On Wednesday 2010-03-31 11:01, Patrick McHardy wrote:
>Jan Engelhardt wrote:
>> On Wednesday 2010-03-31 10:41, Patrick McHardy wrote:
>>>>>> +static struct xt_match state_mt_reg __read_mostly = {
>>>>>> + .name = "state",
>>>>>> + .family = NFPROTO_UNSPEC,
>>>>>> + .checkentry = state_mt_check,
>>>>>> + .match = state_mt,
>>>>>> + .destroy = state_mt_destroy,
>>>>>> + .matchsize = sizeof(struct xt_state_info),
>>>>>> + .me = THIS_MODULE,
>>>>>> };
>>>>> The patch looks fine, however I'd prefer if in the future you'd add
>>>>> a changelog entry for these conversions stating why this will work
>>>>> properly in all cases even with arptables and ebtables using the
>>>>> xtables infrastructure.
>>>> This will work because x_tables scans for NFPROTO_UNSPEC,
>>>> and arp/ebtables just using x_tables :-)
>>> I'm not sure I'm parsing this correctly. Both will find the match,
>>> however the nf_ct_l3proto_try_module_get() call will fail
>>
>> It won't fail - it is using par->family, not par->match->family.
>
>That's broken then.
How so?
(Mind, `iptables -m state --state NEW -j ACCEPT` still works,
and so is xt_state.)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
