All I want is a friendlier output from conntrack, why should I reinvent
the wheel?
Why doing things in user-space is reinventing the wheel?
When I'm using TRACE I'll get a lot of log messages.
But I'm not interested in logs, I have already enough of them.
I want a session table where I can see what sessions are allowed by
which rules.
I would have to write a tool like conntrack which builds me a session table
from all these logs.
I personally like the patch and find it quite useful, though I also
think that tracing/tracking/matching sessions and rules could be
improved and made more easier for the end user. That is especially true
when one has a large number of rules in a particular chain.
As things stand, in order to trace a particular session and match it
with a rule (using your patch) I have to execute iptables (or conntrack)
twice in order to get what I need. Even if I use the line-numbers option
to show rule numbers in a particular chain, that won't be straight
forward when I have large number of rules.
It would be better if this matching is done (again, by using the rule
numbers provided by your patch) with a userspace tool, may be conntrack,
or similar, which shows those matches as well as the rules in question,
and present them in a form, which does not require me to scan for those
matches over and over. Just my two pence, of course, and I hope I am
on-topic this time!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html