Am 19.03.2011 00:26, schrieb Florian Westphal: > Patrick McHardy <kaber@xxxxxxxxx> wrote: >> On 15.03.2011 19:49, Florian Westphal wrote: > [..] >>> + rt = rt6_lookup(net, addr, NULL, ifindex, !!dev); >> >> Florian, I just noticed that this will pull in the IPv6 module just >> by loading the xt_addrtype module. Can we convert this to use >> nf_ip6_afinfo->route() instead? > > I tried this, but i found two issues: > - no netns support (nf_ip6_route passed init_net) > - its not possible to ask for RT6_LOOKUP_F_IFACE flag in the > underlying fib6_rule_lookup() call. > > But AFAICT the latter is needed to support the '--limit-iface-in/out' > option. > > Any idea? > > Otherwise I think I'll have a go at extending afinfo->route() to pass > in struct net* and a 'strict' argument (i.e. what rt6_lookup() has). > > Unfortunately that would have to wait for 2.6.40... Actually I'd consider that (especially the struct net *) a bugfix since we shouldn't be pulling in the IPv6 module. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
