Jan Engelhardt wrote:
> On Monday 2010-04-19 14:20, Patrick McHardy wrote:
>>> +static bool
>>> +tee_tg_route4(struct sk_buff *skb, const struct xt_tee_tginfo *info)
>>> +{
>>> + const struct iphdr *iph = ip_hdr(skb);
>>> + struct net *net = pick_net(skb);
>>> + struct rtable *rt;
>>> + struct flowi fl;
>>> +
>>> + memset(&fl, 0, sizeof(fl));
>>> + if (!tee_tg_route_oif(&fl, net, info))
>>> + return false;
>> Redoing the interface lookup once per packet is really highly
>> suboptimal. I'll change that to do the lookup once per new
>> rule or simply in userspace.
>
> I thought about that too. But if you grab a reference to the dev on
> rule insertion, the rule would stop working when you down and up an
> interface, which does not match the regular iptables behavior (-i and
> -o options) at all.
Not down and up, unregister and register. But we don't need a
reference, just the ifindex. That can be updated on netdev events.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
