No disagreement that Tom's patch is better than what we have today, I
just claim that what we have today is completely wrong, so this is
only slightly better :)
No argument there!
sids, secids, secmarks, or whatever you want to call that u32 is just
a dynamically generated number which should only exist inside the
kernel and should never be shown to userspace. Loading secmark rules
uses a full context string and then uses that string to generate a u32
which the kernel can efficiently use. When we display things back to
userspace we should always be converting that u32 back to a string.
I'm working on a patch to do this (actually it's compiling while I
type)
Again, we are in agreement - 100%
What baffles me really is how has this survived for so long?
The secmark field number has been there, I assume, for ages and yet
nobody could make sense of that number let alone, as you rightly pointed
out, raise the issue that this number should not be there in the first
place!
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
