Thanks, the patch works.
Adding esp would be superfantabulous as well.
-Bryan
Pablo Neira Ayuso wrote:
Bryan Duff wrote:
//snip - conntrack search and attempted delete.
root@localhost / # conntrack -L -p gre unknown 47 27 src=60.60.60.151
dst=192.168.2.2 packets=6 bytes=648 [UNREPLIED] src=10.10.10.100
dst=60.60.60.151 packets=0 bytes=0 mark=2 use=1
conntrack v0.9.11 (conntrack-tools): 1 flow entries has been shown.
root@localhost / # conntrack -D -p gre
conntrack v0.9.11 (conntrack-tools): Operation failed: invalid parameters
//end snip
But I can delete tcp, udp, icmp conntrack entries. I can only guess
that there is a problem with "unknown" protocols like gre (haven't
checked on esp, and so forth). Using the protocol number (in this case
47) also fails.
No, it seems that the problem is that libnetfilter_conntrack-0.0.99 does
not include support for GRE yet.
I'm using libnfnetlink-0.0.40 and libnetfilter_conntrack-0.0.99
Kernel version 2.6.29-rc7. The conntrack version is that released on
the website (md5sum: ae97d335ad44e9611adde881490c8ec9).
The following patch should add it, it compiles, I didn't tested though.
I'd appreciate if you call tell me how it goes with it.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
