On Fri, Jan 16, 2009 at 12:04 AM, Patrick McHardy <kaber@xxxxxxxxx> wrote: >>> Are there perhaps other targets besides MARK whose table restriction >>> should be relaxed? >> >> Could TOS/DSCP just call ip_route_me_harder() directly when necessary >> instead of relying on the mangle hook to do so? This would allow it >> to be used everywhere. > > That doesn't seem like a good idea. Rerouting should be an optional > feature, available in the (misnamed) mangle table. There might be > completely different reasons for changing DSCP. So making them available > in other tables yes, making them responsible for rerouting no. True, however, I was mainly thinking about the confusion that might result if it becomes available in all tables. For instance, someone who relies on reroute after DSCP change (which is implicit on output) accidentally omits the table specifier, causing the rule to default to filter. Or if mangle can be made entirely superfluous by unrestricting all other targets, is there any sense in keeping it around for a single target? Maybe adding a new revision that allows for explicit rerouting after the target action (such as --set-dscp-and-reroute) might address this? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
