Jan Engelhardt schreef:
On Thursday 2010-07-15 16:02, Aijaz Baig wrote:
unfamiliar with it, here are the links to the same:
http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html for the document
and http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png for the
picture.
Use http://jengelh.medozas.de/images/nf-packet-flow.png
Im trying to understand what happens to a packet which is DROPped in the
BROUTING chain of the broute table. If I have understood correctly from
the document above, it goes to L3 where the routing subsystem can decide
where to send the packet to depending on L3 information in it isn't it?
In net/core/dev.c, the packet is passed to all "taps". Taps include
raw sockets (think tcpdump), but also bridge and the IPvX layers
themselves. Each of them basically gets a copy, thus it is important to
not have an address on the ethernet interface (so that the IPvX tap
ignores it). Only the bridge interface should have an address, because
the bridge code will pass it to IPvX on its own.
When using a brouter, you actually assign IP addresses to the bridge
ports (different subnets) instead of the virtual bridge interface
itself. IP traffic is then DROPped in the BROUTE chain, so it's not
bridged. See http://ebtables.sourceforge.net/examples/real.html#example1
for an example usage.
cheers,
Bart
--
Bart De Schuymer
www.artinalgorithms.be
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
