kernel.org>
Subject: Re: [PATCH] Remove broken netfilter binary sysctls from bridging code
Date: Tue, 25 Sep 2007 18:22:36 +0200 [thread overview]
Message-ID: <46F935CC.20400@trash.net> (raw)
In-Reply-To: <20070925091203.371879e2@fujitsu-loaner>
Stephen Hemminger wrote:
> On Tue, 25 Sep 2007 06:07:24 +0200
> Patrick McHardy <kaber@trash.net> wrote:
>
>
>> I meant removing brnf_sysctl_call_tables function, not the sysctls
>> themselves, all it does is change values != 0 to 1. Or did you
>> actually mean that something in userspace might depend on reading
>> back the value 1 after writing a value != 0?
>>
>
> I was going farther, because don't really see the value of having
> a sysctl for this. It seems better to just not load filters if
> they aren't going to be used. Having another enable/disable hook
> just adds needless complexity.
>
These sysctls control whether bridged packets will be handled
by iptables and friends. The bridge netfilter code always
handles bridged packets, and iptables might be loaded for
different reasons. So I don't see how that would work.
I think it should be specified in the ebtables ruleset, but
the current netfilter infrastructure doesn't allow to do that
cleanly.
prev parent reply other threads:[~2007-09-25 16:25 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20070918011841.2381bd93.akpm@linux-foundation.org>
[not found] ` <20070918162039.GA1804@skynet.ie>
2007-09-18 16:41 ` 2.6.23-rc6-mm1: Build failure on ppc64 drivers/net/ehea/ehea_main.c Mel Gorman
[not found] ` <20070919235828.GA31759@nineveh.local>
[not found] ` <20070919170934.84f44e05.akpm@linux-foundation.org>
[not found] ` <f86d6cc00709200721h6e8f7cf8xa2264e9d1f88883b@mail.gmail.com>
[not found] ` <f86d6cc00709200912j37a3218boa882a044c0610779@mail.gmail.com>
2007-09-20 19:44 ` 2.6.23-rc6-mm1 Andrew Morton
[not found] ` <20070920132512.GF24105@skynet.ie>
[not found] ` <alpine.LFD.0.999.0709201903180.17093@enigma.security.iitk.ac.in>
2007-09-22 6:54 ` 2.6.23-rc6-mm1: Build failures on ppc64_defconfig Satyam Sharma
2007-09-24 11:12 ` Mel Gorman
2007-09-22 7:25 ` Satyam Sharma
2007-09-22 7:40 ` [PATCH -mm] pasemi_mac: Build fix after recent netdev stats changes Satyam Sharma
2007-09-22 7:54 ` [PATCH -mm] mv643xx_eth: Remove redundant multiple initialization Satyam Sharma
2007-09-22 7:55 ` [PATCH -mm] iseries_veth: Kill unused variable Satyam Sharma
[not found] ` <20070921020554.GE31759@nineveh.local>
[not found] ` <m1fy18k5ru.fsf@ebiederm.dsl.xmission.com>
[not found] ` <46F7EC0A.9030506@trash.net>
[not found] ` <20070924131458.0daa4562@freepuppy.rosehill>
2007-09-25 4:07 ` [PATCH] Remove broken netfilter binary sysctls from bridging code Patrick McHardy
2007-09-25 16:12 ` Stephen Hemminger
2007-09-25 16:22 ` Patrick McHardy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46F935CC.20400@trash.net \
--to=kaber@trash.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=shemminger@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).