>>> >>> On Mon, 20 Aug 2012, Jesper Dangaard Brouer wrote: >>> >>>> Based on patch from: Hans Schillstrom >>>> >>>> IPv6 headers must be processed in order of appearance, >>>> neither can it be assumed that Upper layer headers is first. >>>> If anything else than L4 is the first header IPVS will throw it. >>>> >>>> IPVS will write SNAT & DNAT modifications at a fixed pos which >>>> will corrupt the message. Proper header position must be found >>>> before writing modifying packet. >>>> >>>> This patch contains a lot of API changes. This is done, to avoid >>>> the costly scan of finding the IPv6 headers, via ipv6_find_hdr(). >>>> Finding the IPv6 headers is done as early as possible, and passed >>>> on as a pointer "struct ip_vs_iphdr *" to the affected functions. >>> >>> How about we change netfilter to set up the skb's transport header >>> at an early time so we can avoid all (most of) these header scans >>> in netfilter? >> >> I think that would be great, maybe it should be global i.e. not only a netfilter issue. > >I think in most other cases the headers are supposed to be processed >sequentially. One problem though - to be useful for netfilter/IPVS >we'd also need to store the transport layer protocol somewhere. I guess that's the problem, adding it to the skb will not be popular .... Right now I don't have a good solution, maybe a more generic netfilter ptr in the skb ... -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
