Re: decipher the secmark number from nf_conntrack/ip_conntrack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




What happens to the new /nf(s)_conntrack

If anything, secmark=x be removed. Abusing procfs is deprecated.
No userspace program depends on it.
Sorry, but I've never suggested that useless number be kept in any shape or form anywhere (please read my posts on this very thread)!

There was a patch from Eric (I think about 2 days ago) showing secmark=<selctx> in the output of nfs_conntrack and I assumed that will be adopted. Is that no longer the case and if so why?
and iptables -L?

As was said earlier (by Eric?), the secmark/u32 value is useless and
that secname (aka. selctx) should only ever be used. That is
already the case with x_tables.
I've never suggested that the u32 was ever useful (it was actually you, who asked me to devise a patch translating it into the actual text when I suggested that this number is pretty useless, remember?).

Again, I assume that when I use "cat /proc/net/nf(s)_conntrack" I would be able to see the proper translation of the SELinux context for all connections and not that useless number (the whole reason for me starting this thread). I think I've made myself perfectly clear on this.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux