On Sunday 2010-07-25 21:10, Nepenthes Development Team wrote:
>Hi,
>
>thanks for your reply.
>
>>>+static const struct option socket_opts_v1[] = {
>>>+ { "transparent", 0, NULL, '1' },
>>>+ { }
>>>+};
>>
>> Try to use the C99 version.
>
>Not sure what C99 shall mean in this context,
>> { .name = NULL }
{.name = "transparent", .has_arg = false, .val = '1'},
{NULL},
>> ' does not need to be escaped, to my knowledge.
>
>I adopted the syntax from the original manpage, which escapes ', shall
>I remove it altogether?
Yes, given no other manpage has it. (And I think ' does not need any
escaping, unlike -, but someone feel free to educate me otherwise.)
>>>+struct xt_socket_mtinfo1 {
>>>+ __u8 flags;
>>>+};
>>
>> I'm sure Eric Dumazet will remind us that u32 is a better idea.
>
>Adopted, as the kernel already uses __u8 for the socket match flags
>http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=include/linux/netfilter/xt_socket.h;h=6f475b8ff34be81caa612bf1a947d3ad627290ab;hb=962400e8fd29981a7b166e463dd143b6ac6a3e76#l8
>shall I change it to u32?
Pending Eric's comment, I would suggest to include a bump to
revision 2 of the existing kernel parts for revision 1 -
since there is no libxt_socket.c code for revision 1.
>Attached is current version for iptables, I remembered being able to
>invert a match would be great, therefore I added the invertible
>implicit --exists option.
if (invert)
info->invert |= foo;
or alternatively
xtables_param_act(...NO_INVERT...) /* check existing code */
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
