On 2018-01-08 06:32, Pablo Neira Ayuso wrote:
Hi Subash,
One more concern before this gets upstream.
Do you think we can turn this into an on/off knob instead?
I mean, I think it's good if you add a new
NF_IP_PRI_RAW_BEFORE_DEFRAG and we place it into uapi.
I'm just worried about follow up patches from people asking to making
this flexible in all other existing tables, I would like this does not
happen :-).
+
+static struct xt_table packet_raw = {
.name = "raw",
.valid_hooks = RAW_VALID_HOOKS,
.me = THIS_MODULE,
@@ -70,6 +74,14 @@ static int __init iptable_raw_init(void)
{
int ret;
+ if (priority < NF_IP_PRI_CONNTRACK_DEFRAG &&
+ priority > NF_IP_PRI_FIRST) {
+ packet_raw.priority = priority;
+
+ pr_info("iptable_raw: Using custom rule priority=%d\n",
^^^^^^^^^^^^
Probably better if you add:
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
in this patch while on this.
Thanks for your patience, we're almost there.
Hi Pablo
Sure, I can update these.
--
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
