Hi Fellows, This is a set of patches to the conntrack tool that I think might be interesting to the community. The PATCH 1 and PATCH 2 represent a fix to the icmp ct entry creation (a test case and a fix respectively). The remaining patches represent an extension to the conntrack tool functionality that enables fast bulk transfers of large sets of ct entries, which includes creating a large set of ct entries with a single conntrack tool invocation by passing ct entry parameters on stdin and making conntrack be able to dump ct entries in a new "opts" format that could be later fed back to the conntrack. To demonstrate the overall idea, this functionality makes it possible to e.g. copy all ct entries from one ct zone (15) to another (9915) with the following command: conntrack -L -w 15 -o opts | sed 's/-w 15/-w 9915/g' | conntrack -I - In addition to this I have a question about the behavioural change of the "conntrack -L" done after conntrack v1.4.5. With the conntrack v1.4.5 used on Debian Buster the "conntrack -L" dumps both ipv4 and ipv6 ct entries, while with the current master, presumably starting with the commit 2bcbae4c14b253176d7570e6f6acc56e521ceb5e "conntrack -L" only dumps ipv4 entries. So is this really the desired behavior? (I see the manual page was always saying it should be like that, but since it behaved differently there might be multiple appliances out there relying on the "old" behavior). And if the "new" behavior is desired, would it make sense to add a new -f option value, e.g. "any", that would actually explicitly allow the "old" behaviour, i.e. dump both ipv4 and ipv6 entries with one go? If yes - I could create a small patch for that as well. Thanks & Regards, Mikhail Mikhail Sennikovsky (8): tests: icmp entry create/delete conntrack: fix icmp entry creation conntrack: accept parameters from stdin conntrack.8: man update for stdin params support tests: conntrack parameters from stdin conntrack: implement options output format conntrack.8: man update for opts format support tests: dumping ct entries in opts format conntrack.8 | 13 +- extensions/libct_proto_dccp.c | 24 ++ extensions/libct_proto_gre.c | 16 + extensions/libct_proto_icmp.c | 33 ++ extensions/libct_proto_icmpv6.c | 33 ++ extensions/libct_proto_sctp.c | 19 ++ extensions/libct_proto_tcp.c | 17 ++ extensions/libct_proto_udp.c | 16 + extensions/libct_proto_udplite.c | 16 + include/conntrack.h | 38 +++ src/conntrack.c | 457 +++++++++++++++++++++++++--- tests/conntrack/test-conntrack.c | 84 ++++- tests/conntrack/testsuite/00create | 4 + tests/conntrack/testsuite/08stdin | 62 ++++ tests/conntrack/testsuite/09dumpopt | 77 +++++ 15 files changed, 857 insertions(+), 52 deletions(-) create mode 100644 tests/conntrack/testsuite/08stdin create mode 100644 tests/conntrack/testsuite/09dumpopt -- 2.25.1
