From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: Re: xt_connlimit 20070707 kernel Date: Wed, 11 Jul 2007 20:04:25 +0200 Message-ID: <46951BA9.4010809@trash.net> References: <468E3E06.3080305@trash.net> <200707100630.l6A6UB8Q000847@toshiba.co.jp> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Cc: Netfilter Developer Mailing List , Yasuyuki KOZAKAI To: Jan Engelhardt Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org Jan Engelhardt wrote: > On Jul 10 2007 15:30, Yasuyuki KOZAKAI wrote: > >>>+ if (nf_ct_get_tuple(skb, 0, 0, match->family, match->proto, >>>+ &tuple, NULL, NULL) != 0) >>>+ goto hotdrop; >> >>The second argument is the offset to network protocol header, >>skb_network_offset(skb) (it is 0 in most cases, but it is more logical). >> >>IIRC nf_conntrack_proto_icmp[v6].c do same things. If I have any time >>at late night today, I'll write a generic function for them. > > > I have applied your three patches to receive the nf_ct_get_tuplepr() > function, and connlimit now reads: > > [...] > > But, nf_ct_get_tuplepr() returns with 1, and I am not sure why. Thats expected I guess, 1 is usually "success" for the tuple parsing functions.