[PATCH 06/13]: [IPV4/6]: Netfilter IPsec input hooks
YOSHIFUJI Hideaki / 吉藤英明
yoshfuji at linux-ipv6.org
Sun Dec 18 16:15:04 CET 2005
In article <43A571B5.205 at trash.net> (at Sun, 18 Dec 2005 15:27:01 +0100), Patrick McHardy <kaber at trash.net> says:
> YOSHIFUJI Hideaki wrote:
> > In article <438270F2.3000603 at trash.net> (at Tue, 22 Nov 2005 02:14:26 +0100), Patrick McHardy <kaber at trash.net> says:
> >
> >
> >>The easiest way would be to store nhoff somewhere in the skb and
> >>use it to continue at the next header. But I still hope there is
> >>a way without keeping data in the skb.
> >
> >
> > We've coded up this.
>
> How about this patch instead? It eliminates the nhoffp argument
> to IPv6 protocol handlers by storing it in the IP6CB, which allows
> to call ip6_input_finish a second time and have it skip already
> parsed headers and also gets rid of the manual hopopts skipping.
The idea to store IP6CB itself seems sane to me.
BTW, we're now using full of skb->cb
(and we are even exceeding it w/ mobile-ipv6 extensions)...
--yoshfuji
More information about the netfilter-devel
mailing list