http://www.spinics.net/lists/netfilter/msg49106.html
I don't think that approach is right. Exporting a number at ALL is
broken. It should only ever say the name.
I am aware of that and the proposed patch works as I did test it after
Tom released it yesterday.
As for your comment above - it is better than NOTHING.
If you think that the current scenario, when I see meaningless number
in the secmark field, helps me track the actual security context of
the listed connection, then think again, because there is NO way I
could know what number maps to which context.
Tom's patch at least gives me that mapping when I list the mangle
table, so it is a start and it works. Again, - the patch, if applied,
is better than what currently exists in iptables. Also, 'exporting a
number at all' is NOT broken - look at Tom's patch again - it does not
break anything.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html