[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter-devel
Subject:    Re: Bug: "You must specify `--icmpv6-type'"
From:       Yasuyuki KOZAKAI <yasuyuki.kozakai () toshiba ! co ! jp>
Date:       2007-02-19 4:11:28
Message-ID: 200702190411.l1J4BTV3001831 () toshiba ! co ! jp
[Download RAW message or body]


Hi,

From: Max Kellermann <max@duempel.org>
Date: Tue, 13 Feb 2007 08:59:53 +0100

> On 2007/02/13 04:17, Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp> wrote:
> > I noticed libipt_icmp doesn't check no specified type, then applied
> > following.
> 
> Makes sense, to get the parameter checks in sync.  However your
> previous patch should also be applied, since it increases the
> manpage's correctness.
> 
> Is there any disadvantage in loading protocol modules when none of
> their checks is enabled?  Except maybe the CPU time spent in the
> module callback.

Good question. Unlike libip6t_icmp6, libipt_icmp has the option which matches
all ICMP type. iptables passes it to kernel if user specify no option of
icmp match. Then that check is unneccesary. I forgot that.

I've reverted the previous commit and added comment. Thanks for notice.

-- Yasuyuki Kozakai

[prev in list] [next in list] [prev in thread] [next in thread]