On Monday 19 June 2006 2:15 am, Pablo Neira Ayuso wrote:
> Unfortunately, your patch breaks old iptables binaries,
so it can't
> guarantee backward compatibility :(
I explicitly devoloped it in order not to break
compatibility with userspace.
Did you test it? What problems did you experience?
Of course I break API compatibility within the kernel, so
this is an all or
nothing patch. If people think it's useful it should be
merged in the
mainline kernel and every patchlet updated accordingly.
I think this API is cleaner and more expressive.
> /* Used inside the kernel */
> struct xt_match *match;
> + void *entry_data;
> } kernel;
>
> You can't modify the layout of xt_entry_[match|target]
since this
> structure is shared between userspace (iptables) and
kernel space.
You're right, but I modified the kernel side of a union and
I was careful not
to change the total size. This union is never really used by
both sides
simultaneously.
--
Saluti,
Massimiliano Hofer
Nucleus
|