[Bridge] ebtables PREROUTING -drop
Jan Engelhardt
jengelh at medozas.de
Wed Aug 4 07:32:20 PDT 2010
On Wednesday 2010-08-04 16:25, Alex Bligh wrote:
>
>>>> Did you read http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html and
>>>> http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png ?
>>>
>>> A useful improvement to those would be documenting where libpcap
>>> (which does both input and, less well known, output) samples/injects
>>> packets. I /think/ sampling is right on the left and injection right
>>> on the right.
>>
>> pcap grabbing and injection is completely outside any of the graphs
>> currently floating around.
>
> If by 'outside' you mean 'to the extreme left or extreme right'
> that was my conclusion. But the absence of any documentation means
> this makes debugging with tcpdump (for instance) harder
> because you don't know where you are sampling.
Well perhaps not extreme. If you inject into a tunnel, it may well
walk through Xtables after all - but then of course, only in its
encapsulated form.
> I'm not 100% sure it is completely outside though. For instance,
> if you do tcdump on a bridge device (as opposed to the corresponding
> physical participant interface), isn't that after ingress ebtales
> processing, but before egress? IE is in the graph somewhere.
Huh, all once investigated already. See
http://jengelh.medozas.de/images/nf-packet-flow.png for where
in/egress happen to be. :)
More information about the Bridge
mailing list