[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-bridge
Subject:    Re: [Bridge] ebtables PREROUTING -drop
From:       ratheesh k <ratheesh.ksz () gmail ! com>
Date:       2010-08-05 11:51:48
Message-ID: AANLkTi=zqyJu_TAAvK9WzGB=rLHr3B+BPWXBccwDri9e () mail ! gmail ! com
[Download RAW message or body]

On Thu, Aug 5, 2010 at 4:41 PM, Jan Engelhardt <jengelh@medozas.de> wrote:
> deep down below in source code, DROP just does that - drop.

1.  In ebtables Broute, if packet  gets  dropped , how it goes to ip
layer for further processing ?
2.  ip_route_input will be called on all frames hitting prerouting nat
table of ebtables . How it can decide where to route once it is past
prerouing hook (packet which are dropped on nat prerotuing of ebtables
) ?  /* i could be totally wrong here */


-Ratheesh


> On Thursday 2010-08-05 12:42, ratheesh k wrote:
>>>>
>>>>What will happen,  if we drop a packet at PREROUTING chain  of ebtables ?
>>>
>>> Depends on the table you are referring to.
>>
>>What is the difference between  droppin a Pkt in Brouting chain of
>>Broute table and  Drop a Pkt in  nat prerouing chain of ebtables . Or
>>are they having same effect ? .
>
> Generally, nat and broute are intended to be a configuration databases
> only, where special semantics to standard verdicts can apply, as it does
> for broute. To avoid confusion, the use of DROP in nat is not
> advised, and iptables checks for such attempts. Ebtables doesn't, but
> then again, it's the 4th-order-stepson of iptables only...
> deep down below in source code, DROP just does that - drop.
>
_______________________________________________
Bridge mailing list
Bridge@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/bridge

[prev in list] [next in list] [prev in thread] [next in thread]