On Wednesday 2010-03-17 14:55, Patrick McHardy wrote:
>>>> + if (dst->hh != NULL) {
>>>> + neigh_hh_output(dst->hh, skb);
>>>> + } else if (dst->neighbour != NULL) {
>>>> + dst->neighbour->output(skb);
>>>> + } else {
>>>> + if (net_ratelimit())
>>>> + pr_debug(KBUILD_MODNAME
>>>> + "no hdr & no neighbour cache!\n");
>>>> + kfree_skb(skb);
>>>> + }
>>>> +}
>>> Remind me again why we need this duplicated output function?
>
>You can use dst_output() and set IPSKB_REROUTED to skip the hook
>invocation. This will potentially perform fragmentation however.
We don't have IPSKB_REROUTED for IPv6 currently.
While I was pondering adding that, I noticed another upside-down
world:
- iptables POSTROUTING is invoked before outgoing fragmentation
(verified using ping -s 65000 localhost, and watching with both
ipt_LOG and tcpdump.)
- ip6tables POSTROUTING is invoked after outgoing fragmentation
Also, if I am reading right, POSTROUTING is invoked twice for v6
multicast.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
