On Fri, Apr 26, 2002 at 09:52:46AM -0700, Don Cohen wrote: > Harald Welte writes: > > > the counter argument is that the queue is part of the lower-layer drivers > > and not part of the IPv4 stack. netfilter hooks are always restricted > > to one protocol stack - there's separate hooks for ipv4, ipv6, ipx, ... > > This seems more a psychological than technical argument. > Is there some reason the lower level can't be interleaved in execution > order with the upper level? Or is it more related to the files? You > want NF_HOOK to be called by ip_output but not by dev.c ?
IP tables are restricted to IPv4. IP6tables are restricted to ipv6. arptables are restricted to arp. So you want to have a big case statement _after_ enqueuing of the packet happens [ i.e. in the network TX softirq], calling NF_HOOK for the respective protocol family? > This raises another general point. There are lots of cases where a > certain thing has to be done in a certain place cause that's where the > data is available. At the moment, there are things that just can't be > done cause they require two pieces of data that are not both available > at the same time, e.g., input device and output device. When you want > to do something like that you end up adding kernel code to save the > old data so you can use it later. I think in general it would be > worth while to save more of this data for use in later hooks. > So I think that nat should save the original data just for use in > later hooks. well, but it's added overhead and none of the existing functions within the framework need it. If there is any chance for adding such overhead, then if at the same time we actually have some code which uses it. Just providing features because they are nice for some not-included-in-kernel code is not our philosophy. -- Live long and prosper - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ ============================================================================ GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)
