Tue, Nov 05, 2013 at 07:19:24PM CET, kaber@xxxxxxxxx wrote: >On Tue, Nov 05, 2013 at 04:39:21PM +0100, Florian Westphal wrote: >> Jiri Pirko <jiri@xxxxxxxxxxx> wrote: >> > Tue, Nov 05, 2013 at 02:41:19PM CET, kaber@xxxxxxxxx wrote: >> > >executing the rules on the reassembled packet multiple times, one >> > >for each fragment. >> > >> [..] >> > End even though, the matching is now done for each fragment skb anyway. The >> > change is only to do it on different skb. I see no erformance or any >> > other problem in that. >> >> One problem that comes to mind is that nfacct or quota match will >> now account num_of_fragments * length_of_reassemled_skb bytes. > >indeed. The easiest way to fix all this (and, btw, also the >pskb_expand_head() oops which is currently reported by multiple people) >is to get rid of all the fragmentation handling and simply use the >reassembled skb. Okay. That will resolve the skb->sk rewrite problem as well. I will prepare a patch. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
