On Tue, Nov 05, 2013 at 04:39:21PM +0100, Florian Westphal wrote: > Jiri Pirko <jiri@xxxxxxxxxxx> wrote: > > Tue, Nov 05, 2013 at 02:41:19PM CET, kaber@xxxxxxxxx wrote: > > >executing the rules on the reassembled packet multiple times, one > > >for each fragment. > > > [..] > > End even though, the matching is now done for each fragment skb anyway. The > > change is only to do it on different skb. I see no erformance or any > > other problem in that. > > One problem that comes to mind is that nfacct or quota match will > now account num_of_fragments * length_of_reassemled_skb bytes. indeed. The easiest way to fix all this (and, btw, also the pskb_expand_head() oops which is currently reported by multiple people) is to get rid of all the fragmentation handling and simply use the reassembled skb. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
