[RFC] Match wants to change skbuff (nfcache)

Jozsef Kadlecsik kadlec at blackhole.kfki.hu
Wed Dec 15 09:01:24 CET 2004


Currently a match function cannot modify the skbuff. However, sometimes
it'd be useful to be able to modify at least the nfcache field.

An example: I'm working on porting the unclean match to 2.6. But how nice
would it be if the unclean match could notify the error function of the
TCP window tracking code that it had already verified the packet and found
it clean. nfcache comes as a possibility to pass the required info, but
match function cannot touch it.

It'd be easy and simple to drop 'const' from the definiton of the match
function, but a match should not poke with skbuff so 'const struct
sk_buff *skb' is just the right thing.

What I suggest is to add '__u32 *nfcache' to the argument list of the
match functions.

Are there better alternatives?

Best regards,
E-mail  : kadlec at blackhole.kfki.hu, kadlec at sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

More information about the netfilter-devel mailing list