On Tuesday 2010-11-09 21:18, Frederic Leroy wrote:
>
>For the kernel part,I didn't add modalias command because the
>userspace don't work yet :
>
># ./arptables -A OUTPUT -o eth0 -j CLASSIFY --set-class 0:7
>x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only
>usable from FORWARD/OUTPUT/POSTROUTING
Here we have a perfect example of the dentrimentality of code duplication.
Hooray for NF_ARP_* not matching NF_INET_*.
Alas, when I originally coded NFPROTO_UNSPEC wildcard support,
I allowed for same-rev overloading, as in:
static struct xt_target classify_tg_reg[] __read_mostly = {
{
.name = "CLASSIFY",
.revision = 0,
.family = NFPROTO_UNSPEC,
.table = "mangle",
.hooks = (1 << NF_INET_LOCAL_OUT) | (1 << NF_INET_FORWARD) |
(1 << NF_INET_POST_ROUTING),
.target = classify_tg,
.targetsize = sizeof(struct xt_classify_target_info),
.me = THIS_MODULE,
},
{
.name = "CLASSIFY",
.revision = 0,
.family = NFPROTO_ARP,
.hooks = (1 << NF_ARP_OUT) | (1 << NF_ARP_FORDWARD),
.target = classify_tg,
.targetsize = sizeof(struct xt_classify_target_info),
.me = THIS_MODULE,
},
};
This should nicely work around the NF_ARP_* hook number deviation
for the time being.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
