[PATCH 1/4] Fix expectaction mask dumping, take #3
Yasuyuki KOZAKAI
yasuyuki.kozakai at toshiba.co.jp
Wed Feb 22 14:01:46 CET 2006
From: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Wed, 22 Feb 2006 04:20:39 +0100
> > The problem is that currently the expectation mask is not dumped.
> > find_l3proto returns the generic protocol handler for 0xFF, and that
> > doesn't dump any layer 3 information.
Yes, I want this bug to go away before 2.6.16 is shipped.
> > Moreover, the expectation mask has
> > l3num value that is different from the l3num in the nfnetlink header,
> > that's why I introduced this field.
Yes, but in the current code l3num in expectation mask is always 0xff.
And even if we port all helpers of ip_conntrack to nf_conntrack,
they will set 0xff to l3num.
Which situation kernel wants to set the value except of 0xff to l3num
in expectation mask ?
> > I can send a patch to remove the expectation mask dumping but I'm not
> > sure if this information could be useful for userspace helpers. Harald?
>
> I think I can answer myself after some thinking: in order to create an
> expectation from userspace we will need to set the value of l3num of the
> expectation mask. Such value will be different from the value in the
> nfnetlink header, so I still think that we need that new CTA_L3NUM
> attribute.
The similar question can arise. Which situation userspace wants to set
the value except of 0xff in l3num in expectation mask ?
-- Yasuyuki Kozakai
More information about the netfilter-devel
mailing list