[PATCH 1/2] Versioning (aka release) stuff for iptables
Pablo Neira
pablo at eurodev.net
Sat Dec 25 22:31:43 CET 2004
Hi Rusty,
I've been working on the versioning stuff last days. I've tested with
the mark target.
As I told you, I propose to add an option called --release to the
current syntax of iptables which works as follows:
a) New version of matches/targets: iptables -I INPUT -t mangle -j MARK
--release 1 --and-mark 0x1
b) Primitive version. To keep backward compatibility, the syntax is the
same, no modification: iptables -I INPUT -t mangle -j MARK --set-mark 0x1
Optionally, someone could apply this: iptables -I INPUT -t mangle -j
MARK --release 0 --set-mark 0x1
To finish, some comments about what I have in mind for next days:
1) Test this stuff in nfsim with a test case based on yours.
2) Clean up the kernel patch that I sent you some weeks ago and rename
field `version' to `release'
3) port mport match to multiport to test that versioning stuff is
working fine with matches.
4) More testing...
Please, comments welcome.
--
Pablo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xmas-version.patch
Type: text/x-patch
Size: 12751 bytes
Desc: not available
Url : /pipermail/netfilter-devel/attachments/20041225/76893fc8/xmas-version.bin
More information about the netfilter-devel
mailing list