On Sat, Nov 17, 2007 at 08:48:12PM +0100, Patrick McHardy wrote: > The only downside I see is that it adds another 4 bytes to the conntrack > structure and distributions are probably going to enable it, like > everything else. Yep, that's a problem. > It would be nice if we could put this in a ct_extend > structure, but that would mean you're only able to set it for new > connections. What do you think about this? Complicates my life, but is the Right Thing. I'll work on this. Should we be considering the same for mark/secmark? Phil - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html