From: Pablo Neira <pablo@eurodev.net>
To: Harald Welte <laforge@netfilter.org>
Cc: Netfilter Development Mailinglist <netfilter-devel@lists.netfilter.org>
Subject: Re: [PATCH 6/7] Fix expectation creation
Date: Tue, 02 Aug 2005 13:31:28 +0200 [thread overview]
Message-ID: <42EF5990.7010900@eurodev.net> (raw)
In-Reply-To: <20050802094722.GF4158@rama.de.gnumonks.org>
Harald Welte wrote:
> On Tue, Aug 02, 2005 at 09:45:56AM +0200, Harald Welte wrote:
>
>>On Mon, Aug 01, 2005 at 07:06:53PM +0200, Pablo Neira wrote:
>>
>>>Expectation creation is broken, now it works again.
>>
>>well, you also make it a nested attribute now. I'm not sure whether
>>this is the way to go. And if you do, there are certainly some CTA
>>values from nfnetlink_conntrack.h that need to be removed with the same
>>patch.
>
> Mh. I'm still somewhat undecided on this issue. We don't encapsulate
> 'struct ip_conntrack' in one nested attribute, but with your patch we do
> it for 'struct ip_conntrack_expect'. This sounds a bit inconsistent to
> me.
We could move CTA_EXPECT_[TUPLE|MASK] to ctattr_type, kill
CTA_EXPECT_[ID|TIMEOUT] and use CTA_[ID|TIMEOUT] but then we'll be in
trouble. See that during expectation creation we send the information
related with master conntrack and the expectation. We need a way to
separate what information is related with the conntrack, and what is
related with the expectation. Nesting a conntrack inside something like
CTA_CONNTRACK is too much I think.
See that an expectation doesn't have any meaning by itself without a
conntrack. That's why I decided to keep it as a nested attributes inside
a conntrack. Because of the implicit relationship that links them.
> Independent of this discussion, could you please submit two patches:
> 1) one that just fixes the bug(s) that you currently see with expect_create
> 2) one patch incremental to '1)' that adds nesting of expectations.
Sorry, I don't understand how I can do this yet. I see that 1) and 2)
can't be split since the bug is that (based on the current structure of
conntrack netlink attributes), we need to parse CTA_EXPECT nested
attributes and we aren't doing it.
--
Pablo
next prev parent reply other threads:[~2005-08-02 11:31 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-08-01 17:06 [PATCH 6/7] Fix expectation creation Pablo Neira
2005-08-01 20:26 ` Harald Welte
[not found] ` <20050802074556.GB4158@rama.de.gnumonks.org>
2005-08-02 9:47 ` Harald Welte
2005-08-02 11:31 ` Pablo Neira [this message]
2005-08-02 15:14 ` Harald Welte
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42EF5990.7010900@eurodev.net \
--to=pablo@eurodev.net \
--cc=laforge@netfilter.org \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.