On Fri, Aug 12, 2005 at 02:03:20PM +0200, Andi Kleen wrote: > > Unfortunately one of the iptables structures which is needed to get the > > ruleset in the kernel (ipt_replace) is differently sized when compiled > > for 32/64 bit. IIRC it doesn't work at all currently. > > Yes that's the old bug and cannot be fixed without breaking compatibility. > > But we hope that ctnetlink will not repeat that mistake. That is why I'm > suggesting > to use aligned_u64 in all new interfaces
I'll soon push a patch for all nfnetlink_{conntrack,queue,log} stuff for
net-2.6.14. Don't worry about that.
But getting back to the original connbytes issue. Is it worth fixing
it, if the core iptables doesn't even work (the "old bug")?
I don't think that we're ever going to fix that bug in the old
{get,set}sockopt interface, but rather introduce a netlink interface
when pkt_tables matures.
--
- Harald Welte <[EMAIL PROTECTED]> http://netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
pgp23UNUvw65R.pgp
Description: PGP signature
