On Sat, Aug 16, 2008 at 3:31 AM, Jozsef Kadlecsik
<kadlec@xxxxxxxxxxxxxxxxx> wrote:
>> Then I checked the source code of iptables. It seems that the extra
>> options for each match are global for each individual command. It is
>> out of my exception. I used to think that options are only available
>> for that match. So I "fixed" this issues quickly. After patching, the
>> command options contain the default global options and the last match
>> or the target extra options.
>
> With your patch applied we'd loose supporting multiple matches of the same
> type.
>
No we don't loose that function. Look at this example:
iptables -t mangle -A PREROUTING --match a --mac-source
00:11:22:33:44:55 --match a --mac-source 00:11:22:33:44:55 -j ACCEPT
a: 0x60e5e0
a: 0x60eb10
a and b are both the modified match mac. To identify them, I output
their name and option address in their match function. As you see, it
works well without any error.
switch (c) {
case '1':
printf("a: %p\n", macinfo);
--
Regards,
Changli Gao(xiaosuo@xxxxxxxxx)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
