On 25.11, Florian Westphal wrote: > Patrick McHardy <kaber@xxxxxxxxx> wrote: > > > Actually thinking more about this, we might want to send a new "packet" > > message whenever we enter nft_do_chain(). At that point the packet has been > > processed by other parts of the network stack since the last "packet" > > message and it might be helpful to know in which ways it has changed. > > True, good point. In that case I would propose to get rid of "packet" > message type completely. > > Instead we'd include all the info that we currently have in "packet" > (i.e. vlanid, headers) on the first message type fired on each nft_do_chain() > invocation. One more comment since I'm just in the VLAN area: I think we need to include the full vlan_tci and vlan_proto. Basically we want to be able to display a dummy VLAN header I'd say instead of treating it like something special. Even nicer would be to include the dummy VLAN header in the payload itself and hide the offloading details, but that we can also do in userspace of course. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
