Re: [PATCHv6 iptables]Interface group match

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Laszlo Attila Toth wrote:
Patrick McHardy írta:
Laszlo Attila Toth wrote:
Lutz Jaenicke írta:

Should iptables be allowed to read "/etc/iproute2/rt_ifgroup"?

It would be good but cannot be used if a mask is set and only values less than 256 can be used with names.


Why 256? I can see no such limitation. For masks you could
simply allow to define masks in rt_ifgroup too and use
name/name or simply name/0xmask.


256 because it is the size of a static array (and I don't want allocate too much memory when other arrays such as the routing table names also have this size). In the current version I posted some minutes ago 0..2^32-1 can be used.

Its a hash. You can put as much in there as you like :)

The syntax "name/0xmask" is simply too strange for me.

Then how about name/name with masks also defined in rt_ifgroup?
The same question applies for marks of course.

There is no standard API like getservbyname()...

The code of iproute2 should be copied. If Patrick says it is ok, I'll write this part.


Of course. Please put the tab part somewhere common, I always
wanted to have named firewall marks shared with ip and tc
and I believe Balazs wanted that too :)

Ok. Yes, he wants :)



-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux