On Friday 2008-11-28 08:15, Patrick McHardy wrote:
> Jan Engelhardt wrote:
>> On Thursday 2008-11-27 22:52, Pablo Neira Ayuso wrote:
>> > > I wonder a bit. iptables is fine with loading ipt_%s (mapped to xt_%s),
>> > > but conntrack requires an nfct-help-%s namespace and cannot use
>> > > nf_conntrack_%s?
>> > > Of course it makes sense to use a separate namespace - especially
>> > > in light of the nf_conntrack_ prefix used by both helpers and
>> > > protos, but I'm still asking.
>> > It is not the same point. The xt_* aliases in iptables were introduced
>> > to keep backward compatibility for iptables (old versions try to load
>> > ipt_* or ip6t_* modules, as they don't know anything about xt_*. Of
>> > course, this is no longer true for current iptables versions).
>>
>> Sadly enough, iptables still loads ipt_%s instead of xt_%s.
>> Maybe it's time for a patch..
>
> Its needed to select the proper module, f.i. in case of REJECT.
>
Yeah I figured that much. How about doing the same as
MODULE_ALIAS_NFCT_HELPER?
#define MODULE_ALIAS_NFXT(name, nfproto) \
MODULE_ALIAS("nfxt-" name "-" __stringify(nfproto))
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
