size limit of 'other' field

Paul Rusty Russell
Fri, 19 Nov 1999 18:24:28 -0800

In message <> you write:
> I noticed that 'other' in ipt_matchinfo is declared as 
>  unsigned char other[16]
> if I want to store more than 16 bytes that is available in userspace to
> iptables, what would be the best way to go about this?

Hi Jeff,

	16 bytes was chosen because it was a `reasonable size'.  So is
64 bytes.  It depends on what you want to do, really.  If something is
of arbitrary size, you really need an external programming method
(your module can register a setsockopt/getsockopt to manipulate rule
contents, and the other[] field contains a pointer to it).

> also, is cascading of ipt_* modules possible? From what I've read this
> does not seem possible (yet?).

Marc and I discussed this, and it seemed like a degree of trouble.
Since you can obviously simulate this by chains, it's not *vital* even
if it would be nice.

Hacking time.