Hi guyz,
Looks like Bart Schuymer is busy. I will appreciate if anyone else can
help me.
I am using br_handle_frame_finish to implement my protocol which
encapusulates and also decapsulates just like VLAN does. I made changes
to br_netfilter.c similar to VLAN protocol and the IPTABLES seems to be
working. But my ebtables INPUT chain does not see the frame early
enough. ebtables INPUT chain is seeing frame after the decapsulation.
The remedy, Bart says:
> You should not add a new hook. What you need to do is register your
function
> on the existing NF_BR_PRE_ROUTING hook, with a priority number lower
than
> that of the ebtables nat PREROUTING chain (prio=NF_BR_PRI_NAT_SRC).
> See f.e. net/bridge/netfilter/ebtable_nat.c, where the ebtables nat
chains are
> registered on the relevant netfilter hooks.
can I add the following:
{ { NULL, NULL }, br_handle_frame_finish, PF_BRIDGE, NF_BR_PRE_ROUTING,
NF_BR_PRI_BRNF},
to ebtables_nat.c @ end of 'static struct nf_hook_ops ebt_ops_nat[] {' ?
Thanks in advance,
Raj
