Daniel Hartmeier wrote:
Heh, I grant you that it's fast :)+ if (m->addr32[0] == 0xCAFEBABE) { + if (pf_x_match_addr) + return pf_x_match_addr(a, m, b, af) ? !n : n; + return n; + } But I think you need some out-of-band flag instead of a magic value.
That would probably be cleaner, but require more changes to PF.
0xCAFEBABE is 202.254.186.190 (plus minus byte order), a valid address for KUNIRESEARCH.
Yes, it's a valid address, but not a valid mask :) Cedric
It would also match cafe:babe:: in case of IPv6.
Someone will want to use these as ordinary addresses, not indicating
table references. I doubt there's an address nobody will ever want to
filter on. Or can you think of one?
I'd go for something similar to what is used for the 'dynamic addresses'
(which are translated from interfaces in kernel).
Daniel
