Georgi Alexandrov wrote: > Danger Will Robinson: Conventional wisdom says that auto-blocking is > inherently dangerous." Actually, for what I'm trying to do, switching to userspace is probably not that dangerous. The reason is because I am trying to match one packet, then the rule for the matching is actually switched off. In other words, I want to match a single packet, run some user code, then remove the rule for matching that packet. Given this, I can't see how the scenario you've laid out would be that big of a threat. -- Rhett.
