From mboxrd@z Thu Jan 1 00:00:00 1970 From: Hannes Eder Subject: Re: [PATCH 1/3] netfilter: xt_ipvs (netfilter matcher for IPVS) Date: Wed, 2 Sep 2009 18:05:54 +0200 Message-ID: References: <20090902101417.11561.45663.stgit@jazzy.zrh.corp.google.com> <20090902101527.11561.59498.stgit@jazzy.zrh.corp.google.com> <4A9E8711.1070807@trash.net> <4A9E90E4.9080805@trash.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: Patrick McHardy , lvs-devel@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, =?ISO-8859-1?Q?Fabien_Duch=EAne?= , Jean-Luc Fortemaison , Julian Anastasov , Julius Volz , Laurent Grawet , Simon Horman , Wensong Zhang To: Jan Engelhardt Return-path: In-Reply-To: Sender: lvs-devel-owner@vger.kernel.org List-Id: netfilter-devel.vger.kernel.org On Wed, Sep 2, 2009 at 17:49, Jan Engelhardt wrote: > > On Wednesday 2009-09-02 17:36, Patrick McHardy wrote: >>> >>> Nice, I'll use par->family. >>> >>> So in theory I do not even need a check like the following in the b= eginning? >>> >>> =A0 =A0 =A0if (family !=3D NFPROTO_IPV4 >>> #ifdef CONFIG_IP_VS_IPV6 >>> =A0 =A0 =A0 =A0 =A0&& family !=3D NFPROTO_IPV6 >>> #endif >>> =A0 =A0 =A0 =A0 =A0 =A0 =A0) { >>> =A0 =A0 =A0 =A0 =A0 =A0 =A0match =3D false; >>> =A0 =A0 =A0 =A0 =A0 =A0 =A0goto out; >>> =A0 =A0 =A0} >> >>With the AF_UNSPEC registration of your match, it might be used > > par->family always contains the NFPROTO of the invoking implementatio= n, > which can never be UNSPEC (except, in future, xtables2 ;-) > > par->match->family however may be UNSPEC if the module works that way= =2E > Which is why we have par->family. > I'll a check_entry function: static bool ipvs_mt_check(const struct xt_mtchk_param *par) { if (par->family !=3D NFPROTO_IPV4 #ifdef CONFIG_IP_VS_IPV6 && par->family !=3D NFPROTO_IPV6 #endif ) return false; return true; } and remove the runtime check in ipvs_mt.