On 23/05/11 17:59, Jan Engelhardt wrote: > On Monday 2011-05-23 17:47, Pablo Neira Ayuso wrote: > >> On 23/05/11 16:29, Patrick McHardy wrote: >>> On 19.05.2011 00:21, Jan Engelhardt wrote: >>>> Hej, >>>> >>>> >>>> While working with a customer setup, I came up with this funny idea >>>> of plugging a no-op NFCT helper in to workaround some nfct_ftp >>>> problem. Besides that, it may also be used to simply skip helping and >>>> save cycles. See the patch's message for details - I'd love to hear >>>> something about it. >>>> >>>> (NB: nf_nat_ftp was loaded, but not used when connecting between netA >>>> and netB.) >>> >>> Wouldn't a flag to the CT target to skip the helper lookup work as well? >> >> Indeed. > > Yes, but how would xt_CT.ko convey to NFCT then that no helper is > supposed to be used? Calling nf_ct_helper_ext_add, but then leave help > at NULL? You can attach a template conntrack in the raw table with the CT target. That template should have some status flag set to skip helper allocation/assignation. I sent a patch to Patrick to fix some problem with the current userspace expectation approach, the idea would be similar. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
