Yigal Reiss (yreiss) <yre...@cisco.com> wrote: > > No, thats not the problem you're trying to solve. > > > > If you want to move OTHERHOST skbs, don't (b)route them? > > > > Whats the real issue that you're trying to solve? > > I want to (b)route them because I want to be able to inspect the packets in > higher levels > (through iptables or user space IPS).
For nfqueue via iptables, use call-iptables sysctl? Alternatively, implement NFQUEUE support for NF_BRIDGE family, we'll need this eventually for nftables bridge family anyway. AF_PACKET should just 'work' without brouting. > Once I do that (i.e. (b)route by applying an appropriate ebtables rule), the > corresponding > packets get dropped unless I apply the patch. Maybe, but if you broute everything you might as well just remove the bridge... You can use -j redirect in ebtables broute table to force local MAC dnat (this also 'fixes' the pkttype to _HOST) if you really want to broute. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
