Re: decipher the secmark number from nf_conntrack/ip_conntrack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thursday 2010-09-23 21:20, Mr Dash Four wrote:
>
>> `./conntrack -L` is then what you use to test the changes.
>
>Have I missed something? Are you actually suggesting that in order for me to
>see the new secmark changes (SELinux context shown in its full text glory
>instead of that useless number) I have to install conntrack-utils and use
>conntrack (the executable)?
>
>What happens to the new /nf(s)_conntrack

If anything, secmark=x be removed. Abusing procfs is deprecated.
No userspace program depends on it.

>and iptables -L?

As was said earlier (by Eric?), the secmark/u32 value is useless and
that secname (aka. selctx) should only ever be used. That is
already the case with x_tables.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux