Pablo Neira Ayuso wrote:
Hi, Currently, we have tagged quite a lot of targets and matches with AF_UNSPEC as they are generic for the netfilter supported protocols. This is fine if we only think of ebtables, iptables and ip6tables but not for arptables, I doubt that all those target and matches can work with arptables - even if we still need the userspace support, of course. I think that we should fix those, right?
Looking through the list (targets only, arp_tables doesn't support matches): - CLASSIFY: OK - comment: OK - CONNMARK/CONNSECMARK: no effect - MARK: OK - NFLOG: OK - NOTRACK: no effect - RATEEST: should be OK - SECMARK: OK - TRACE: OK, but currently no effect So I don't think there really is a problem. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
