Re: [PATCHv3 2/2][RESEND] Addrtype match extension: limit addrtype check on the packet's interface

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Nov 16 2007 15:22, Laszlo Attila Toth wrote:
>Addrtype match has a new revision (1), which lets address type checking
>limited to the interface the current packet belongs to. Either incoming
>or outgoing interface can be used depending on the current hook. In the
>FORWARD hook two maches should be used if both interfaces have to be checked.

Hey would not it be cool if this was bumped to xt_addrtype,
using .revision=0 with ipt_addrtype_info (with the old functionality),
and let .revision=1 use xt_addrtype_info (with the new functionality).
Much like the recently posted xt_tos/xt_owner.

>-struct ipt_addrtype_info {
>+enum
>+{
>+	IPT_ADDRTYPE_INVERT_SOURCE	= 0x0001,
>+	IPT_ADDRTYPE_INVERT_DEST	= 0x0002,
>+	IPT_ADDRTYPE_LIMIT_IFACE_IN	= 0x0004,
>+	IPT_ADDRTYPE_LIMIT_IFACE_OUT	= 0x0008,
>+};
>+
>+struct ipt_addrtype_info_v1 {
>+	u_int16_t	source;		/* source-type mask */
>+	u_int16_t	dest;		/* dest-type mask */
>+	u_int32_t	flags;
>+};
>+
>+struct ipt_addrtype_info_v0 {

Is it actually ok to change ipt_addrtype_info into ipt_addrtype_info_v0?
It does not break binary compat, but source-level compat.

-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux