On Wed, Mar 16, 2011 at 06:40:33AM +0100, Patrick McHardy wrote:
> Am 16.03.2011 01:43, schrieb Jan Engelhardt:
> > On Wednesday 2011-03-16 01:33, Thomas Graf wrote:
> >
> >> Even though ebtables uses xtables it still requires targets to
> >> return EBT_CONTINUE instead of XT_CONTINUE. This prevented
> >> xt_AUDIT to work as ebt module.
> >
> > Something that just came to mind is that you could probably do
> > to keep the code at a minimum:
> >
> >
> > static unsigned int ebt_audit(struct xt_target_param *par)
> > {
> > unsigned int ret = xt_audit_tg(par);
> >
> > if (ret == XT_CONTINUE)
> > return EBT_CONTINUE;
> > ...
> > }
That's a good idea, thanks Jan!
> Seems like a good idea to me. If more modules need this (f.i.
> MARK) we could also consider doing the mapping based on a target
> flag in ebtables itself.
>
> However please see Dave's mail about net-next, until the merge
> window is over and -rc1 released only bugfixes will be accepted.
I was considering this a bugfix because the module as-is can be
loaded with ebtables, will create audit records but won't allow
for the next rule to drop/reject the packet.
Would you consider Jan's approach a bugfix or should I wait?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
