On Nov 15 2007 01:20, Milan Krčmář wrote: >> >> You could (ab)use CONNMARK, or modify the MARK code so that it allows >> it to set the mark from elsewhere. > >I can not (ab)use the CONNMARK, it would cause race conditions at least >at SMP, when two packets of a single connection arrive at the same time. Use -m conntrack --ctstate NEW. >(1) to check for the change (and reroute) at the end of _each_ table > traversal, Yes, I have been in numerous situations where I would have liked to have another routing stage after FORWARD. >Any suggestions? Post patches. When no response, post harder :) - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
