Herbert Xu wrote:
> On Tue, Aug 01, 2006 at 09:19:34AM +0200, Patrick McHardy wrote:
>
>>- nfct/nfctinfo/nfct_reasm: the xfrm output path does an immediate
>> nf_reset, so they were not necessary until now. Queueing can happen
>> on any hook, so we need to preserve them.
>
>
> This looks OK to me. However, we should do this in a wrapper around
> skb_gso_segment rather than in skb_segment.
>
> The idea with skb_gso_segment is that it's the most generic (or basic)
> level of service which is needed by everyone. If you need anything
> more specific, you can do it around skb_gso_segment.
>
> For exmample, dev_gso_segment is the version that's tailored for
> device transmission.
>
> So I'd imagine something like
>
> nf_gso_segment(skb)
> {
> segs = skb_gso_segment(skb, 0);
> if (IS_ERR(segs))
> goto out;
>
> nskb = segs;
> do {
> copy_nf_attributes(nskb, skb);
> } while ((nskb = nskb->next));
>
> out:
> kfree_skb(skb);
> return segs;
> }
This looks OK. But we also need this for the redirect to loopback case,
do you want me to put it in dev_gso_segment as well? nfmark and
secmark should go in skb_segment I guess?
>>- nf_bridge: needed for GSO on a bridge device until the deferred
>> hooks are removed
>
>
> I presume this is only needed for netfilter queueing as well?
No, we also need this for XFRM until the deferred hooks are removed.
It is allocated on the first invocation of the NF_IP_LOCAL_OUT hook
and bridge netfilter expects it to be present later on.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
