On Fri, Jul 27, 2018 at 04:25:21PM +0200, Máté Eckl wrote: > On Fri, Jul 13, 2018 at 02:43:46PM +0200, Máté Eckl wrote: > > On Fri, Jul 13, 2018 at 02:38:19PM +0200, Florian Westphal wrote: > > > Máté Eckl <ecklm94@xxxxxxxxx> wrote: > > > > But that means that this solution cannot support bridge family at all. Or BRNF > > > > stands for something that can be interpreted as filter? > > > > > > Currently bridge family has no special hooks, they are all 'filter'. > > > So it would be fine to only support numbers in my opinion. > > > > > > We can revisit it later if needed. > > > > I looked it up in iptables and it uses NF_BR_PRI_FILTER_BRIDGED for filter > > tables so it would be inapproppriate to translate 0 to filter here. > > > > So yes, maybe we should leave bridge family alone. > > What is your opinion about this Pablo? Is it okay to omit bridge tables out of > this for now? I think outcome from this discussion is to display bridge priorities using numbers we use in the kernel, right? ie. do not translate to 0. > To implement this for them I think we should expose NF_BR_PRI_* values to the > uapi or something like that. Right, this would need to be exposed through uapi at some point. You can meanwhile keep an internal copy in nftables, I mean, you don't need to wait until this is patch gets into the kernel. So we speed up things a bit. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
