On Mon, Jul 20, 2015 at 06:18:55PM +0200, Daniel Borkmann wrote:
[...]
> The current approach implemented here that I found so far most appealing
> and having the least complexity, was to just have a /single/ template and to
> overwrite the zone->id with skb->mark on the ptr we have sitting on the stack.
> It avoids all the issues mentioned. But perhaps you mean something entirely
> different and I just seem to misinterpret your answer, hmm.
You mean something that from command line would look like:
iptables -A PREROUTING -t raw -j CT --zone mark
So we set the zone ID in the CT target based on the existing mark,
right?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
