KOVACS Krisztian wrote:
> +config NETFILTER_XT_MATCH_SOCKET
> + tristate '"socket" match support'
> + depends on NETFILTER_TPROXY
> + depends on NETFILTER_XTABLES
EXPERIMENTAL please.
> +static bool
> +socket_match(const struct sk_buff *skb,
> + const struct net_device *in,
> + const struct net_device *out,
> + const struct xt_match *match,
> + const void *matchinfo,
> + int offset,
> + unsigned int protoff,
> + bool *hotdrop)
> +{
> + const struct iphdr *iph = ip_hdr(skb);
> + struct udphdr _hdr, *hp;
> + struct sock *sk;
> +
> + /* TCP/UDP only */
> + if (iph->protocol != IPPROTO_TCP && iph->protocol != IPPROTO_UDP)
> + return false;
How about making sure that its only used in a -p udp or -p tcp
rule in ->checkentry() instead?
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
