Daniel Hartmeier wrote:
On -CURRENT, I could just add a byte to pf_addr_wrap, or just put a "magic value"Heh, I grant you that it's fast :)+ if (m->addr32[0] == 0xCAFEBABE) { + if (pf_x_match_addr) + return pf_x_match_addr(a, m, b, af) ? !n : n; + return n; + } But I think you need some out-of-band flag instead of a magic value. 0xCAFEBABE is 202.254.186.190 (plus minus byte order), a valid address for KUNIRESEARCH. It would also match cafe:babe:: in case of IPv6. Someone will want to use these as ordinary addresses, not indicating table references. I doubt there's an address nobody will ever want to filter on. Or can you think of one? I'd go for something similar to what is used for the 'dynamic addresses' (which are translated from interfaces in kernel).
into pf_addr_wrap.dyn_addr. In fact, the code would look much better on -CURRENT
with the new pf_addr_wrap which include the mask and everything.
Cedric
