On Thu, Oct 03, 2024 at 08:50:12PM +0200, Jan Engelhardt wrote:
>
> On Thursday 2024-10-03 20:30, Florian Westphal wrote:
> >
> >Module registers to NFPROTO_UNSPEC, but it assumes ipv4/ipv6 packet
> >processing. As this is only useful to restrict locally terminating
> >TCP/UDP traffic, reject non-ip families at rule load time.
> >
> >@@ -124,6 +124,14 @@ static int xt_cluster_mt_checkentry(const struct xt_mtchk_param *par)
> > struct xt_cluster_match_info *info = par->matchinfo;
> > int ret;
> >
> >+ switch (par->family) {
> >+ case NFPROTO_IPV4:
> >+ case NFPROTO_IPV6:
> >+ break;
> >+ default:
> >+ return -EAFNOSUPPORT;
> >+ }
>
> I wonder if we could just implement the logic for it.
> Like this patch [untested!]:
Thanks, I considered this too, I don't think it is worth to support
this for ebtables, I don't have a use case for this.
