Hi,
I have two questions regarding this patch.
On Tue January 27 2009, Eric Leblond wrote:
> + type = icmp6h->icmp6_type - 130;
> + if (type >= 0 && type < sizeof(noct_valid_new)
> + && noct_valid_new[type]) {
> + skb->nfct = &nf_conntrack_untracked.ct_general;
> + skb->nfctinfo = IP_CT_NEW;
> + nf_conntrack_get(skb->nfct);
> + return NF_ACCEPT;
> + }
Why do you set skb->nfctinfo = IP_CT_NEW?
Because in xt_state.c, at state_mt(...) :
if it is in front of an untracked packet (using nf_ct_is_untracked(skb)) it
automatically sets the statebit to UNTRACKED and so the IP_CT_NEW isn't used.
Why do you return NF_ACCEPT and not -NF_ACCEPT?
By returning a positiv value, the packet will continue it's way through the
connection tracker.
I hope that I was clear.
Please correct me if I'm wrong...
Greetings,
--
Christoph Paasch
École Polytechnique de Louvain
Département d'ingénierie informatique
www.rollerbulls.be
--
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
