Kazunori Miyazawa wrote: > Patrick McHardy wrote: > >>The problem is that netfilter hooks take ownership of the skb, so the >>caller can't touch it afterwards. It would be possible, but it would >>become very ugly. Can I assume that you would also be satisfied if >>the double-parsing of extension headers is fixed in some other way? > > > My concern is cost to look up routing table and parse extention headers twice. > I think the latter will be critical issue if some extention header makes > some state in the stack.
The routing lookup is not done unless someone resets skb->dst (i.e. nfqueue). I'm looking into fixing the extension header problem, so I hope that will resolve all issues. > IMHO, we will call the loop part of ip6_input_finish to inject the skb > to upper layer directly in ip6_xfrm_transport_hook. > But it may make duplicate codes and raise other issues... The easiest way would be to store nhoff somewhere in the skb and use it to continue at the next header. But I still hope there is a way without keeping data in the skb. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
