[RFC] ct_sync 0.15 (corrected)
Jozsef Kadlecsik
kadlec at blackhole.kfki.hu
Thu Aug 26 13:39:33 CEST 2004
Hi,
On Thu, 26 Aug 2004, KOVACS Krisztian wrote:
> > We could add the expect function to the ip_conntrack_helper structure and
> > identify it by the helper name in the update messages. The unregistered
> > helper in the H.323 conntrack/nat module could be registered with an
> > invalid, never matching port and let the expect function handle it as
> > before (because the real port is dynamic). I think that'd be sufficient in
> > solving the replication problem.
>
> Sounds good. This way the could replicate the expectfn function along
> with the conntrack helper structure, and the unregistered helpers could
> be handled as well. Although this might be a bit more complicated than
> the current solution, but if we have to do some evil magic to handle
> H.323, we should do that in a ct_sync compatible manner if possible...
Because the so far unregistered H.323 helper were registered, that would
be fully ct_sync compatible, without the need to modify anyting in
ct_sync. The core/ct_sync should be modified for the expectn only and
that's a general requirement, independent of the H.323 helper.
Best regards,
Jozsef
-
E-mail : kadlec at blackhole.kfki.hu, kadlec at sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary
More information about the netfilter-devel
mailing list