On Mon, May 07, 2012 at 09:56:47AM +0200, Florian Westphal wrote:
> Krishna Kumar <krkumar2@xxxxxxxxxx> wrote:
> > Define xt_NFQ_info_v3 to get fail-open argument from iptables. Also
> > enable FAIL_OPEN.
> >
> > Signed-off-by: Krishna Kumar <krkumar2@xxxxxxxxxx>
> > diff -ruNp org/include/linux/netfilter/xt_NFQUEUE.h new/include/linux/netfilter/xt_NFQUEUE.h
> > --- org/include/linux/netfilter/xt_NFQUEUE.h 2012-05-07 10:17:28.117870787 +0530
> > +++ new/include/linux/netfilter/xt_NFQUEUE.h 2012-05-07 09:20:53.783813702 +0530
> > @@ -26,4 +26,11 @@ struct xt_NFQ_info_v2 {
> > __u16 bypass;
> > };
> >
> > +struct xt_NFQ_info_v3 {
> > + __u16 queuenum;
> > + __u16 queues_total;
> > + __u16 bypass;
> > + __u16 fail_open;
> > +};
>
> Minor nit:
>
> This shouldn't be necessary; bypass is always 0 or 1.
> You could just rename it to "options" or something
> like that. Would also mean that you could have the v2 target
> revision use the same target callback as v3 (since struct layout would
> be the same).
Yes, something like "flags" can make it.
Where flag (1 << 0) is bypass to ensure backward compatibility.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
