On Thursday 2009-06-04 14:37, Laszlo Attila Toth wrote:
>Added new revision of the 'socket' match. If its new option is set,
>enabled 'transparent' socket option is required for the socket to be matched.
>
>Signed-off-by: Laszlo Attila Toth <panther@xxxxxxxxxx>
>+++ b/include/linux/netfilter/xt_socket.h
>@@ -0,0 +1,8 @@
>+#ifndef _XT_SOCKET_H_match
>+#define _XT_SOCKET_H_match
>+
>+struct xt_socket_match_info1 {
>+ __u8 transparent:1;
>+};
>+
>+#endif /* _XT_SOCKET_H_match */
Compiler-level bitfields are not portable, so let's not use them.
>@@ -142,10 +145,22 @@ socket_mt(const struct sk_buff *skb, const struct xt_match_param *par)
> saddr, daddr, sport, dport, par->in, false);
> if (sk != NULL) {
> bool wildcard = (sk->sk_state != TCP_TIME_WAIT && inet_sk(sk)->rcv_saddr == 0);
>+ bool transparent = (sk->sk_state != TCP_TIME_WAIT &&
>+ inet_sk(sk)->transparent) ||
>+ (sk->sk_state == TCP_TIME_WAIT &&
>+ inet_twsk(sk)->tw_transparent);
>+ const struct xt_socket_match_info1 *info = NULL;
>+
>+ if (check_transparent);
>+ info = par->matchinfo;
That's a definite “whoops in coding” there with that trailing ;.
Wanna buy a `make C=1`? :-)
>+static struct xt_match socket_mt_reg[] __read_mostly = {
>+ {
>+ .name = "socket",
>+ .revision = 0,
>+ .family = AF_INET,
NFPROTO_IPV4
>+ .match = socket_mt_v0,
>+ .hooks = 1 << NF_INET_PRE_ROUTING,
>+ .me = THIS_MODULE,
>+ },
>+ {
>+ .name = "socket",
>+ .revision = 1,
>+ .family = AF_INET,
^
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
