Re: [RFC PATCH] convert ebt_ulog to nfnetlink_log

Sun, 07 Aug 2005 14:33:54 -0700 

On Sun, Aug 07, 2005 at 09:27:56PM +0000, Bart De Schuymer wrote:
> > I really hate to have those CONFIG_BRIDGE_NETFILTER ifdef's all over the
> > code - but for now we have them almost everywhere, so two more doesn't
> > hurt.  At some point we need to get rid of this ugliness and have something
> > like an 'input device stack' that can be traversed.
> 
> I'm not sure if I understand that, how could this be used to know if
> BRIDGE_NETFILTER was configured?

not at all.  It was just my extremely vague idea about something more
generic, like a stack of input devices.  Those ifdefs would basically
disappear, and the history of input devices (let's say the individual
decapsulation layers for tunneling, ...) would be visible via some
common structure that could also be used by bridging.  You can ignore
that comment/rant, it has no practical relevance in the current
discussion ;)

> > +#ifdef CONFIG_BRIDGE_NETFILTER
> > +           if (indev->br_port) {
> > +                   tmp_uint = htonl(indev->br_port->br->dev->ifindex);
> > +                   NFA_PUT(inst->skb, NFULA_IFINDEX_PHYSINDEV,
> > +                           sizeof(tmp_uint), &tmp_uint);
> > +           }
> 
> indev->br_port->br->dev->ifindex points to the ifindex of the bridge br0
> when indev is a bridge port (eth0). So you need this to fill in the
> input device (assuming we agree that the bridge is called the input
> device, and the bridge port is called the physical input device).
> Filling in the physical input device is done with indev (in case
> indev->br_port is not NULL).

I'm not sure if I can follow you.  What basically happens is:

ebt_ulog calls nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, ...) where
"in" and "out" are struct net_device as passed to the ebt_ulog function
(which is part of the ebt_watcher).  

[...]

the code ends up at the function you are quoting above.  "indev"
is "in" and "outdev" is "out", transparently passed from
nf_log_packet().

So I think it should reflect exactly what you currently do in ebt_ulog.
The only diference is that you now get the ifindex and not the device
name string.

Cheers,
        Harald
-- 
- Harald Welte <[EMAIL PROTECTED]>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

Attachment: pgp23RPp0XkH4.pgp
Description: PGP signature

Reply via email to