From: Pablo Neira Ayuso <pablo@netfilter.org>
To: holger@eitzenberger.org
Cc: netfilter-devel@vger.kernel.org, kaber@trash.net
Subject: Re: [PATCH RFC 0/2] icmpv6: match any ICMPv6 error/informational type
Date: Fri, 5 Apr 2013 18:09:03 +0200 [thread overview]
Message-ID: <20130405160903.GA5293@localhost> (raw)
In-Reply-To: <20130403142729.484857089@eitzenberger.org>
On Wed, Apr 03, 2013 at 04:27:29PM +0200, holger@eitzenberger.org wrote:
> Hi,
>
> for streamlining our ip6tables ruleset it would be helpfull to match
> on *any* ICMPv6 informational type. If not being able to specify any
> informational type it would be required to specify the most common
> types excplicitely, with as many rules as types. And then with the
> risk of missing some of them.
>
> Therefore the attached two patches implement the ability to match on
> any ICMPv6 informational (--icmpv6-info) or error (--icmpv6-error)
> type.
>
> I made the options --icmpv6-type, --icmpv6-error and --icmpv6-info
> mutually exclusive.
>
> These are the points I'd like your comment specifically:
>
> 1. I tried not to introduce a new revision by reusing the
> icmpv6_icmp.invflags for the new flags.
>
> 2. I think I can even rename icmpv6_icmp.invflags to icmpv6_icmp.flags
> because the ABI still being the same. I did this because the name
> 'invflags' being slightly misleading otherwise.
>
> 3. the F_* flags in the iptables extensions are the same values as
> the IP6T_ICMP_* values. Should I use the IP6T_ICMP_* values
> in the extension?
>
> Or add a new revision instead?
Please, add a new revision. The ABI will not be broken, but people
using new iptables versions with old kernels will not get any specific
error report telling that what they specify will not work.
Thanks.
next prev parent reply other threads:[~2013-04-05 16:09 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-03 14:27 [PATCH RFC 0/2] icmpv6: match any ICMPv6 error/informational type holger
2013-04-03 14:27 ` [PATCH RFC 1/2] icmp6: match on errors and informational types holger
2013-04-03 14:27 ` [PATCH RFC 2/2] icmp6: match on errors and informational messages holger
2013-04-05 16:09 ` Pablo Neira Ayuso [this message]
2013-04-05 19:19 ` [PATCH RFC 0/2] icmpv6: match any ICMPv6 error/informational type Holger Eitzenberger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130405160903.GA5293@localhost \
--to=pablo@netfilter.org \
--cc=holger@eitzenberger.org \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).