br_nf_forward_ip() {
parent = bridge_parent(out);
NF_HOOK(pf, NF_INET_FORWARD, skb, brnf_get_logical_dev(skb, in), parent,
br_nf_forward_finish);
}
here, let us suppose pf = NFPROTO_IPV4, i think the return value of
brnf_get_logical_dev(skb, in) equals parent ?
its comment 'This is the 'purely bridged' case. For IP, we pass the
packet to
* netfilter with indev and outdev set to the bridge device'
so when calls hooks at ipv4 level like iptable_filter_hook,iptable_mangle_hook,
we can not distinct in and out devices?
in other word, we can not use in/out dev with ebtables's ip extension.
thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.linuxfoundation.org/pipermail/virtualization/attachments/20140410/4ae96cac/attachment.html>
