On 15.03.2011 19:49, Florian Westphal wrote:
> +static bool match_type6(struct net *net, const struct net_device *dev,
> + const struct in6_addr *addr, u16 mask)
> +{
> + int addr_type = ipv6_addr_type(addr);
> +
> + if ((mask & XT_ADDRTYPE_MULTICAST) &&
> + !(addr_type & IPV6_ADDR_MULTICAST))
> + return false;
> + if ((mask & XT_ADDRTYPE_UNICAST) && !(addr_type & IPV6_ADDR_UNICAST))
> + return false;
> + if ((mask & XT_ADDRTYPE_UNSPEC) && addr_type != IPV6_ADDR_ANY)
> + return false;
> +
> + if ((XT_ADDRTYPE_LOCAL | XT_ADDRTYPE_ANYCAST |
> + XT_ADDRTYPE_UNREACHABLE) & mask) {
> + struct rt6_info *rt;
> + u32 type;
> + int ifindex = dev ? dev->ifindex : 0;
> +
> + rt = rt6_lookup(net, addr, NULL, ifindex, !!dev);
Florian, I just noticed that this will pull in the IPv6 module just
by loading the xt_addrtype module. Can we convert this to use
nf_ip6_afinfo->route() instead?
> +
> + type = xt_addrtype_rt6_to_type(rt);
> +
> + dst_release(&rt->dst);
> + return !!(mask & type);
> + }
> + return true;
> +}
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
