Re: [PATCH] Set mark to 0 from libnetfilter_conntrack

[Eric Leblond <eric@inl.fr>]

[-- Attachment #1: Type: text/plain, Size: 1517 bytes --]

Hello,

Le jeudi 26 octobre 2006 à 01:37 +0200, Patrick McHardy a écrit :
> The idea is still the right one, I think the library
> should take care of adding a CTA_MARK attribute without any user bitmask
> fiddling by including it if the value differs from the mark contained in
> the received conntrack. I think Pablo's new API will allow this.

What's the status of this new API ? Current status of
libnetfilter_conntrack code is really disappointing.

We at INL are currently working on using libnetfilter_conntrack to
provide tools for firewall administrators. The first one
pynetfilter_conntrack is already available and a web management
interface will soon be released. By doing this we are trying to improve
the usability of this new system.

We are doing this because we think the new features provided by
libnetfilter_conntrack really improve a lot the way we use and "live"
with a Netfilter firewall.

Sadly, the uncertainty on code evolution and the lack of frequent
releases are wounding the expansion of these ideas.

From my point of view, a decision on libnetfilter_conntrack
developpement should be made quickly :
      * Should pablo's version become the next step in this branch ? or
      * Is it necessary to create a new branch to keep a stable version
        and have compatibility with the few existing applications ?

Best regards,

PS:
pynetfilter_conntrack : http://software.inl.fr/trac/trac.cgi/wiki/pynetfilter_conntrack
-- 
Eric Leblond <eric@inl.fr>

[-- Attachment #2: Ceci est une partie de message numériquement signée --]
[-- Type: application/pgp-signature, Size: 189 bytes --]