[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter-devel
Subject:    Re: Plans for future iptables versions / jumpset feature
From:       Patrick McHardy <kaber () trash ! net>
Date:       2008-05-23 13:28:37
Message-ID: 4836C685.90207 () trash ! net
[Download RAW message or body]

Thomas Jacob wrote:
> On Fri, 2008-05-23 at 14:15 +0200, Patrick McHardy wrote:
>> Basically, you'd change (in ipt_do_table):
>>
>>                                  int newpos = t->verdict; 
>>
>>
>> to get the new position from the target module. This probably
>> requires to change the target function signature. Alternatively
>> you could try to encode it in the verdict. Loop detection
>> needs some way to get all possible jumps from the target
>> and check each possible path. Maybe the easiest way is probably
>> a target built into ip_tables.c
> 
> Out of curiosity, if Nishit would actually do it (@Nishit: if you do,
> maybe we could work together on this?) but there are really major
> changes afoot for netfilter during the course of this year, wouldn't
> those changes make such an extension obsolete and/or pretty
> difficult to port to the new netfilter?

If its sanely designed, there shouldn't be much trouble porting
it, especially since this feature will be implemented anyways.

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]