On Wednesday 2009-02-25 11:19, Patrick McHardy wrote:
>
>Thanks. About dst_output and reentrancy - using IPSKB_REROUTED to
>skip the netfilter hooks should work I guess.
IPv6 is missing IPSKB_REROUTED entirely.
>> +static bool
>> +tee_tg_route4(struct sk_buff *skb, const struct xt_tee_tginfo *info)
>> +{
>> + int err;
>> + struct rtable *rt;
>> + struct flowi fl;
>> +
>> + memset(&fl, 0, sizeof(fl));
>> + fl.nl_u.ip4_u.daddr = info->gw.ip;
>> + fl.nl_u.ip4_u.scope = RT_SCOPE_UNIVERSE;
>
>An index is probably useful when you want to mirror packets
>somewhere outside of regular routing.
ifindex?
>> +static void __exit tee_tg_exit(void)
>> +{
>> + xt_unregister_targets(tee_tg_reg, ARRAY_SIZE(tee_tg_reg));
>> + /* [SC]: shoud not we cleanup tee_track here? */
>> +}
>>
>
>This is not safe without waiting for the tee ct references. Using
>the untracked conntrack would be nicer anyways, but would need a
>different loop detection mechanism.
>
Patches please :)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
