> I think so too. > Furthermore, I have refined Pablo's patch. > > 0. vcurrent was not updated, now done. > 1. Loading libxt_NOTRACK.so would still ask the kernel for NOTRACK.0 > (function "compatible_revision"), now addressed. > 2. NOTRACK.0 can now directly map to CT.1, instead of going through CT.0. > 3. Do away with libxt_NOTRACK.c, and resolve the dlopen call by > providing a symlink. Nice. > Not solved: > 4. Since NOTRACK now always maps to CT, "-j NOTRACK" > has become unusable on sufficiently old kernels. > Should we even bother? Yes, we must, otherwise distros can't upgrade to latest iptables without either patching or upgrading kernel. It's really nice that the two aren't that tightly coupled. Unless by old kernels you mean pre-RHEL5 kernels. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
