On Thu, Jul 03, 2008 at 09:22:03AM +0200, Jan Engelhardt wrote:
>
> >+ case XT_ROUTE_SRC_EXISTS:
> >+ fl.nl_u.ip4_u.daddr = iph->saddr;
> >+ ret = fib_lookup(dev_net(in), &fl, &res);
> >+ if (ret == 0 && res.prefixlen != 0) {
> >+ fib_res_put(&res);
> >+ return true ^ info->invert;
> >+ }
> >+ case XT_ROUTE_SRC_EQ:
> >+ fl.nl_u.ip4_u.daddr = iph->saddr;
> >+ ret = fib_lookup(dev_net(in), &fl, &res);
> >+ if (ret == 0 && res.prefixlen == info->prefixlen) {
> >+ fib_res_put(&res);
> >+ return true;
> >+ }
> >+ break;
>
> Should not these be true ^ info->invert too?
No - invert is only supported on the *_EXISTS case. Didn't see any point
in supporting invert on gt/lt, but now that I think of it perhaps supporting
it on _EQ may be useful. But can you see a point on gt/lt?
> I would probably combine mode and invert, to save a byte.
Possible.
> >+static bool
> >+route_mt6(const struct sk_buff *skb, const struct net_device *in,
> >+ const struct net_device *out, const struct xt_match *match,
> >+ const void *matchinfo, int offset, unsigned int protoff,
> >+ bool *hotdrop)
> >+{
> >+ return 1;
> >+}
>
> If you do not support IPv6, do not write a function for it ;-)
OK, so I should have #if 0 it...but this is just an RFC and that was
listed in the TODO ;-)
Thanks for the review BTW.
Phil
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
