On Fri, Oct 24, 2008 at 11:06:25AM -0400, Jan Engelhardt wrote:
>
> On Friday 2008-10-24 10:10, Alexey Dobriyan wrote:
> >On Fri, Oct 24, 2008 at 09:31:28AM -0400, Jan Engelhardt wrote:
> >>
> >> >Well, if it would have a pointer like xt_connlimit has, I could take
> >> >netns from ->matchinfo. Here is xt_connlimit patch, btw.
> >> >
> >> >diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
> >> >index 7f404cc..ef01431 100644
> >> >--- a/net/netfilter/xt_connlimit.c
> >> >+++ b/net/netfilter/xt_connlimit.c
> >> >@@ -38,6 +38,7 @@ struct xt_connlimit_conn {
> >> > struct xt_connlimit_data {
> >> > struct list_head iphash[256];
> >> > spinlock_t lock;
> >> >+ struct net *net;
> >> > };
> >>
> >> And why should this be better than dev_net(par->in)/dev_net(par_out)?
> >
> >par->in doesn't exist, not sure what do you mean.
> >
> Of course that exists when you get a packet. (If not, then it's par->out
> in case of forwarded/output traffic.)
>
> static bool
> connlimit_mt(const struct sk_buff *skb, const struct xt_match_param *par)
> {
> ...
> }
>
> struct xt_match_param {
> const struct net_device *in, *out; <- THAT ONE
Ah, these ones!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
