Laszlo Attila Toth wrote:
+static int match(const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const struct xt_match *match,
+ const void *matchinfo,
+ int offset,
+ unsigned int protoff,
+ int *hotdrop)
+{
+ const struct xt_ifgroup_info *info = matchinfo;
+
+ return ((in->ifgroup & info->mask) == info->group) ^ info->invert;
The input interface is only valid in PREROUTING, INPUT and FORWARD.
Why don't you support output-interface matching?
+}
+
+static struct xt_match ifgroup_match = {
+ .name = "ifgroup",
+ .match = match,
+ .matchsize = sizeof(struct xt_ifgroup_info),
+ .family = AF_INET,
+ .me = THIS_MODULE,
+};
+
+static struct xt_match ifgroup6_match = {
+ .name = "ifgroup",
+ .match = match,
+ .matchsize = sizeof(struct xt_ifgroup_info),
+ .family = AF_INET6,
+ .me = THIS_MODULE,
+};
__read_mostly
+
+static int __init xt_ifgroup_init(void)
+{
+ int ret;
+
+ ret = xt_register_match(&ifgroup_match);
xt_register_matches please.
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
