* New match ipt_nexthop
@ 2004-09-15 20:53 Samuel Jean
2004-09-15 21:46 ` Patrick McHardy
0 siblings, 1 reply; 3+ messages in thread
From: Samuel Jean @ 2004-09-15 20:53 UTC (permalink / raw)
To: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 432 bytes --]
Hi,
Attached is a pom-ng style patch that makes possible to match the
next-hop ipv4 of a packet.
Should work with both 2.4 and 2.6 but still in testing.
Notice that, for an unknown reason, the 2.6 Kconfig.ladd is appended to
the end of Kconfig. I'll be quite happy if someone could fix it and tell
me what was wrong. (I'm sorry for the inconvenient.)
Bad and good comments are welcome!
Thanks,
Samuel Jean
CookingLinux.org
[-- Attachment #2: nexthop-pomng.tar.gz --]
[-- Type: application/x-gzip, Size: 3426 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: New match ipt_nexthop
2004-09-15 20:53 New match ipt_nexthop Samuel Jean
@ 2004-09-15 21:46 ` Patrick McHardy
2004-09-16 1:20 ` Samuel Jean
0 siblings, 1 reply; 3+ messages in thread
From: Patrick McHardy @ 2004-09-15 21:46 UTC (permalink / raw)
To: Samuel Jean; +Cc: netfilter-devel
Samuel Jean wrote:
> Hi,
>
> Attached is a pom-ng style patch that makes possible to match the
> next-hop ipv4 of a packet.
Please attach the plain files next time.
>
> Should work with both 2.4 and 2.6 but still in testing.
>
> Notice that, for an unknown reason, the 2.6 Kconfig.ladd is appended
> to the end of Kconfig. I'll be quite happy if someone could fix it and
> tell me what was wrong. (I'm sorry for the inconvenient.)
>
> Bad and good comments are welcome!
We already have the realm match in the kernel, which matches the
routing realms. Is there anything you can't do with the realm
match but with your new match ?
Regards
Patrick
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: New match ipt_nexthop
2004-09-15 21:46 ` Patrick McHardy
@ 2004-09-16 1:20 ` Samuel Jean
0 siblings, 0 replies; 3+ messages in thread
From: Samuel Jean @ 2004-09-16 1:20 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netfilter-devel
Patrick McHardy wrote:
>>
>>
>> Bad and good comments are welcome!
>
>
>
> We already have the realm match in the kernel, which matches the
> routing realms. Is there anything you can't do with the realm
> match but with your new match ?
No, there isn't.
The realm match seems to do much more than what this new match can.
However, nexthop match doesn't require those realms routing keys and is
quite simple to set up.
router A : 192.168.0.1
router B : 192.168.0.2
iptables -A FORWARD -m nexthop --nexthop-ip 192.168.0.1 -j LOG
--log-prefix "Processed by A: "
iptables -A FORWARD -m nexthop --nexthop-ip 192.168.0.2 -j LOG
--log-prefix "Processed by B: "
I think it's not a question of functionnality, but simplicity.
Conclusion, I find this new match useless being given that realm match
can all do that.
>
> Regards
> Patrick
>
>
Cheers,
Samuel Jean
CookingLinux.org
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2004-09-16 1:20 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-09-15 20:53 New match ipt_nexthop Samuel Jean
2004-09-15 21:46 ` Patrick McHardy
2004-09-16 1:20 ` Samuel Jean
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.