On Sun, Aug 17, 2008 at 1:12 AM, Jozsef Kadlecsik
<kadlec@xxxxxxxxxxxxxxxxx> wrote:
> On Sat, 16 Aug 2008, Changli Gao wrote:
>
>> On Sat, Aug 16, 2008 at 3:31 AM, Jozsef Kadlecsik
>> > With your patch applied we'd loose supporting multiple matches of the same
>> > type.
>> >
>>
>> No we don't loose that function. Look at this example:
>
> Yes, you are right: it seems it was too late yesterday for mental
> patching, compiling and testing ;-).
>
> Still, with your patch we'd break backward compatibility by making
> mandatory for match options to strictly follow '-m matchname'.
>
Yea, but the question is is there anyone know and relay this feature?
And is using this feature is encouraged?
BTW: how about this idea to avoid calling the function parse for the
options not for it:
--- iptables-1.3.8/iptables.c 2007-04-30 07:03:30.000000000 +0800
+++ iptables-1.3.8.new2/iptables.c 2008-08-16 19:44:11.000000000 +0800
@@ -2322,6 +2322,10 @@
for (matchp = matches; matchp; matchp
= matchp->next) {
if (matchp->completed)
continue;
+ if (c < matchp->match->option_offset ||
+ c >= matchp->match->option_offset +
+ OPTION_OFFSET)
+ continue;
if (matchp->match->parse(c -
matchp->match->option_offset,
argv, invert,
&matchp->match->mflags,
--
Regards,
Changli Gao(xiaosuo@xxxxxxxxx)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
