> > > http://zhadum.east/ws/seb/seb-ipobs/webrev/ > > > > I think there's something fundamental I'm missing. Why is it OK for the > > dstzone to be ALL_ZONES in the tcp/udp calls to ipnet_hook() if the > > destination is another zone on the local system? > > The only calls to ipnet_hook() in tcp and udp are for packets that are > in the fast-path directly to the link-layer, and therefore, not to > another zone.
I'm not convinced this is a robust assumption. For instance, after Crossbow integrates, zones may be using VNICs which means they'll take the GLDv3 function-call-based codepath. -- meem
