On Sun, Feb 15, 2004 at 01:09:23AM -0500, James Morris wrote:
> On Sat, 14 Feb 2004, Mika Penttilä wrote:
>
> > James Morris wrote:
> >
> > >The proposed solution below is to copy the skb rather than clone it, to
> > >ensure that the original and looped back packets are independent.
> > >
> >
> > This is unneeded overhead for the common case. The right fix is to make
> > sure the modifier (netfilter etc) makes the copy if needed. Actually,
> > this is what skb_ip_make_writable() is doing.
>
> The common case here will be only for locally generated multicast and
> broadcast packets.
>
> If the netfilter core code is modified instead, we will end up adding
> skb_ip_make_writable() to nf_hook_slow() which will be called for every
> packet with an output device which uses hardware checksums.
>
> Not sure which is worse, but here's a proposed patch which does this.
Why can't we somehow check inside the netfilter hook if the packet is
at least multicast/broadcast (or even better: also locally generated)?
> - James
> James Morris
--
- Harald Welte <laforge@xxxxxxxxxxxxx> http://www.netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
signature.asc
Description: Digital signature
|