Hi Eric, Eric Leblond wrote: > Hello, > > On Friday, 2008 May 16 at 12:52:38 +0200, Pablo Neira Ayuso wrote: >> Eric Leblond wrote: >>> Hello, >>> >>> On Thursday, 2008 May 15 at 15:48:38 +0200, Pablo Neira Ayuso wrote: >> Missing chunks. Sorry. Attached a new patch. > > Ok, that's better but the latest subversion^W git version of > libnetfilter_conntrack is needed to compile. Yes, the patch attached (04configure.patch) should be fine to check for the appropriate library versions. > I've got some remaark regarding the patch: > >> struct ct_timestamp { >> - struct llist_head list; >> struct timeval time[__TIME_MAX]; >> - int id; >> -}; > > Why do we get completly get rid of the ID ? It will be available in the > upcoming kernel version and it will be more efficient to use it if the > kernel has support for it. The ID is inside the nf_conntrack object. However, if we use the ID to index the conntracks in the hash, we'll have to explicitly request a linux kernel >= 2.6.25 for ulogd2. Also, I consider that the ID is not enough to identify a conntrack, the tuple plus the ID provides a better unique identifier. By using this patch, we only use the tuple to identify a conntrack as for now. >> - if (type == NFCT_MSG_NEW) { >> - if (usehash_ce(upi->config_kset).u.value != 0) { >> - ct_hash_add(cpi->ct_active, nfct_get_attr_u32(ct, ATTR_ID)); >> - return 0; >> + if (usehash_ce(upi->config_kset).u.value == 0) >> + return NFCT_CB_CONTINUE; > > This one is really rude ! it is equivalent to no logging at all if we > don't use the hash system. I have fixed it. Thanks for noticing it. Attached a new patch. > I've encounter an other problem which is that hash.c is not compiled > because it has not been included in a Makefile.am (at least it is not in > the patch). Also fixed, the change was in my tree, I forgot to include it in the patch. > I will send soon a rework of my patch about timestamp issue with a modification > of this behaviour (in testing phase for now). OK, thanks. I have also attached a new version of 00fixnfct.patch. The complete patchset is available at my people.netfilter.org place [1]. [1] http://people.netfilter.org/pablo/ulogd2/ -- "Los honestos son inadaptados sociales" -- Les Luthiers