On 03/21/2013 04:04 PM, Stefan Berger wrote: > Linux netfilter at some point inverted the meaning of the '--ctdir reply' > and newer netfilter implementations now expect '--ctdir original' > instread and vice-versa. s/instread/instead/ > We probe for this netfilter change via a UDP message over loopback and 3 > filtering rules applied to INPUT. If the sent byte arrives, the newer > netfilter implementation has been detected. > > Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx> > > --- > src/nwfilter/nwfilter_ebiptables_driver.c | 123 > ++++++++++++++++++++++++++++++ > 1 file changed, 123 insertions(+) > > +/* > + * --ctdir original vs. reply's meaning was inverted in the netfilter > + * at some point. We probe for it. > + */ > +static bool iptables_ctdir_corrected = false; C guarantees that this is initialized to false without having to explicitly state that. Looks big, but it's a one-time probe done at initialization, and seems like it does the trick. You may want to wait for a review from Laine, but I didn't spot anything else wrong. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list