Re: [PATCH] Conntrack targets/matches work with nfconntrack

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira <pablo@eurodev.net>
To: Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>
Cc: laforge@netfilter.org, netfilter-devel@lists.netfilter.org,
	kaber@trash.net
Subject: Re: [PATCH] Conntrack targets/matches work with nfconntrack
Date: Fri, 08 Apr 2005 10:23:02 +0200	[thread overview]
Message-ID: <42563F66.8030200@eurodev.net> (raw)
In-Reply-To: <200504080809.j3889P1Y001851@toshiba.co.jp>

Yasuyuki KOZAKAI wrote:
> From: Pablo Neira <pablo@eurodev.net>
> Date: Sat, 02 Apr 2005 23:25:42 +0200
> 
> 
>>Hi,
>>
>>This patch makes work conntrack related matches and targets with both 
>>ip_conntrack and nf_conntrack (ipt_state, ipt_CONNMARK, ipt_connmark, 
>>ipt_NOTRACK, ipt_conntrack). Two comments about this:
>>
>>o I've slighty modified the ip_conntrack structure to make it look like 
>>nf_conntrack.
>>
>>-               u_int32_t ip;
>>+               union {
>>+                       u_int32_t ip;
>>+               } u3;
>>
>>o This patch adds some ifdef's. I understand that this isn't the more 
>>elegant way to do this but it's rather straight forward. I think that 
>>this solution is not that bad since ip_conntrack will dissapear some day 
>>together with those ifdef's.
> 
> 
> This causes compatibility problem (at least, libipt_conntrack.c of iptables).
> Then this patch is acceptable for me if we can easily fix it.

No problem, Rusty had the same problem when he modified the layout of 
ip_conntrack_tuple. Have a look at struct ip_conntrack_old_tuple in 
ipt_conntrack.h.

Anyway I don't see any obvious way to make work NAT code yet.

--
Pablo

     prev parent reply	other threads:[~2005-04-08  8:23 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-02 21:25 [PATCH] Conntrack targets/matches work with nfconntrack Pablo Neira
2005-04-02 21:42 ` Pablo Neira
2005-04-06 18:30 ` nf_conntrack thoughts [was Re: [PATCH] Conntrack targets/matches work with nfconntrack] Pablo Neira
2005-04-08  8:09 ` [PATCH] Conntrack targets/matches work with nfconntrack Yasuyuki KOZAKAI
2005-04-08  8:23   ` Pablo Neira [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=42563F66.8030200@eurodev.net \
    --to=pablo@eurodev.net \
    --cc=kaber@trash.net \
    --cc=laforge@netfilter.org \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=yasuyuki.kozakai@toshiba.co.jp \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.