From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH conntrack] conntrack: label update requires a previous label in place
Date: Wed, 11 Oct 2023 11:35:36 +0200 [thread overview]
Message-ID: <20231011093536.129955-1-pablo@netfilter.org> (raw)
You have to set an initial label if you plan to update it later on. If
conntrack comes with no initial label, then it is not possible to attach
it later because conntrack extensions are created by the time the new
entry is created.
Update manpage to document this behaviour.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1622
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
conntrack.8 | 3 +++
1 file changed, 3 insertions(+)
diff --git a/conntrack.8 b/conntrack.8
index 031eaa4e9fef..f3610b15d4a6 100644
--- a/conntrack.8
+++ b/conntrack.8
@@ -193,6 +193,9 @@ Use multiple \-l options to specify multiple labels that need to be set.
Specify the conntrack label to add to the selected conntracks.
This option is only available in conjunction with "\-I, \-\-create",
"\-A, \-\-add" or "\-U, \-\-update".
+You must set a default label for conntracks initially if you plan to update it
+later, that is, "\-U, \-\-update" requires an initial label already. If you
+update a conntrack entry without an initial label, an error will be reported.
.TP
.BI "--label-del " "[LABEL]"
Specify the conntrack label to delete from the selected conntracks.
--
2.30.2
next reply other threads:[~2023-10-11 9:35 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-11 9:35 Pablo Neira Ayuso [this message]
-- strict thread matches above, loose matches on Subject: below --
2023-10-11 9:55 [PATCH conntrack] conntrack: label update requires a previous label in place Pablo Neira Ayuso
2023-10-11 10:24 ` Pablo Neira Ayuso
2023-10-11 11:10 ` Florian Westphal
2023-10-11 13:35 ` Pablo Neira Ayuso
2023-10-11 14:00 ` Florian Westphal
2023-10-11 15:05 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231011093536.129955-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).