On Thu, Apr 23, 2009 at 01:46:10PM +0200, Patrick McHardy wrote: > Jarek Poplawski wrote: >> On Thu, Apr 23, 2009 at 01:22:19PM +0200, Patrick McHardy wrote: >> ... >>> Currently not, the conntrack association is done at a later point. >>> We could add a classifier or TC action that performs the lookup >>> during ingress classification. >> >> BTW, some time ago I started to wonder how safe are those various >> ingress activities wrt. invalid packets, dropped later in ip_rcv(). > > Leaving aside the ipt action, I'm not aware of any problems caused > by ingress classification. Could you be more specific? There is nothing specific yet. I hope these other classifiers and actions aren't mislead too much to go astray. Jarek P. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
