On Friday 2010-05-28 07:25, Luciano Coelho wrote:
>
>Do you have any other suggestion on how I can associate the rules to
>specific interfaces?
-A INPUT -i foo -j do
-A do -j idletimer
A little funny, but actually this would allow me to keep a timer
for a group of interfaces rather than just per-if.
>> >+static int xt_idletimer_checkentry(const struct xt_tgchk_param *par)
>> >+{
>> >+ const struct xt_idletimer_info *info = par->targinfo;
>> >+ const struct ipt_entry *entryinfo = par->entryinfo;
>> >+ const struct ipt_ip *ip = &entryinfo->ip;
>>
>> I'm not sure spying on ipt_ip is a long-term viable solution.
>
>Do you have any other suggestions on how I could get an interface
>associated with the rule? I thought about having the userspace pass the
>interface as an option to the rule (like I already do for the timeout
>value), but that looked ugly to me, since the interface can already be
>defined as part of the ruleset.
I have patches ready since a while that decouple ipt_ip
from a rule, so there is no guarantee that such will exist.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
