nfct parameters

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* nfct parameters
@ 2016-04-07  9:31 Mart Frauenlob
  2016-04-07 17:02 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 2+ messages in thread
From: Mart Frauenlob @ 2016-04-07  9:31 UTC (permalink / raw)
  To: netfilter-devel

Good day,

while I'm writing bash completion code for conntrack-tools, I browsed 
through the source and found some things, that raised this questions for 
me (I'm no C developer, so limited here).

1: Are there three undocumented parameters?
namely: disable, default-get, default-set
At least there are functions that do something... not sure what exactly 
w/ the default-* cmds.

2: in src/nfct-extensions/timeout.c there is:

static void
nfct_cmd_timeout_usage(char *argv[])
{
     fprintf(stderr, "nfct v%s: Missing command\n"
             "%s <list|add|delete|get|flush|set> timeout "
             "[<parameters>, ...]\n", VERSION, argv[0]);
}

Where a 'set' command is printed. Which is another discrepancy?

If my reading is correct, please take this mail as a bug report.

Best regards,
Mart

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: nfct parameters
  2016-04-07  9:31 nfct parameters Mart Frauenlob
@ 2016-04-07 17:02 ` Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2016-04-07 17:02 UTC (permalink / raw)
  To: Mart Frauenlob; +Cc: netfilter-devel

On Thu, Apr 07, 2016 at 11:31:56AM +0200, Mart Frauenlob wrote:
> Good day,
> 
> while I'm writing bash completion code for conntrack-tools, I browsed
> through the source and found some things, that raised this questions for me
> (I'm no C developer, so limited here).
> 
> 1: Are there three undocumented parameters?
> namely: disable, default-get, default-set
> At least there are functions that do something... not sure what exactly w/
> the default-* cmds.

They set the default timeouts. They provide a replacement for the
/proc/ interface to set default conntrack protocol timeouts.

'disable' is for userspace helpers. You can disable enqueueing packets
to userspace for helper inspection.

> 2: in src/nfct-extensions/timeout.c there is:
> 
> static void
> nfct_cmd_timeout_usage(char *argv[])
> {
>     fprintf(stderr, "nfct v%s: Missing command\n"
>             "%s <list|add|delete|get|flush|set> timeout "
>             "[<parameters>, ...]\n", VERSION, argv[0]);
> }
> 
> Where a 'set' command is printed. Which is another discrepancy?
> 
> If my reading is correct, please take this mail as a bug report.

Right, we seem not to have any 'set' there.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2016-04-07 17:02 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-04-07  9:31 nfct parameters Mart Frauenlob
2016-04-07 17:02 ` Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).