On 1/10/2019 12:41 AM, Pablo Neira Ayuso wrote:
> On Fri, Dec 21, 2018 at 06:12:24PM +0800, wenxu@xxxxxxxxx wrote:
> [...]
>> +static struct xt_match tunnel_mt_reg __read_mostly = {
>> + .name = "tunnel",
>> + .revision = 0,
>> + .family = NFPROTO_UNSPEC,
>> + .match = tunnel_mt,
>> + .matchsize = sizeof(struct xt_tunnel_mtinfo),
> Does this work away from the prerouting hook?
Yes, I just test all the hooks. It can work for ingress packet match for PREROUTING and INPUT.
egress packet (output go through a lwtunnel) on FORWARD, OUTPUT and POSTROUTING.
