On Tue, Jan 07, 2020 at 10:10:26AM +0100, Romain Bellan wrote: > Hi Pablo, > > > I did not yet have a look at this in detail, will do asap. > > > > However, I would like to know if you would plan to submit userspace > > patches for libnetfilter_conntrack for this. Main problem here is > > backward compatibility (old conntrack tool and new kernel). > > Currently I wrote a patch for the pyroute2 python library (to > control netlink using Python) whith checks of kernel version for > using filtering in kernel or userspace. > > I would like to submit a patch for the libnetfilter_conntrack if you > think that it is useful, but i didn't have a look on it yet. Please have a look and make an API proposal. Use the libnetfilter_conntrack libmnl API for this. > About compatibility, currently the only way is to check with the > kernel version, but I can add something like NLM_F_DUMP_FILTERED in > the netlink reply. What would be the best way for you? Yes, dump filtered is fine to signal userspace. I was thinking on how conntrack could use this. Problem is that this depends on the kernel version. Unless there is a way to do some probing to see if the filtering is in place, the userspace conntrack utility cannot use this. Could you also have a look into that? Thanks.
