Jan Engelhardt wrote:
On Wednesday 2009-02-25 11:29, Patrick McHardy wrote:
An index is probably useful when you want to mirror packets
somewhere outside of regular routing.
ifindex?
Yes.
Hm. I previously had removed fl.nl_u.ip4_u.tos = RT_TOS(iph->tos)
since I reasoned:
The cloned packet would theoretically go through the OUTPUT
chain (if we did not skip Xtables to guard against
reentracy), even if the original packet went through FORWARD
instead. As such, it is not a true clone, and does not need
to be treated as such.
Not sure what a true clone is ...
Adding ifindex to the routing key also makes me wonder whether the
mark should be used too, noting however, that it may lead to a trap
(order of MARK vs TEE in a ruleset) - or some kinky feature:
-t mangle -A PREROUTING -j TEE --gw 192.168.1.15
-t mangle -A PREROUTING -j MARK --set-mark 1
-t mangle -A PREROUTING -j TEE --gw 192.168.1.15
I pretty much have no opinion on this.
I think it would make sense to simply allow setting all routing
keys.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
