>From: netfilter-devel-owner >Date: 2015-04-16 >To: pablo@xxxxxxxxxxxxx >Subject: Re: Re: [PATCH] Add NFPROTO_ARP for mark > > >hi pablo > >>From: Pablo Neira Ayuso >>Date: 2015-04-09 >>To: Zhang, Chunyu/章 春宇 >>Subject: Re: Re: [PATCH] Add NFPROTO_ARP for mark >> >>On Thu, Apr 09, 2015 at 03:54:33AM +0000, Zhang, Chunyu wrote: >>> >From: Pablo Neira Ayuso >>> >Date: 2015-04-09 >>> >To: Zhang, Chunyu/章 春宇 >>> >Subject: Re: [PATCH] Add NFPROTO_ARP for mark >>[...] >>> >> @@ -41,13 +42,23 @@ mark_mt(const struct sk_buff *skb, struct xt_action_param *par) >>> >> return ((skb->mark & info->mask) == info->mark) ^ info->invert; >>> >> } >>> >> >>> >> -static struct xt_target mark_tg_reg __read_mostly = { >>> >> - .name = "MARK", >>> >> - .revision = 2, >>> >> - .family = NFPROTO_UNSPEC, >>> >> - .target = mark_tg, >>> >> - .targetsize = sizeof(struct xt_mark_tginfo2), >>> >> - .me = THIS_MODULE, >>> >> +static struct xt_target mark_tg_reg[] __read_mostly = { >>> >> + { >>> >> + .name = "MARK", >>> >> + .revision = 2, >>> >> + .family = NFPROTO_UNSPEC, >>> >> + .target = mark_tg, >>> >> + .targetsize = sizeof(struct xt_mark_tginfo2), >>> >> + .me = THIS_MODULE, >>> >> + }, >>> >> + { >>> >> + .name = "MARK", >>> >> + .revision = 2, >>> >> + .family = NFPROTO_ARP, >>> >> + .target = mark_tg, >>> >> + .targetsize = sizeof(struct xt_mark_tginfo2), >>> >> + .me = THIS_MODULE, >>> >> + } >>> >> }; >>> > >>> >You don't need this. >>> > >>> >The problem is here that your patch: >>> > >>> >http://patchwork.ozlabs.org/patch/455966/ >>> > >>> >is missing this chunk: >>> > >>> >diff --git a/libarptc/libarptc_incl.c b/libarptc/libarptc_incl.c >>> >index a034930..87404ce 100644 >>> >--- a/libarptc/libarptc_incl.c >>> >+++ b/libarptc/libarptc_incl.c >>> >@@ -872,7 +872,7 @@ map_target(const TC_HANDLE_T handle, >>> > /* memset to all 0 for your memcmp convenience. */ >>> > memset(t->u.user.name + strlen(t->u.user.name), >>> > 0, >>> >- FUNCTION_MAXNAMELEN - strlen(t->u.user.name)); >>> >+ FUNCTION_MAXNAMELEN - 1 - strlen(t->u.user.name)); >>> > return 1; >>> > } > >1. >maybe should change like this? > >diff --git a/libarptc/libarptc_incl.c b/libarptc/libarptc_incl.c >index a034930..4049cbd 100644 >--- a/libarptc/libarptc_incl.c >+++ b/libarptc/libarptc_incl.c >@@ -872,7 +872,7 @@ map_target(const TC_HANDLE_T handle, > /* memset to all 0 for your memcmp convenience. */ > memset(t->u.user.name + strlen(t->u.user.name), > 0, >- FUNCTION_MAXNAMELEN - strlen(t->u.user.name)); >+ XT_EXTENSION_MAXNAMELEN - strlen(t->u.user.name)); > return 1; > } > >2. mabye have other 4 places should change ? >arptables.c:2330: if (chain && strlen(chain) > ARPT_FUNCTION_MAXNAMELEN) >arptables.c:2333: chain, ARPT_FUNCTION_MAXNAMELEN); >include/linux/netfilter/x_tables.h:71: char errorname[XT_FUNCTION_MAXNAMELEN]; >libarptc/libarptc_incl.c:827: memset(t->target.u.user.name, 0, FUNCTION_MAXNAMELEN); or change like this : diff --git a/libarptc/libarptc.c b/libarptc/libarptc.c index 0025a75..19b73d0 100644 --- a/libarptc/libarptc.c +++ b/libarptc/libarptc.c @@ -47,7 +47,7 @@ typedef unsigned int socklen_t; #define ENTRY_ITERATE ARPT_ENTRY_ITERATE #define TABLE_MAXNAMELEN ARPT_TABLE_MAXNAMELEN -#define FUNCTION_MAXNAMELEN ARPT_FUNCTION_MAXNAMELEN +#define FUNCTION_MAXNAMELEN XT_EXTENSION_MAXNAMELEN #define GET_TARGET arpt_get_target >>> > >>> >Otherwise, the revision number is zeroed. >>> > >>> >And you don't need: http://patchwork.ozlabs.org/patch/455965/. >>> > >>> >Please, rebase your userspace patches on top of current arptables git >>> >and resubmit. Thanks. >>> >>> get it 。will do。 >>> why arptables --set-mark can work , when add NFPROTO_ARP to xt_mark ? >> >>I guess you're still using the userspace patches you sent. >> >>If you rebase on top of current arptables HEAD, that will not work.N�����r��y���b�X��ǧv�^�){.n�+���z��u�ޖ)���w*jg��������ݢj/���z�ޖ��2�ޙ���&�)ߡ�a�����G���h��j:+v���w�٥��.n��������+%������w��{.n����z�����n�r������&��z�ޗ�zf���h���~����������_��+v���)ߣ�