I'm not sure about the current state. But there used to be code that would cause a mangle tables tos change to trigger a reroute. I'm guessing this wouldn't work if tos was changed from another table. On Tue, Dec 18, 2012 at 3:07 PM, Jan Engelhardt <jengelh@xxxxxxx> wrote: > I cannot think of a reason to limit the use of these modules to the > "mangle" table or their hooks. TOS/DSCP is not only used to influence > a routing decision, for example. > > Signed-off-by: Jan Engelhardt <jengelh@xxxxxxx> > --- > > Are there any pitfalls I am not aware of? > Could conntrack be upset if TCPOPTSTRIP/CHECKSUM can execute > at different places? > > > net/ipv4/netfilter/ipt_ECN.c | 1 - > net/netfilter/xt_CHECKSUM.c | 1 - > net/netfilter/xt_CLASSIFY.c | 3 --- > net/netfilter/xt_DSCP.c | 4 ---- > net/netfilter/xt_HL.c | 2 -- > net/netfilter/xt_TCPOPTSTRIP.c | 2 -- > 6 files changed, 13 deletions(-) > > diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c > index 4bf3dc4..5508113 100644 > --- a/net/ipv4/netfilter/ipt_ECN.c > +++ b/net/ipv4/netfilter/ipt_ECN.c > @@ -119,7 +119,6 @@ static struct xt_target ecn_tg_reg __read_mostly = { > .family = NFPROTO_IPV4, > .target = ecn_tg, > .targetsize = sizeof(struct ipt_ECN_info), > - .table = "mangle", > .checkentry = ecn_tg_check, > .me = THIS_MODULE, > }; > diff --git a/net/netfilter/xt_CHECKSUM.c b/net/netfilter/xt_CHECKSUM.c > index 0f642ef..153d5c3 100644 > --- a/net/netfilter/xt_CHECKSUM.c > +++ b/net/netfilter/xt_CHECKSUM.c > @@ -51,7 +51,6 @@ static struct xt_target checksum_tg_reg __read_mostly = { > .family = NFPROTO_UNSPEC, > .target = checksum_tg, > .targetsize = sizeof(struct xt_CHECKSUM_info), > - .table = "mangle", > .checkentry = checksum_tg_check, > .me = THIS_MODULE, > }; > diff --git a/net/netfilter/xt_CLASSIFY.c b/net/netfilter/xt_CLASSIFY.c > index af9c4da..c988093 100644 > --- a/net/netfilter/xt_CLASSIFY.c > +++ b/net/netfilter/xt_CLASSIFY.c > @@ -42,8 +42,6 @@ static struct xt_target classify_tg_reg[] __read_mostly = { > .name = "CLASSIFY", > .revision = 0, > .family = NFPROTO_UNSPEC, > - .hooks = (1 << NF_INET_LOCAL_OUT) | (1 << NF_INET_FORWARD) | > - (1 << NF_INET_POST_ROUTING), > .target = classify_tg, > .targetsize = sizeof(struct xt_classify_target_info), > .me = THIS_MODULE, > @@ -52,7 +50,6 @@ static struct xt_target classify_tg_reg[] __read_mostly = { > .name = "CLASSIFY", > .revision = 0, > .family = NFPROTO_ARP, > - .hooks = (1 << NF_ARP_OUT) | (1 << NF_ARP_FORWARD), > .target = classify_tg, > .targetsize = sizeof(struct xt_classify_target_info), > .me = THIS_MODULE, > diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c > index ae82716..0a9ff64 100644 > --- a/net/netfilter/xt_DSCP.c > +++ b/net/netfilter/xt_DSCP.c > @@ -118,7 +118,6 @@ static struct xt_target dscp_tg_reg[] __read_mostly = { > .checkentry = dscp_tg_check, > .target = dscp_tg, > .targetsize = sizeof(struct xt_DSCP_info), > - .table = "mangle", > .me = THIS_MODULE, > }, > { > @@ -127,14 +126,12 @@ static struct xt_target dscp_tg_reg[] __read_mostly = { > .checkentry = dscp_tg_check, > .target = dscp_tg6, > .targetsize = sizeof(struct xt_DSCP_info), > - .table = "mangle", > .me = THIS_MODULE, > }, > { > .name = "TOS", > .revision = 1, > .family = NFPROTO_IPV4, > - .table = "mangle", > .target = tos_tg, > .targetsize = sizeof(struct xt_tos_target_info), > .me = THIS_MODULE, > @@ -143,7 +140,6 @@ static struct xt_target dscp_tg_reg[] __read_mostly = { > .name = "TOS", > .revision = 1, > .family = NFPROTO_IPV6, > - .table = "mangle", > .target = tos_tg6, > .targetsize = sizeof(struct xt_tos_target_info), > .me = THIS_MODULE, > diff --git a/net/netfilter/xt_HL.c b/net/netfilter/xt_HL.c > index 1535e87..4da5db3 100644 > --- a/net/netfilter/xt_HL.c > +++ b/net/netfilter/xt_HL.c > @@ -137,7 +137,6 @@ static struct xt_target hl_tg_reg[] __read_mostly = { > .family = NFPROTO_IPV4, > .target = ttl_tg, > .targetsize = sizeof(struct ipt_TTL_info), > - .table = "mangle", > .checkentry = ttl_tg_check, > .me = THIS_MODULE, > }, > @@ -147,7 +146,6 @@ static struct xt_target hl_tg_reg[] __read_mostly = { > .family = NFPROTO_IPV6, > .target = hl_tg6, > .targetsize = sizeof(struct ip6t_HL_info), > - .table = "mangle", > .checkentry = hl_tg6_check, > .me = THIS_MODULE, > }, > diff --git a/net/netfilter/xt_TCPOPTSTRIP.c b/net/netfilter/xt_TCPOPTSTRIP.c > index 25fd1c4..b42c02e 100644 > --- a/net/netfilter/xt_TCPOPTSTRIP.c > +++ b/net/netfilter/xt_TCPOPTSTRIP.c > @@ -103,7 +103,6 @@ static struct xt_target tcpoptstrip_tg_reg[] __read_mostly = { > { > .name = "TCPOPTSTRIP", > .family = NFPROTO_IPV4, > - .table = "mangle", > .proto = IPPROTO_TCP, > .target = tcpoptstrip_tg4, > .targetsize = sizeof(struct xt_tcpoptstrip_target_info), > @@ -113,7 +112,6 @@ static struct xt_target tcpoptstrip_tg_reg[] __read_mostly = { > { > .name = "TCPOPTSTRIP", > .family = NFPROTO_IPV6, > - .table = "mangle", > .proto = IPPROTO_TCP, > .target = tcpoptstrip_tg6, > .targetsize = sizeof(struct xt_tcpoptstrip_target_info), > -- > 1.7.10.4 > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html