Patrick McHardy írta:
Laszlo Attila Toth wrote:
Lutz Jaenicke írta:
On Tue, Nov 20, 2007 at 02:14:28PM +0100, Laszlo Attila Toth wrote:
Interface group values can be checked on both input and output
interfaces
with optional mask.
Index: extensions/libxt_ifgroup.c
===================================================================
--- extensions/libxt_ifgroup.c (revision 0)
+++ extensions/libxt_ifgroup.c (revision 0)
+ info->in_group = strtoul(optarg, &end, 0);
This is somewhat inconsistent with the iproute patch which targets
specific groups (with names).
Should iptables be allowed to read "/etc/iproute2/rt_ifgroup"?
It would be good but cannot be used if a mask is set and only values
less than 256 can be used with names.
Why 256? I can see no such limitation. For masks you could
simply allow to define masks in rt_ifgroup too and use
name/name or simply name/0xmask.
256 because it is the size of a static array (and I don't want allocate
too much memory when other arrays such as the routing table names also
have this size). In the current version I posted some minutes ago
0..2^32-1 can be used.
The syntax "name/0xmask" is simply too strange for me.
There is no standard API like getservbyname()...
The code of iproute2 should be copied. If Patrick says it is ok, I'll
write this part.
Of course. Please put the tab part somewhere common, I always
wanted to have named firewall marks shared with ip and tc
and I believe Balazs wanted that too :)
Ok. Yes, he wants :)
--
Attila
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html