From patchwork Thu Nov 15 13:49:15 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Torsten Luettgert X-Patchwork-Id: 199282 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 0BD0B2C03C8 for ; Fri, 16 Nov 2012 00:49:21 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1767809Ab2KONtT (ORCPT ); Thu, 15 Nov 2012 08:49:19 -0500 Received: from mail.cbxnet.de ([212.87.33.16]:59912 "EHLO mail1.cbxnet.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1767793Ab2KONtT (ORCPT ); Thu, 15 Nov 2012 08:49:19 -0500 Received: from lists.enda.eu ([212.87.38.145] helo=infra.enda.eu) by mail1.cbxnet.de with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80.1) (envelope-from ) id 1TYzok-0002EY-FF; Thu, 15 Nov 2012 14:49:18 +0100 Received: from p4fc5c048.dip0.t-ipconnect.de ([79.197.192.72] helo=goldlack.enda.eu) by infra.enda.eu with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.80.1) (envelope-from ) id 1TYzoi-0007hz-GK; Thu, 15 Nov 2012 14:49:16 +0100 Date: Thu, 15 Nov 2012 14:49:15 +0100 From: Torsten Luettgert To: netfilter-devel@vger.kernel.org Cc: arif Subject: Re: Splitting network packets from target modules Message-ID: <20121115144915.427483f6@goldlack.enda.eu> In-Reply-To: References: X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.13; x86_64-redhat-linux-gnu) Mime-Version: 1.0 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org On Thu, 15 Nov 2012 19:14:44 +0600 arif wrote: > But i'm confused how i'm going to send these new skbs to uplink. > returning NF_ACCEPT will not do the trick i guess. > > Is there any existing target module which tries to do send multiple > skbs to uplink? I'd guess TEE would be the right place to look at since it creates another packet and sends it on. But beware, it's buggy in current kernels, a fix by Eric Dumazet is required: Hope that helps, Torsten --- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/net/netfilter/xt_TEE.c b/net/netfilter/xt_TEE.c index ee2e5bc..bd93e51 100644 --- a/net/netfilter/xt_TEE.c +++ b/net/netfilter/xt_TEE.c @@ -70,6 +70,7 @@ tee_tg_route4(struct sk_buff *skb, const struct xt_tee_tginfo *info) fl4.daddr = info->gw.ip; fl4.flowi4_tos = RT_TOS(iph->tos); fl4.flowi4_scope = RT_SCOPE_UNIVERSE; + fl4.flowi4_flags = FLOWI_FLAG_KNOWN_NH; rt = ip_route_output_key(net, &fl4); if (IS_ERR(rt)) return false;