David Miller <davem@xxxxxxxxxxxxx> writes: > From: Toke Høiland-Jørgensen <toke@xxxxxxx> > Date: Wed, 23 May 2018 22:38:30 +0200 > >> How would this work? > > On egress the core networking flow dissector records what you need > somewhere in SKB or wherever. You later retrieve it at egress time > after NAT has occurred. Ah, right, that could work. Is there any particular field in sk_buff we should stomp on for this purpose, or would you prefer a new one? Looking through it, the only obvious one that comes to mind is, well, skb->_nfct :) If we wanted to avoid bloating sk_buff, we could add a union with that, fill it in the flow dissector, and just let conntrack overwrite it if active; then detect which is which in Cake, and read the data we need from _nfct if conntrack is active, and from what the flow dissector stored otherwise. Is that too many hoops to jump through to avoid adding an extra field? -Toke -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
