On Thursday 2008-10-23 19:36, Alexey Dobriyan wrote:
>>
>> >xt_recent wants netns inside ->match hook (and xt_hashlimit probably,
>> >haven't looked closely):
>> >
>> > recent_mt
>> > recent_table_lookup
>> > [use per-netns tables list]
>> >
>> >Now, I can drag netns through struct xt_match_param, or use
>> >dev_net(skb->dev ? skb->dev : skb->dst->dev) trick.
>> >
>> >And the latter should be better, because only xt_recent module will be
>> >affected.
>> >
>> >Comments?
>>
>> What exactly needs netns? This?
>>
>> if (par->out != NULL && skb->sk == NULL)
>> ttl++;
>
>Nope, something like below, and if I'm reading correctly,
>struct xt_recent_mtinfo is immutable because of ABI, hence the question.
What info would you pass thorugh xt_recent_mtinfo anyway?
>@@ -203,6 +204,7 @@ static void recent_table_flush(struct recent_table *t)
> static bool
> recent_mt(const struct sk_buff *skb, const struct xt_match_param *par)
> {
>+ struct net *net = ???;
Either add a net in match_param or use dev_net.
The latter seems nicer because it does not use another 8 bytes
in match_param.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
