| Message ID | 1441731291-21342-4-git-send-email-pablo@netfilter.org |
|---|---|
| State | RFC |
| Delegated to: | Pablo Neira |
| Headers | show |
On Tue, Sep 08, 2015 at 06:54:51PM +0200, Pablo Neira Ayuso wrote: [...] > rename from net/netfilter/nfnetlink_queue_core.c > rename to net/netfilter/nfnetlink_queue.c So you know though, we can delete the nfnetlink_queue_core.o line from Makefile. May I suggest one thing? How about returning -EOPNOTSUPP at nfqnl_recv_config() if derefering nfq_ct_hook is NULL? Thanks, -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, Sep 09, 2015 at 06:55:16PM +0900, Ken-ichirou MATSUZAWA wrote: > On Tue, Sep 08, 2015 at 06:54:51PM +0200, Pablo Neira Ayuso wrote: > [...] > > rename from net/netfilter/nfnetlink_queue_core.c > > rename to net/netfilter/nfnetlink_queue.c > > So you know though, we can delete the nfnetlink_queue_core.o line > from Makefile. Right, the Makefile update is missing. I'm going to fix that here. > May I suggest one thing? How about returning -EOPNOTSUPP at > nfqnl_recv_config() if derefering nfq_ct_hook is NULL? Makes sense. Thus, the user knows that it is not supported, please send a patch for that. BTW, I think it would be good to add the missing code on nfqnl_recv_verdict_batch() to support conntrack there too. Would you add that code for nfnetlink_queue.c? Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Thu, Sep 10, 2015 at 02:09:58AM +0200, Pablo Neira Ayuso wrote: > BTW, I think it would be good to add the missing code on > nfqnl_recv_verdict_batch() to support conntrack there too. Would you Sorry, I have never used it and I tried to understand, but... It seems batch verdict mark and reinject packets in nfqueue its id is less than user requested. What does conntrack (and payload) work on it? update all conntrack expectations less than the id, to the same one user requests? Thanks, -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi, > On Wed, Sep 09, 2015 at 06:55:16PM +0900, Ken-ichirou MATSUZAWA wrote: > > On Tue, Sep 08, 2015 at 06:54:51PM +0200, Pablo Neira Ayuso wrote: > > [...] > > May I suggest one thing? How about returning -EOPNOTSUPP at > > nfqnl_recv_config() if derefering nfq_ct_hook is NULL? > > Makes sense. Thus, the user knows that it is not supported, please > send a patch for that. Would you review the following patch? It applies on top of your "Rework nfnetlink_queue conntrack support" series. Thanks, -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue.c
similarity index 100%
rename from net/netfilter/nfnetlink_queue_core.c
rename to net/netfilter/nfnetlink_queue.c
Now that we have integrated the ct glue code into nfnetlink_queue without introducing dependencies with the conntrack code. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- net/netfilter/{nfnetlink_queue_core.c => nfnetlink_queue.c} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename net/netfilter/{nfnetlink_queue_core.c => nfnetlink_queue.c} (100%)