On 26.08.2011 11:21, Florian Westphal wrote: > This tries to mimic behaviour of fib_validate_source. > > main drawback: > - additional fib lookup to get oif (used as flow key in reverse lookup) As discussed during the workshop, we could just perform input routing in the module to get the oif for free. That would require to take care of statistics as currently done in ip_rcv_finish() though. > - no result caching so far > > Other issues: > - can't use FORWARD chain because by the time FORWARD is invoked > ipv4 forward path may have already sent icmp messages is response > to to-be-discarded-via-rpfilter packets > - using it in PREROUTING may do the wrong thing (e.g. when using > policy routing via mangle PREROUTING) Not if you're setting up policy routing keys (marks) before doing rp_filter, right? Would require using it in the mangle table of course. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
