On Wednesday 2010-05-05 19:57, ratheesh k wrote: > > On Wednesday 2010-05-05 17:56, Bill Bogstad wrote: >>Since incoming packets may not be synchronized with outgoing >packets, there is the possibility that the INPUT chain rules might be >modifying the connection marking at the same time that the OUTPUT >chain rules are using the mark to modify the packet. > >I am a little bit confused . >My understanding is pkts will traverse thru various HOOKs one by one . >PREROUTING -> INPUT etc . So how come ,the same pkt will be marked and >processed at different hooks at same time ? It's about _DIFFERENT_ packets belonging to the same connection. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
