Phil Oester wrote:
On Mon, Jul 07, 2008 at 02:00:32PM +0200, Patrick McHardy wrote:
+static bool
+route_mt6(const struct sk_buff *skb, const struct net_device *in,
+ const struct net_device *out, const struct xt_match *match,
+ const void *matchinfo, int offset, unsigned int protoff,
+ bool *hotdrop)
+{
+ const struct xt_route_info *info = matchinfo;
+ const struct ipv6hdr *iph = ipv6_hdr(skb);
+ struct fib6_node *fn;
+ struct flowi fl = {0};
+
+ switch (info->mode) {
+ case XT_ROUTE_SRC_EXISTS:
+ fl.nl_u.ip6_u.daddr = iph->saddr;
+ fn = fib6_lookup(&dev_net(in)->ipv6.fib6_main_tbl->tb6_root, &fl.fl6_dst, NULL);
This is always using the main table, which is inconsistent
with the IPv4 support. It also shouldn't call IPv6 functions
directly to avoid incorrect module dependencies.
What are the alternatives? If we need to support IPv6 in the match, then
we need to call the functions directly, no? Is there a helper function
I'm missing?
There are the ->route functions is nf_afinfo, but I'm not sure
if they will work for you. You may have too add some new ones.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
