On Monday 2012-12-17 13:58, Jamal Hadi Salim wrote: > On 12-12-16 04:21 PM, Jan Engelhardt wrote: > >> If you have a preexisting clone of any linux tree, you can utilize >> `git remote add ...` to only grab the deltas. > >It downloaded eventually. So looking at this quickly, basic >question: is xtables2 different API wise from what we do today in >act_ipt? AFAICS, (one instance of) act_ipt today directly invokes (exactly one instance of) a target. With act_xt2 as drafted, it instead invokes a chain, which would 1. leave the construction of the target data and calling it to the subsystems they conceptually belong to - the packet filter 2. lets you do matches, jumps and all that. >Second: Are chain names unique system wide? Good thing you ask. Chain names are unique within a netns, and this act_xtables.c draft looks at the packet to get to know its netns, so that seems fine. However, your question also leads to looking at whether TC Actions themselves are sufficiently netns-ified, and it seems this is _not_ the case. Am I right in the observation that variables like "tcf_ipt_ht" are in fact global rather tha per-netns? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
