Bart De Schuymer <bdschuym@xxxxxxxxxx> wrote: > > +static int brnf_pass_vlan_indev __read_mostly = 0; > > static int brnf_filter_pppoe_tagged __read_mostly = 0; > > #else > > #define brnf_call_iptables 1 > > @@ -503,6 +504,19 @@ bridged_dnat: > > return 0; > > } > > You should also provide a macro in case the proc file system isn't > enabled: currently it won't compile with your patch. You're right, of course. Thanks for spotting this, I'll fix it. > > struct nf_bridge_info *nf_bridge = skb->nf_bridge; > > - struct net_device *realoutdev = bridge_parent(skb->dev); > > + struct net_device *realoutdev = brnf_get_logical_dev(skb, out); > I think it's best to keep the bridge_parent as output device in the > FOWARD and POSTROUTING chain: only change the input device. Do you have > a reason for changing the output device? Consistency. (locally generated packet is '-o br0.X, forwarded br0). OTOH, we could call it a feature ;-) I have no special requirements for the outdev; we can keep it as-is. Regards, Florian -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
