Am 21.09.2010 11:35, schrieb Pablo Neira Ayuso: > This patch adds the basic infrastructure to support user-space > expectation helpers via ctnetlink and the netfilter queuing > infrastructure NFQUEUE. Basically, this patch: > > * adds NF_CT_EXPECT_USERSPACE flag to identify user-space > created expectations. I have also added a sanity check in > __nf_ct_expect_check() to avoid that kernel-space helpers > may create an expectation if the master conntrack has no > helper assigned. > * adds some branches to check if the master conntrack helper > exists, otherwise we skip the code that refers to kernel-space > helper such as the local expectation list and the expectation > policy. > * allows to set the timeout for user-space expectations with > no helper assigned. > > This patch also modifies ctnetlink to skip including the helper > name in the Netlink messages if no kernel-space helper is set > (since no user-space expectation has not kernel-space kernel > assigned). > > You can access an example user-space FTP conntrack helper at: > http://people.netfilter.org/pablo/nf-ftp-helper-userspace-POC.tar.bz Applied, thanks Pablo. I've also fixed up the URL to include userspace-conntrack-helpers/ in the path :) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
