Hi, On Tue February 10 2009, Husnu Demir wrote: > Yes, > > I forgat to add that support :) But xt_state should not be seen if > nf_conntrack_ipv4 is not selected on the kernel config. It is useless > without nf_conntrack_ipv4 support. Well, xt_state doesn't depends on nf_conntrack_ipv4, it can also be use nf_conntrack_ipv6 or any other module you write yourself. The thing is that without nf_conntrack_ipv4 (or *_ipv6), it uses nf_conntrack_l3proto_generic, which won't be tracked, because get_l4proto(...) returns -NF_ACCEPT. Maybe it would be nice to return NF_ACCEPT, and then handle it with the generic layer 4 protocol handler. (set *protonum = 255 and let *dataoff unchanged) Just a little suggestion. Have a nice day. -- Christoph Paasch www.rollerbulls.be -- -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
