On Wed, Jun 05, 2013 at 05:41:01PM +0200, Florian Westphal wrote:
> Florian Westphal <fw@xxxxxxxxx> wrote:
> > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > > > +static int
> > > > +cmp_exp_timeout(const struct nf_expect *exp1, const struct nf_expect *exp2,
> > > > + unsigned int flags)
> > > > +{
> > > > + return exp1->timeout == exp2->timeout;
> > > > +}
> > >
> > > The timeout comparison needs to implement the __NFCT_CMP_TIMEOUT
> > > logic, similar to nfct_cmp. Otherwise nfexp_cmp will break in
> > > conntrackd with expect sync mode.
> >
> > You're right of course. I'll implement this and send a v2 of this
> > patch.
>
> Hrm, I think a better option is to not compare the expectation timeout
> in the first place. I think the timeout is an irrelevant meta detail;
> if the actual expectations are identical, nfexp_cmp should say so even
> if they happen to have different timeouts.
That's fine with me, we don't have any requirement for such feature at
this moment. So just skip it. Probably adding a short comment in the
code would be a good idea as placeholder.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
