Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > index 43ac0909195f..91f7b9e1c472 100644 > > --- a/tests/py/inet/icmpX.t > > +++ b/tests/py/inet/icmpX.t > > @@ -3,8 +3,8 @@ > > *inet;test-inet;input > > > > ip protocol icmp icmp type echo-request;ok;icmp type echo-request > > -icmp type echo-request;ok > > +icmp type echo-request;ok;meta nfproto ipv4 icmp type echo-request > > I read a couple of times your description above and I must be > overlooking anything. > > To me, "icmp type echo-request" in bridge/inet/netdev should result in > two implicit dependencies, so this ends up looking like this: > > 1) check for IPv4, then... > 2) check for ICMP in iph->protocol, then... > 3) check for ICMP type. > > This would be the default reasonable behaviour. > > Then, we have to deal with specific corner cases, where we should > cancel dependencies. > > Am I missing anything? Sorry, I overlooked this on my first reply. Your assesment is correct, that is indeed the default reasonable behaviour, but, when removing, we have limited information on the rule at the moment. So this is really: 1) check for IPv4, then... 2) check for some l4 protocol ... from a dependency removal perspective. and 2) doesn't provide enough information to decide if the dependency is needed or not. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
