From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Cc: Giuseppe Longo <giuseppelng@gmail.com>, netfilter-devel@vger.kernel.org
Subject: Re: [iptables 0/3] ebtables patchset
Date: Mon, 24 Mar 2014 16:09:56 +0100 [thread overview]
Message-ID: <20140324150956.GA32546@localhost> (raw)
In-Reply-To: <531D98DF.5070507@linux.intel.com>
On Mon, Mar 10, 2014 at 12:50:07PM +0200, Tomasz Bursztyka wrote:
> Hi Pablo and Giuseppe,
>
> >As you can see, a minor issue have to be fixed when printing rules.
> >I have no idea how to handle --logical-in/out interfaces currently,
> >so please let me know if you have an idea or an advice.
>
> As far as I know, there is nothing in nftables's side to differentiate
> between interfaces origin, right? (like a proper hw tight 'eth0' vs
> a bridge 'br0')
> Unless I miss something, it has no real meaning in nftables to
> support such differentiation,
> but for the sake of ebtables compat layer we might need a solution here.
>
> Any idea how this issue could be fixed?
I think you have to extend nft_meta to support that. See
ebt_basic_match(), the net_bridge_port information is obtained via
br_port_get_rcu(dev) given that dev != NULL.
Beware that you have to make sure that the new meta types IIFBRNAME
and OIFBRNAME can only be used from the bridge family. I think you
have to do something similar to what Patrick did with nft_reject, by
adding a specific flavour of nft_meta for the bridge family.
Giuseppe, what other remaining issues you have with the ebtables
compat layer? Could you summarize them, please? Thanks.
next prev parent reply other threads:[~2014-03-24 15:10 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-07 19:33 [iptables 0/3] ebtables patchset Giuseppe Longo
2014-03-07 19:33 ` [iptables 1/3] xtables: bootstrap xtables-eb for nftables Giuseppe Longo
2014-03-07 19:33 ` [iptables 2/3] Operations for bridge family Giuseppe Longo
2014-03-07 19:33 ` [iptables 3/3] nft-shared: make compare_matches as public Giuseppe Longo
2014-03-07 20:28 ` Stephen Hemminger
2014-03-10 10:50 ` [iptables 0/3] ebtables patchset Tomasz Bursztyka
2014-03-24 15:09 ` Pablo Neira Ayuso [this message]
2014-03-24 15:26 ` Giuseppe Longo
2014-03-25 7:40 ` Tomasz Bursztyka
2014-03-25 11:37 ` Tomasz Bursztyka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140324150956.GA32546@localhost \
--to=pablo@netfilter.org \
--cc=giuseppelng@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=tomasz.bursztyka@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).