From: Mr Dash Four <mr.dash.four@googlemail.com>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: Eric Paris <eparis@parisplace.org>,
netfilter@vger.kernel.org, sds@tycho.nsa.gov
Subject: Re: decipher the secmark number from nf_conntrack/ip_conntrack
Date: Thu, 23 Sep 2010 23:30:17 +0100 [thread overview]
Message-ID: <4C9BD4F9.3020107@googlemail.com> (raw)
In-Reply-To: <alpine.LNX.2.01.1009240002180.25685@obet.zrqbmnf.qr>
>> I am merely suggesting a fix for what should have been released in
>> the first place by correcting the value of secmark to show the
>> proper context instead of a number which means absolutely nothing to
>> anyone.
>>
>
> Exactly. Since the number is useless to most people, the procfs file
> practically never had the feature "display useful secmark". Which
> means that changing it is a feature addition rather than a bugfix.
>
Actually, no! The last time I checked this field was named secmark, not
secnumber! By its very name, secmark should have been displaying ...
well ... the secmark of that particular connection!
Whoever designed that part of the interface (it wasn't you by any
chance, was it?) thought, wrongly, that secmark means
'show-me-the-internal-number-the-kernel-uses-to-identify-that-security-mark-for-that-particular-connection'!
That, as already Eric pointed out, was wrong - the kernel should never
show its underpants in userspace (very well-put, I have to say!). So, by
all definitions - this is a bug (and not an additional feature) and it
has to be corrected.
What I cannot understand is this - why are you so stuck up on this not
getting corrected - are you afraid that if the secmark field bug is
fixed your precious conntrack-utils won't have as much appeal?
next prev parent reply other threads:[~2010-09-23 22:30 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-19 23:04 decipher the secmark number from nf_conntrack/ip_conntrack Mr Dash Four
2010-09-20 0:48 ` Jan Engelhardt
2010-09-20 10:41 ` Mr Dash Four
2010-09-20 12:23 ` Jan Engelhardt
2010-09-20 12:42 ` Mr Dash Four
2010-09-20 18:15 ` Mr Dash Four
2010-09-20 21:49 ` Tom Eastep
2010-09-20 23:26 ` Jan Engelhardt
2010-09-20 23:55 ` Tom Eastep
2010-09-21 9:59 ` Mr Dash Four
2010-09-21 20:13 ` Mr Dash Four
2010-09-21 20:26 ` Eric Paris
2010-09-21 21:00 ` Eric Paris
2010-09-21 22:38 ` Mr Dash Four
2010-09-21 22:42 ` Jan Engelhardt
2010-09-21 22:51 ` Mr Dash Four
2010-09-21 23:10 ` Eric Paris
2010-09-21 23:35 ` Jan Engelhardt
2010-09-23 18:39 ` Eric Paris
2010-09-23 18:49 ` Jan Engelhardt
2010-09-23 18:52 ` Eric Paris
2010-09-23 18:57 ` Jan Engelhardt
2010-09-23 18:58 ` Eric Paris
2010-09-23 19:20 ` Mr Dash Four
2010-09-23 19:51 ` Jan Engelhardt
2010-09-23 20:05 ` Mr Dash Four
2010-09-23 20:18 ` Mr Dash Four
2010-09-23 20:34 ` Eric Paris
2010-09-23 20:38 ` Mr Dash Four
2010-09-23 20:53 ` Jan Engelhardt
2010-09-23 20:56 ` Mr Dash Four
2010-09-23 21:23 ` Jan Engelhardt
2010-09-23 21:38 ` Mr Dash Four
2010-09-23 22:12 ` Jan Engelhardt
2010-09-23 22:30 ` Mr Dash Four [this message]
2010-09-23 22:42 ` Eric Paris
2010-09-23 23:59 ` Jan Engelhardt
2010-09-24 0:24 ` Tom Eastep
2010-09-24 0:32 ` Mr Dash Four
2010-09-24 1:18 ` Jan Engelhardt
2010-09-24 0:27 ` Mr Dash Four
2010-09-23 20:42 ` Jan Engelhardt
2010-09-23 20:53 ` Mr Dash Four
2010-09-21 22:29 ` Mr Dash Four
2010-09-22 2:25 ` Tom Eastep
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C9BD4F9.3020107@googlemail.com \
--to=mr.dash.four@googlemail.com \
--cc=eparis@parisplace.org \
--cc=jengelh@medozas.de \
--cc=netfilter@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox