Krishna Kumar2 <krkumar2@xxxxxxxxxx> wrote: > Florian Westphal <fw@xxxxxxxxx> wrote on 05/07/2012 01:40:29 PM: > > I think that exposing this feature as userspace-changeable via netlink > > (eg. by adding "NFQA_CFG_FAILOPEN" attribute) rather than via ruleset > > would make most sense, as only the application can know wheter it > > can cope with missing packets. > > Thanks for your review. With this change, is there any reason to > modify xt_NFQ_info_v2's bypass field, since app can specify this > option directly? I tested without this for now and it works. I don't think so. If the netlink attribute works for you we should leave xt_NFQUEUE as-is. Regards, Florian -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
