Re: decipher the secmark number from nf_conntrack/ip_conntrack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Friday 2010-09-24 00:30, Mr Dash Four wrote:
>>> I am merely suggesting a fix for what should have been released in
>>> the first place by correcting the value of secmark to show the
>>> proper context instead of a number which means absolutely nothing to
>>> anyone.
>>>    
>>
>> Exactly. Since the number is useless to most people, the procfs file
>> practically never had the feature "display useful secmark". Which
>> means that changing it is a feature addition rather than a bugfix.
>>  
> Actually, no! The last time I checked this field was named secmark, not
> secnumber! By its very name, secmark should have been displaying ... well ...
> the secmark of that particular connection!

In a way, it did display the secmark. :-) Just like ipt_LOG prints
nfmark or IP addresses. The values may not mean much to the outside
world, but that's what we have DNS and selctx (James's original
naming) for.

>What I cannot understand is this - why are you so stuck up on this
>not getting corrected - are you afraid that if the secmark field bug
>is fixed your precious conntrack-utils won't have as much appeal?

It is not "my" conntrack-utils by any means. If users would not
constantly insist on using outdated interfaces (and I _do_ grant
things their transition time), and if maintainers would not always
give in to these users, we would have less code to worry about, or
even have these discussions.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux