On Fri, 2012-12-21 at 15:35 +0100, Jan Engelhardt wrote: > > The bigger problem here, if I see __netif_receive_skb right, is that > when ingress rules run, skb->nfct is still unset, thereby the > CONNMARK action is a no-op. Right, ingress is performed before IP/netfilter stack. This reminds me this might be the reason we have skb_reset_transport_header(skb); in __netif_receive_skb(), while its not very logical. (Yes, sorry for being off topic, but I am referring to http://www.spinics.net/lists/netdev/msg214662.html ) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
