[PATCH] x_tables, take 5 (Final Review)

Harald Welte laforge at netfilter.org
Mon Jan 9 10:19:46 CET 2006 

On Mon, Jan 09, 2006 at 12:01:24AM +0100, Patrick McHardy wrote:
> OK, here are a couple of more comments.

thanks a lot.

> - xt_owner:
> 
> Unfortunately I think the owner match can't be converted to x_tables
> without breaking compatiblity with ip6_tables. The ip6_tables version
> never supported command and sid matching, so the structures differ in
> size and layout.

yes. The xt_owner file is not active and I should have deleted it from
the tree.  As you might have noticed, ip[6]t_owner.c are still present
and active.  I arrived at the same conclusion as you, but just never
removed the files.  done now.

> - xt_realm:
> 
> IPv6 doesn't use tclassid, so its currently useless for ip6_tables.
> Maybe keep it as an x_tables match and just don't register for
> ip6_tables.

This is actually what it does.  only registers for AF_INET.

> - xt_conntrack:
> 
> The existing match is unfixable IPv4 specific because of address sizes,
> NAT support, ..., so it also shouldn't register for IPv6. An
> IPv6-capable version probably needs to duplicate most of the code,
> but I'd keep it as x_tables match anyway.

mh, ok, removed AF_INET registration from my tree.

> - assertion while adding rules

oops, somebody is actually still using CONFIG_NETFILTER_DEBUG...

> I get this assertion while adding rules:
> ASSERT: CPU #0, filter comefrom(ecbaf05c) = 2
> 
> I assume its known because the place responsible for setting comefrom
> is surrounded by CONFIG_FIXME :) I'm going to look into fixing it.

Well, if you look into that, I'll rather work on something else now.
Just send me a patch :)

-- 
- Harald Welte <laforge at netfilter.org>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/netfilter-devel/attachments/20060109/d9f7ee99/attachment.pgp

More information about the netfilter-devel mailing list