Daniel Hartmeier wrote:

Heh, I grant you that it's fast :)

+       if (m->addr32[0] == 0xCAFEBABE) {
+               if (pf_x_match_addr)
+                       return pf_x_match_addr(a, m, b, af) ? !n : n;
+               return n;
+       }

But I think you need some out-of-band flag instead of a magic value.

0xCAFEBABE is 202.254.186.190 (plus minus byte order), a valid address
for KUNIRESEARCH. It would also match cafe:babe:: in case of IPv6.
Someone will want to use these as ordinary addresses, not indicating
table references. I doubt there's an address nobody will ever want to
filter on. Or can you think of one?

I'd go for something similar to what is used for the 'dynamic addresses'
(which are translated from interfaces in kernel).

On -CURRENT, I could just add a byte to pf_addr_wrap, or just put a "magic value"
into pf_addr_wrap.dyn_addr. In fact, the code would look much better on -CURRENT
with the new pf_addr_wrap which include the mask and everything.
Cedric


Reply via email to