Phil Oester <kernel@xxxxxxxxxxxx> wrote: > On Fri, Aug 30, 2013 at 02:43:42PM +0200, valentina.giusti@xxxxxxxxxxxx wrote: > > I'm working on getting the owner extension also on the INPUT chain. > > > > In the meanwhile, could anybody please give feedback and tell me if this is the > > right direction? > > What about the (common) case of no local socket? I think that's why the owner > match was restricted to output|postrouting in the first place, no? No, it was restricted because skb->sk is only set for locally generated outgoing packets. As Valentina explained, with tcp early demux skb->sk will already be set for incoming tcp packets when the packet traverses the INPUT chain. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
