Re: [PATCH] iptables: restore NOTRACK functionality, target aliasing

[Pablo Neira Ayuso <pablo@netfilter.org>]

On Mon, Oct 08, 2012 at 02:32:36AM +0200, Jan Engelhardt wrote:
> Commit v1.4.16-1-g2aaa7ec is testing for real_name (not) being NULL
> which was always false (true). real_name was never NULL, so cs->jumpto
> would always be used, which rendered -j NOTRACK unusable, since the
> chosen real name.revision is for example NOTRACK.1, which does not exist
> at the kernel side.
> 
> 	# ./iptables/xtables-multi main4 -t raw -A foo -j NOTRACK
> 	dbg: Using NOTRACK.1
> 	WARNING: The NOTRACK target is obsolete. Use CT instead.
> 	iptables: Protocol wrong type for socket.
> 
> To reasonably support the extra-special verdict names, make it so that
> real_name remains NULL when an extension defined no alias, which we can
> then use to determine whether the user entered an alias name (which
> needs to be followed) or not.

I have applied this and made a new release.

I kindly told you. I don't want late patches to hit iptables if I'm
about to release it, ie. close to when the Linux kernel comes out.

The reason was that chances to hit bugs and not noticing becomes
higher. In other words, stick to conservative mode.

Let this serve as proof of it.

You disregarded my advice and now we have this shame, three releases
in one day just because of rushing.