From mboxrd@z Thu Jan 1 00:00:00 1970 From: Fabrice MARIE Subject: Re: ipt_time fixes (resend, sorry) Date: Wed, 16 Feb 2005 23:24:54 +0800 Message-ID: <200502162324.55174.fabrice@netfilter.org> References: <200502152323.11942.fabrice@netfilter.org> Reply-To: fabrice@netfilter.org Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Cc: Harald Welte , netfilter-devel@lists.netfilter.org Return-path: To: Krzysztof Oledzki In-Reply-To: Content-Disposition: inline List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org Hi, On Tuesday 15 February 2005 23:58, Krzysztof Oledzki wrote: > True. Talking about negation of -m (match). Excuse me for my question, > maybe this is obvious, but.. why we don't have a negation for -m > (match) like for -p (protocol)? There is one actually. If you look at the existing code of libipt_time.c you'll see that I explicitly prevented the negation operator long time ago. But it's very straight forward to enable it, and implement a check in kernelspace to see if the match is negated or not prior to doing the matching. Have a nice day, Fabrice. -- Fabrice MARIE "Silly hacker, root is for administrators" -Unknown