Re: [PATCH] Remove broken netfilter binary sysctls from bridgingcode

From: Patrick McHardy
Date: Tue Sep 25 2007 - 10:36:44 EST

Eric W. Biederman wrote:
> Patrick McHardy <kaber@xxxxxxxxx> writes:
>>I seem to be missing something, the entire brnf_sysctl_call_tables
>>thing looks purely cosmetic to me, wouldn't it be better to simply
>>remove it?
> Well it is cosmetic in a user space visible way. Which means I don't
> have a clue which if any user space programs or scripts care if we change
> the behavior.
> I just looked in the git history and brnf_sysctl_call_tables has been
> that way since sysctl support was added to the bridge netfilter code.
> The only comment I can found about the addition is:
> 2003/12/24 19:32:34-08:00 bdschuym
> [BRIDGE]: Add 4 sysctl entries for bridge netfilter behavioral control:
> bridge-nf-call-arptables - pass or don't pass bridged ARP traffic to
> arptables' FORWARD chain.
> bridge-nf-call-iptables - pass or don't pass bridged IPv4 traffic to
> iptables' chains.
> bridge-nf-filter-vlan-tagged - pass or don't pass bridged vlan-tagged
> ARP/IP traffic to arptables/iptables.
> So since forcing the values to 0 or 1 doesn't seem hard to maintain
> I am uncomfortable with removing that check.

OK lets keep it then. Fixing the race seems overkill to me though.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at