Follow packets in rules

Mon Jun 25 14:52:11 CEST 2007

Jan Engelhardt wrote:
>
> +static const char *hooknames[] = {
> +	[NF_IP_PRE_ROUTING] = "PREROUTING",
> +	[NF_IP_LOCAL_IN] = "INPUT",
> +	[NF_IP_FORWARD] = "FORWARD",
> +	[NF_IP_LOCAL_OUT] = "OUTPUT",
> +	[NF_IP_POST_ROUTING] = "POSTROUTING",
> +};
>
> Align it up.
>   

Yeah, I like that better as well.
>
>   
>> --- a/net/netfilter/Kconfig
>> @@ -343,6 +343,18 @@ config NETFILTER_XT_TARGET_NOTRACK
>>
>> [...]
>>
>> --- a/net/netfilter/Makefile
>> +++ b/net/netfilter/Makefile
>> @@ -44,6 +44,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_MARK) += xt_MARK.o
>> obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o
>> obj-$(CONFIG_NETFILTER_XT_TARGET_NFLOG) += xt_NFLOG.o
>> obj-$(CONFIG_NETFILTER_XT_TARGET_NOTRACK) += xt_NOTRACK.o
>> +obj-$(CONFIG_NETFILTER_XT_TARGET_TRACE) += xt_TRACE.o
>> obj-$(CONFIG_NETFILTER_XT_TARGET_SECMARK) += xt_SECMARK.o
>> obj-$(CONFIG_NETFILTER_XT_TARGET_TCPMSS) += xt_TCPMSS.o
>> obj-$(CONFIG_NETFILTER_XT_TARGET_CONNSECMARK) += xt_CONNSECMARK.o
>>     
>
> I don't know about your locale, but in mine,
> SECMARK < TCPMSS < TRACE holds.
> (Including CONNSECMARK < SECMARK, but that seems to be another thing.)
>   

They're not strictly alphabetically ordered. TRACE is next to NOTRACK
because they're both raw table targets. In the TRACE case I think it
would make sense to lift that restriction though.

>   
>> +MODULE_LICENSE("GPL");
>> +MODULE_ALIAS("ipt_TRACE");
>> +MODULE_ALIAS("ip6t_TRACE");
>>     
>
> No MODULE_AUTHOR/MODULE_DESCRIPTION?
>   

Not required. How really reads those anyway?

>   
>> +static struct xt_target xt_trace_target[] = {
>> +	{
>> +		.name		= "TRACE",
>>     
>                         ^ spaces?
>   

Thanks, will fix.