Jan Engelhardt wrote: > xt_TEE can be used to clone and reroute a packet. This can for > example be used to copy traffic at a router for logging purposes > to another dedicated machine. > > References: http://www.gossamer-threads.com/lists/iptables/devel/68781 Applied, thanks Jan. > +static bool tee_tg_route_oif(struct flowi *f, struct net *net, > + const struct xt_tee_tginfo *info) > +{ > + const struct net_device *dev; > + > + if (*info->oif != '\0') > + return true; > + dev = dev_get_by_name(net, info->oif); > + if (dev == NULL) > + return false; > + f->oif = dev->ifindex; > + return true; > +} > + > +static bool > +tee_tg_route4(struct sk_buff *skb, const struct xt_tee_tginfo *info) > +{ > + const struct iphdr *iph = ip_hdr(skb); > + struct net *net = pick_net(skb); > + struct rtable *rt; > + struct flowi fl; > + > + memset(&fl, 0, sizeof(fl)); > + if (!tee_tg_route_oif(&fl, net, info)) > + return false; Redoing the interface lookup once per packet is really highly suboptimal. I'll change that to do the lookup once per new rule or simply in userspace. Please also send the userspace patch you're using so I can do some testing. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
