Phil Oester wrote:
On Wed, Nov 28, 2007 at 10:06:16AM +0100, Patrick McHardy wrote:
I think the patch is useful, but I wonder how long it will take until
people want to override timeouts for other connection states. I'm
also looking for a way to pass parameters for new connections to
helpers (most of the things that are currently module parameters),
so maybe we could generalize this to a conntrack parameter target?
In thinking about this, it seems like a HELPER target would be
useful, for instance if some random FTP server ran on a non-standard
port and we wanted the FTP helper to be used. Something like:
-s X -p 210 -j HELPER --helper ftp
Or did you have something else in mind, such as being able to
change the _global_ ports in use by the FTP helper? (or both?)
I suppose we could allow adjustment of other timeouts by
having multiple arguments to -j TIMEOUT, such as --syn_sent,
--syn_recv, etc. though the check() becomes more complicated
between the various protos.
Long delay due to Christmas, sorry ..
Yes, manually attaching helpers would also be useful, but I
was mainly thinking of helper-specific parameters, like in
the case of FTP, "loose", for SIP the timeouts, etc.
Ideally such a target should support both.
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
