--- Martin Josefsson <[EMAIL PROTECTED]> wrote:
> On Wed, 2002-04-17 at 12:58, Jozsef Kadlecsik wrote:
> [big snip]
> > I believe the 'NOTRACK' target and 'UNTRACKED' state names are all right.
> > However the 'notrack' tablename seems to be too restrictrive to me (the
> > table can be used for other purposes as well); 'conntrack' would be
> > misleading; 'prestate' is a little bit ugly.
>
> So we need to filter them out before conntrack and currently that seems
> impossible without adding the notrack/prestate table.
>
> So we'd like a notrack/prestate table very much, I had plans on adding a
> table before conntrack...
I just thought of something else regarding a table before conntrack.
How much "before" are we talking about? Here's what I mean:
Everyone so far seems to be thinking about adding a new autonomous table
with separate hooks positioned at a priority NF_IP_PRI_FIRST < x <
NF_IP_PRI_CONNTRACK (where x is the priority of the new table) for the purposes of
selecting which packets to exempt from the conntrack system. What about hooking the
table directly into the conntrack core, and simply calling ipt_do_table() _before_
the ip_conntrack_in() function is entered, either directly at NF_IP_PRE_ROUTING, or
after ip_conntrack_local() at NF_IP_LOCAL_OUT?
Precedent: the nat table. What does everyone think?
>
> --
> /Martin
Brad
=====
Brad Chapman
Permanent e-mail: [EMAIL PROTECTED]
Current e-mail: [EMAIL PROTECTED]
Alternate e-mail: [EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/
