From: Lorenzo Colitti <lorenzo@xxxxxxxxxx> Date: Wed, 2 Nov 2016 00:25:15 +0900 > That way, if you want to modify the packet or do something > sophisticated in netfilter, you can still use the eBPF hook on the > results of that operation, and if you don't want to run netfilter, you > can write netfilter rules to skip the packet (and maybe still fix it > up later, perhaps in another netfilter chain). The downside is that we classify the packet twice. This transactional cost adds up rather quickly. -- To unsubscribe from this list: send the line "unsubscribe cgroups" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
