Patrick McHardy wrote:
> Jan Engelhardt wrote:
>> On Jan 17 2008 14:52, Pablo Neira Ayuso wrote:
>>> Jan Engelhardt wrote:
>>>> + switch (tuple->dst.protonum) {
>>>> + case IPPROTO_TCP:
>>>> + case IPPROTO_UDP:
>>>> + case IPPROTO_SCTP:
>>> Minor nitpick. Add IPPROTO_UDPLITE.
>>
>> Yeah that can be easily added.
BTW, it would be great if we add support for layer 4 protocol state
matching, e.g. match TCP established. We can use this together with the
target that would mark certain events as volatile, e.g.
iptables -A 192.168.0.0/24 -m conntrack ! --tcp-state ESTABLISHED -j
VOLATILE
The idea behind this it that ctnetlink would ignore certain events,
thus, reducing CPU load.
--
"Los honestos son inadaptados sociales" -- Les Luthiers
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
