Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > I agree that the current situation is inconsistent. We have no way to > know if the kernel validated the checksum or not from user-space, and > I think this needs a fix. Good :-) > We can add a new NFQA_CFG_F_CSUM flag so user-space explicitly ask for > assistance regarding checksumming from the kernel. If user-space tries > to set that flag and the kernel does not support it, it will hit > -EOPNOTSUPP. Thus, we can skip the feature retrieval thing. Yes, but this looks like abuse of the flag semantics to me. Unless you mean that setting this feat flag should prompt the kernel to explicitly call a valiation function in case skb_csum_unnecessary() returns false? I think that this is overkill, and, it might not work in all cases (e.g. if the layer4 protocol is unknown to us). -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
