[RELEASE] iptables 1.0.0 beta
bert hubert
ahu@ds9a.nl
Wed, 29 Mar 2000 23:50:01 +0200
On Wed, Mar 29, 2000 at 10:40:17PM +1000, Rusty Russell wrote:
> Hi all!
>
> http://netfilter.kernelnotes.org
> http://antarctica.penguincomputing.com/~netfilter
> http://www.samba.org/netfilter
Regarding the issue with the limit match, and my hideous patch for it.
Suppose we add a 'size_t userlen' field as the first variable in the
match_info structs, which is initialized to zero initially (by fw_calloc -
took me a while to figure out where you allocated room for the data
structure - smart idea, the [0] array..).
Matches which have a kernel-modifiable part need to set this variable to the
number of bytes that are not touched.
Once we do the compare to see if two rules are identical, we first check if
userlen=*((int *)match_info) is 0, if so, we compare the entire struct, otherwise
only the the first userlen bytes.
I'm not sure how this sits with allignment issues, though.
Regards,
bert hubert.
--
| http://www.rent-a-nerd.nl
|
| - U N I X -
| Inspice et cautus eris - D11T'95