Jan Engelhardt wrote:
On Sunday 2008-10-05 12:26, Patrick McHardy wrote:
Constructing the xt_match_param for example in ipt_do_table() instead
of do_match() would mean that iff some extension trashed, say,
par->in, then all future extensions would get that new value, which
is of course not what we wanted.
It isn't what we want? Why does it change the global value then?
For example, ebt_snat does this:
bool ebt_snat_tg_check(table, e, target, data, hookmask)
{
if (hookmask & base_chain_bit && tmp == EBT_RETURN)
return false;
hookmask &= ~base_chain_bit;
if (hookmask & yada)
whatever;
else
foo;
}
hookmask was coiped to the function by use of the stack (the usual stuff),
but with the argument consolidation, it now reads like:
par->hookmask &= ~base_chain_bit;
which means that the caller will see the altered hook mask. This is why
the struct is thrown away everytime.
OK, so ebt_snat_tg_check has to use a local copy.
Requesting verdict from you. :)
Make it const so that extensions don't tamper with it?
Preferrably, yes.
Perfect.
Great.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
