On Friday 2008-10-24 10:10, Alexey Dobriyan wrote:
>On Fri, Oct 24, 2008 at 09:31:28AM -0400, Jan Engelhardt wrote:
>>
>> >Well, if it would have a pointer like xt_connlimit has, I could take
>> >netns from ->matchinfo. Here is xt_connlimit patch, btw.
>> >
>> >diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
>> >index 7f404cc..ef01431 100644
>> >--- a/net/netfilter/xt_connlimit.c
>> >+++ b/net/netfilter/xt_connlimit.c
>> >@@ -38,6 +38,7 @@ struct xt_connlimit_conn {
>> > struct xt_connlimit_data {
>> > struct list_head iphash[256];
>> > spinlock_t lock;
>> >+ struct net *net;
>> > };
>>
>> And why should this be better than dev_net(par->in)/dev_net(par_out)?
>
>par->in doesn't exist, not sure what do you mean.
>
Of course that exists when you get a packet. (If not, then it's par->out
in case of forwarded/output traffic.)
static bool
connlimit_mt(const struct sk_buff *skb, const struct xt_match_param *par)
{
...
}
struct xt_match_param {
const struct net_device *in, *out; <- THAT ONE
const struct xt_match *match;
const void *matchinfo;
int fragoff;
unsigned int thoff;
bool *hotdrop;
u_int8_t family;
};
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
