Jan Engelhardt írta:
On Nov 16 2007 15:22, Laszlo Attila Toth wrote:
Addrtype match has a new revision (1), which lets address type checking
limited to the interface the current packet belongs to. Either incoming
or outgoing interface can be used depending on the current hook. In the
FORWARD hook two maches should be used if both interfaces have to be checked.
Hey would not it be cool if this was bumped to xt_addrtype,
using .revision=0 with ipt_addrtype_info (with the old functionality),
and let .revision=1 use xt_addrtype_info (with the new functionality).
Much like the recently posted xt_tos/xt_owner.
xt_addrtype is ok, but the module loading in the userspace part
(iptables) tries to load the libxt_addrtype.so first and only if it is
not succeeded try to load libipt_addrtype.so also the latter shared
object will never be loaded.
Also it may be better if only the xt_addrtype remains and
ipt_addrtype_info is used for the old one and xt_addrtype_info for the
new one. But it may be confusing: ipt_* in the xt_* files...
-struct ipt_addrtype_info {
+enum
+{
+ IPT_ADDRTYPE_INVERT_SOURCE = 0x0001,
+ IPT_ADDRTYPE_INVERT_DEST = 0x0002,
+ IPT_ADDRTYPE_LIMIT_IFACE_IN = 0x0004,
+ IPT_ADDRTYPE_LIMIT_IFACE_OUT = 0x0008,
+};
+
+struct ipt_addrtype_info_v1 {
+ u_int16_t source; /* source-type mask */
+ u_int16_t dest; /* dest-type mask */
+ u_int32_t flags;
+};
+
+struct ipt_addrtype_info_v0 {
Is it actually ok to change ipt_addrtype_info into ipt_addrtype_info_v0?
It does not break binary compat, but source-level compat.
Hm, you are right. I checked this in xt_MARK, it doesn't use the _v0
suffix for the old _info structure. I'll change this in addrtype.
--
Attila
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
