Hello all, I have a question about revision of a match netfilter module. There are sevral match netfilter modules which have revisions in the sense that there are multiple xt_match objects in that module, with different values .revision = 1, .revision = 2, .revision = 3 and so on. In most cases diffrent revisions of the same xt_match object have different handler, for match or checking match or both, and for other handlers. What triggers using a revision (when there is more than one xt_match object in a given module) when running a module ? To be more specific: For testing I am using recent net-next kernel (4.4), and I am setting the following simple iptables rule: iptables -A INPUT -m conntrack --ctstate RELATED -j ACCEPT Now I added printk messages in the contrack matching module, net/netfilter/xt_conntrack.c, in the matching methods for revisions 1, 2, and 3 respectively; namely, in conntrack_mt_v1(), conntrack_mt_v2() and conntrack_mt_v3(), but I get messages only from conntrack_mt_v3(). Any idea what can determine which revision is chosen for a match handler ? is it the highest possible ? Suppose I want to use revision 2 or revision 1 for the conntrack matching module: is it doable ? could I set it somehow ? should I revert to older kernels which did not have revision 3 for using revision 2, (and older kernels without revision 2 to use revision 1)? Regards, Kevin -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
