From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mr Dash Four Subject: Re: decipher the secmark number from nf_conntrack/ip_conntrack Date: Thu, 23 Sep 2010 20:20:46 +0100 Message-ID: <4C9BA88E.7080507@googlemail.com> References: <4C9696E5.4030803@googlemail.com> <4C973A6A.9010809@googlemail.com> <4C9756AB.5040304@googlemail.com> <4C97D6D6.9040805@shorewall.net> <4C988214.6050600@googlemail.com> <4C9911CE.6090209@googlemail.com> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id :disposition-notification-to:date:from:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=fL2gyMaqh9lot8yI2dkvR6NRPdFZZgfSzLgG04VtdUc=; b=j0EvohuE2sZVBNh+DTLvPTaCv9RS8HtoGfntZ0vIWHGs3980crUCD8vXZz3oqDpLwj 0Lr9iFWd5K43bCAIbpgOVvIVJ0jfEv0SH00hl/UC5LqQb9IpqwYk4yen7DF3p16SlOi5 QmbClj2Bx67UDg6nyeopbXiXGrmqGzpPfXv2w= In-Reply-To: Sender: netfilter-owner@vger.kernel.org List-ID: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: Jan Engelhardt Cc: Eric Paris , netfilter@vger.kernel.org, sds@tycho.nsa.gov > `./conntrack -L` is then what you use to test the changes. > Have I missed something? Are you actually suggesting that in order for me to see the new secmark changes (SELinux context shown in its full text glory instead of that useless number) I have to install conntrack-utils and use conntrack (the executable)? What happens to the new /nf(s)_conntrack and iptables -L? I assumed, as Eric suggested earlier, that would also be possible. Is that not still the case?