On 2018-01-08 06:32, Pablo Neira Ayuso wrote:
Hi Subash, One more concern before this gets upstream. Do you think we can turn this into an on/off knob instead? I mean, I think it's good if you add a new NF_IP_PRI_RAW_BEFORE_DEFRAG and we place it into uapi. I'm just worried about follow up patches from people asking to making this flexible in all other existing tables, I would like this does not happen :-).+ +static struct xt_table packet_raw = { .name = "raw", .valid_hooks = RAW_VALID_HOOKS, .me = THIS_MODULE, @@ -70,6 +74,14 @@ static int __init iptable_raw_init(void) { int ret; + if (priority < NF_IP_PRI_CONNTRACK_DEFRAG && + priority > NF_IP_PRI_FIRST) { + packet_raw.priority = priority; + + pr_info("iptable_raw: Using custom rule priority=%d\n",^^^^^^^^^^^^ Probably better if you add: #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt in this patch while on this. Thanks for your patience, we're almost there.
Hi Pablo Sure, I can update these. -- Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
