Eric Dumazet wrote:
> Le mardi 30 mars 2010 à 16:16 +0200, Bart De Schuymer a écrit :
>> @@ -163,7 +166,11 @@ static inline bool __nf_ct_tuple_dst_equ
>> {
>> return (nf_inet_addr_cmp(&t1->dst.u3, &t2->dst.u3) &&
>> t1->dst.u.all == t2->dst.u.all &&
>> - t1->dst.protonum == t2->dst.protonum);
>> + t1->dst.protonum == t2->dst.protonum
>> +#ifdef CONFIG_BRIDGE_NETFILTER
>> + && likely(t1->dst.vlan_id == t2->dst.vlan_id)
>> +#endif
>> + );
>> }
>>
>> static inline bool nf_ct_tuple_equal(const struct nf_conntrack_tuple *t1,
>>
>
> This really sounds very strange, layering violation or something.
>
> You mix conntracking, bridge and vlan here.
I agree, this is really wrong.
> Why setups without bridge should not care of vlan + conntracking side
> effects ?
>
> This whole idea was discussed last November :
>
> http://www.spinics.net/lists/netfilter-devel/msg10692.html
>
> Patrick spoke of 'conntrack zone', and we added this concept.
Indeed, this seems like a better way.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
