On 24.03.2011 18:43, Sam Roberts wrote: > I'm writing a userspace conntrack, using nfqueue and conntrack. > > Creating expectations works fine, metfilter matches and allows the > expected connection. > > However, unlike ftp, the negotiated ephemeral port is used by multiple > simultaneous tcp connections for some period. I'd like the expectation > to be kept in place until it times out, even when its matched. > > I can create this effect by watching for the conntrack event > indicating the expectation was destroyed, and recreating it, but I'd > like to know if there is a better way. You should be able to use NF_CT_EXPECT_PERMANENT. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
