On Tuesday 2013-01-15 14:22, Jozsef Kadlecsik wrote: >> >> state is currently aliased and translated to conntrack in iptables >> if the kernel has it. No scripts are broken. >> >> If the aliasing is done in userspace, the kernel part can be removed - >> someday maybe. > >The aliasing is already done in userspace. One types in "state" and it's >converted into "conntrack" and that is then sent to the kernel. (So as far >as I see if the ipt_state, etc module aliases were added to the conntrack >module, even the state kernel module could be removed.) The module aliases were added because the module in fact (still) supports the "state" extension by that name. >However I suggest to delete the obsolete warnings completely from iptables >and let these cases silently be handled as aliases. Then users will complain about spooky action at a distance. (silent changing of rules) - not a great perspective either. The obsolescence warning is an important part of documenting changed behavior, and you really really do not want to take that away from users. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
