On Monday 2010-04-19 14:20, Patrick McHardy wrote:
>> +static bool
>> +tee_tg_route4(struct sk_buff *skb, const struct xt_tee_tginfo *info)
>> +{
>> + const struct iphdr *iph = ip_hdr(skb);
>> + struct net *net = pick_net(skb);
>> + struct rtable *rt;
>> + struct flowi fl;
>> +
>> + memset(&fl, 0, sizeof(fl));
>> + if (!tee_tg_route_oif(&fl, net, info))
>> + return false;
>
>Redoing the interface lookup once per packet is really highly
>suboptimal. I'll change that to do the lookup once per new
>rule or simply in userspace.
I thought about that too. But if you grab a reference to the dev on
rule insertion, the rule would stop working when you down and up an
interface, which does not match the regular iptables behavior (-i and
-o options) at all.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
