> -----Original Message----- > From: Florian Westphal <fw@xxxxxxxxx> > Sent: Wednesday, 22 February 2023 12:49 > To: Florian Westphal <fw@xxxxxxxxx> > Cc: Sriram Yagnaraman <sriram.yagnaraman@xxxxxxxx>; netfilter- > devel@xxxxxxxxxxxxxxx; Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> > Subject: Re: [RFC nf-next PATCH] netfilter: nft: introduce broute chain type > > Florian Westphal <fw@xxxxxxxxx> wrote: > > The br_netfilter_broute flag is required, but I don't like a new chain > > type for this, nor keeping the drop/accept override. > > > > I'd add a new "broute" expression that sets the flag in the skb cb and > > sets NF_ACCEPT, useable in bridge family -- I think that this would be > > much more readable. > > Or, even simpler, extend nft_meta_bridge.c and extend nft userspace to > support: > > nft ... meta broute set 1 accept > > We also support nftrace this way, so there is precedence for it. Nice, thank you, I can implement it via a meta expression then. Will come back with v2 patch soon.
