RE: Using SAME target problems

["johnpeng" <johnpeng@unitytek.com.tw>]

Dear all:
   I find two problems of using ?SAME? target, I am using kernel 2.6.17.7
and iptables 1.3.5
1.  Multiple calls of check function:
     When we turn on the Debug messages ( by recompiling), I find that the
check function of SAME target would be called multiple times, 
i.e   iptables ?t nat ?A PREROUTING ?d 10.10.10.1 -j SAME ?to
172.31.0.1-172.31.0.3
     iptables ?t nat ?A PREROUTING ?d 10.10.10.2 ?j DNAT ?to-destination
192.168.1.1
         ?. Other NAT rules

     netfilter travels the second DNAT rules, but calls the check function
of the first rules of ?SAME? target
     , so does every following NAT rules.
    My question is , I didn?t see the same situation in kernel 2.4 , is that
due to some framework change in kernel 2.6 ?

2. Can?t remove the ?SAME? target:
When we issue the removal ?iptables ?t nat ?D PREROUTING ?d 10.10.10.1 -j
SAME ?to 172.31.0.1-172.31.0.3?, 
Iptables get reply of ?iptables: No chain/target/match by that name?,
 it seems the memory comparison is not equal with user level and kernel
level passed target info data structure, 
Any solution?

Thanks for your help!!