Jarek Poplawski wrote:
On Thu, Apr 23, 2009 at 01:22:19PM +0200, Patrick McHardy wrote:
...
Currently not, the conntrack association is done at a later point.
We could add a classifier or TC action that performs the lookup
during ingress classification.
BTW, some time ago I started to wonder how safe are those various
ingress activities wrt. invalid packets, dropped later in ip_rcv().
Leaving aside the ipt action, I'm not aware of any problems caused
by ingress classification. Could you be more specific?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
