On Mon, Feb 01, 2016 at 12:17:02PM +0000, Asbjørn Sloth Tønnesen wrote: > Hi Pablo, > > On Mon, 1 Feb 2016 12:04:23 +0100, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > On Mon, Jan 25, 2016 at 11:15:47AM +0000, Asbjørn Sloth Tønnesen wrote: > > > This patch extends --mask-src and --mask-dst to also work > > > with the conntrack table, with commands -L, -D, -E and -U. > > > > > > Signed-off-by: Asbjørn Sloth Tønnesen <ast@xxxxxxxxxx> > > > --- > > > > > > Notes: > > > This is almost completely backward compatible, > > > since the --mask-* arguments previously gave > > > an error is used with these commands and the > > > conntrack table. > > > > > > I have changed the global_family to filter_family, > > > and it is only used to pass the family to the callback, > > > the alternative would be to change the data argument of > > > the callbacks to a struct. > > > > I see changes with regards to previous patchset, not we don't use > > cidr. I think this is better since it allows a more compact way. > > > > I prefer the cidr-based approach, any reason to drop it? > > I decided to split them up in several patchsets, each having its > own merits. The netmask and CIDR patches are related, but one is about > filtering, and the other about adding some sugar to the option parsing. But we don't get anything with this extra option since it's basically equivalent to the cidr based filtering, right? > BTW: I mistakenly also marked the test patch v2, but this only is > the only one in this patchset from the old one. No problem. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
