Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964948AbWLTJMU (ORCPT ); Wed, 20 Dec 2006 04:12:20 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S964946AbWLTJMU (ORCPT ); Wed, 20 Dec 2006 04:12:20 -0500 Received: from tmailer.gwdg.de ([134.76.10.23]:36306 "EHLO tmailer.gwdg.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S964949AbWLTJMS (ORCPT ); Wed, 20 Dec 2006 04:12:18 -0500 Date: Wed, 20 Dec 2006 10:11:25 +0100 (MET) From: Jan Engelhardt To: Patrick McHardy cc: Netfilter Developer Mailing List , Linux Kernel Mailing List Subject: Re: [PATCH] xt_request_find_match In-Reply-To: <4588F175.8060109@trash.net> Message-ID: References: <4587D227.1000003@trash.net> <4587E91A.2020903@trash.net> <4588F175.8060109@trash.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Report: Content analysis: 0.0 points, 6.0 required _SUMMARY_ Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 886 Lines: 30 >Jan Engelhardt wrote: >> [...] >> >> Ok, but let's say I wanted to use a bigger match module (layer7, anyone?) >> Then it's just not if(protocol == IPPROTO_TCP). What's the preferred solution >> then? > >Make sure the user specifies the match on the command line before >your match. Look at the TCPMSS or REJECT targets for examples for >this. That would mean I'd have to -p tcp -m multiport --dport 1,2,3,4 -m time --time sundays -m lotsofothers -j TARGET -p udp -m multiport --dport 1,2,3,4 -m time --time sundays -m lotsofothers -j TARGET which can become quite computationally expensive - which I wanted to avoid. -`J' -- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/