[PATCH 1/3][CONNTRACK] Introduce flag facilities to take over TCP connections

Pablo Neira Ayuso pablo at netfilter.org
Wed Nov 29 15:27:17 CET 2006


Patrick McHardy wrote:
> Pablo Neira Ayuso wrote:
>> Hi Patrick,
>>
>> I reworked the previous patch based on some of your suggestions. Let me
>> know what you think.
> 
> We're almost there :)
> 
>> +	/* skip window scale and flags dump if hard tracking is by passed */
> 
> minor nitpick: bypassed

OK ;)

>> +	NFA_PUT(skb, CTA_PROTOINFO_TCP_FLAGS_ORIGINAL, sizeof(u_int8_t),
>> +		&ct->proto.tcp.seen[0].flags);
>> +	
>> +	NFA_PUT(skb, CTA_PROTOINFO_TCP_FLAGS_REPLY, sizeof(u_int8_t),
>> +		&ct->proto.tcp.seen[1].flags);
> 
> The attributes should contain the same data type in both directions,
> the receive side expects a structure.

how could the mask field make sense for the dumping?

-- 
The dawn of the fourth age of Linux firewalling is coming; a time of
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris



More information about the netfilter-devel mailing list