On Tue, 2008-09-02 at 23:11 -0400, Peter Memishian wrote: > > Here's a webrev some bug fixes for IP observability: > > > > http://zhadum.east/ws/seb/seb-ipobs/webrev/ > > I think there's something fundamental I'm missing. Why is it OK for the > dstzone to be ALL_ZONES in the tcp/udp calls to ipnet_hook() if the > destination is another zone on the local system?
The only calls to ipnet_hook() in tcp and udp are for packets that are in the fast-path directly to the link-layer, and therefore, not to another zone. -Seb
