It's a bit off-topic, but can it be recommended to hack into nf_ct_tcp somehow changing it's structure to assign each connection unique id and pass it with each retransmission event detected to nfqueue - without setting too complicated skbuffs / iptables rules? Or this is considered as dirty hacking and should be implemented other way? Reasons to do this: currently, trying to set up a small NFQUEUE-based program that will modify data in TCP streams, that causes retransmissions due to changed size thus requires SEQ/ACK tuning (and as far as I suspect, something deeper than a filter table affects the idea, but it's the separate question) and the network-caused retransmissions are a bit of pain to track. On 27 February 2011 02:00, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > On 27/02/11 00:42, Pablo Neira Ayuso wrote: > > On 26/02/11 22:45, Jozsef Kadlecsik wrote: > >> On Sat, 26 Feb 2011, Pablo Neira Ayuso wrote: > >>> I have test it here, it works fine. Let me know if you're OK with it. > >> > >> The patch looks OK but I think Changli Gao is also right and it'd be > >> simpler to set the [reply][synack][SR] state to sIG. What do you think? > > > > I read his email before leaving and after I made the new patch. > > > > Indeed, his idea is simpler, here's a new patch. I tested it here, it > > works fine. > > > > Patrick, please apply! > > Hm, I forgot to include the description. New patch attached. -- С уважением, Игорь -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
