xt_u32 20070605 (kernel)
Patrick McHardy
kaber at trash.net
Tue Jun 5 13:59:26 CEST 2007
Jan Engelhardt wrote:
>>>+static bool xt_u32_match(const struct sk_buff *skb,
>>>+ const struct net_device *in,
>>>+ const struct net_device *out,
>>>+ const struct xt_match *match, const void *matchinfo,
>>>+ int offset, unsigned int protoff, bool *hotdrop)
>>>+{
>>>+ const struct xt_u32 *data = matchinfo;
>>>+ bool ret;
>>>+
>>>+ spin_lock_bh(&xt_u32_lock);
>>>+ ret = xt_u32_match_it(data, skb);
>>
>>Do we really need this wrapper?
>
>
> I thought "yes". Otherwise, I'd need a spin_unlock_bh at every return in
> xt_u32_match_it(), and also would need to fiddle data->invert too.
> With two functions (_match and _match_it), this is done nicely IMHO.
OK.
>>>+MODULE_PARM_DESC(buffer_size, "Buffer size to hold a packet "
>>>+ "(default: 65536 bytes)");
>>
>>No parameter for this. We need 64k.
>
>
> If no interface in a system has an MTU >17k (to be determined by
> the system's owner), why need 64?
Again, TSO. Long-term we want to move away from packet copying, so
I don't want to add any module parameters for this.
More information about the netfilter-devel
mailing list