On 24.01.2011 21:55, Pierre Chifflier wrote: > Hi, > > I'm still working on a module to add the NFQUEUE target to ebtables. > > So far, I've been able to split the work on two parts: sending the > packets to nfqueue, and re-inject them after a verdict. I'll split > questions on separate emails. > > Adding the NFQUEUE target is not a difficult task (making the > ebt_do_tables return NF_QUEUE_NR(queue_num)), however this won't work > since the __nf_queue() function [1] requires an afinfo structure : > 132 afinfo = nf_get_afinfo(pf); > 133 if (!afinfo) > 134 goto err_unlock; > > Since there is no afinfo structure for AF_BRIDGE, this won't work. > > I tried adding a dummy (empty) afinfo structure and registering it in > ebtables_init(), but that does not look like a clean solution ... > > What would be the best way (in order to be proposed mainstream) to do > that ? The afinfo structure seems to be called to save the route (and > then restored when re-injecting), I'm not sure yet if this is necessary > for AF_BRIDGE packets. No, I don't think so either. I'd simply make the afinfo handling in nf_queue.c optional, we can't get packets for non-existant address families anyways. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
