Hi, On Mon, Jun 16, 2008 at 10:52:28PM +0200, Patrick McHardy wrote: > I'm wondering, how is this expectation creation working at all? > The NULL expectfn makes me think it will crash as soon as the > expectation arrives. This *needs* support from the helpers to > properly set the expectfn. The nf_nat_follow_master did the trick for me if I set the expectation entry from user space. With NULL expectfn it didn't work. > And more specific to this problem: back when Harald was working > on userspace helpers, the idea was to add a dummy helper specifically > so we have one to assign to the connection. The helper would (IIRC) > just queue the expected packets and userspace could take it from > there. Of course queuing could be made optional and (f.i.) it could > just use nf_nat_follow_master. I'd like to create a cross-platform user space ftp proxy, not a nf conntrack+nat helper module, so my goals are a bit different. The netfilter code contains everything I need, and the netlink interface is quite good to instruct the kernel code to do as the proxy wants. > And related to this patch: the direction needs to be provided > by userspace to be generically useful. The saved_port (and saved_ip > possibly) could either be provided by userspace or selected > based on a couple of flags. Yes, it's a good idea to send these parameters as attributes to the expect creation netlink message. Bye, Bozo -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
