--- Martin Josefsson <[EMAIL PROTECTED]> wrote: > On Wed, 2002-04-17 at 12:58, Jozsef Kadlecsik wrote: > [big snip] > > I believe the 'NOTRACK' target and 'UNTRACKED' state names are all right. > > However the 'notrack' tablename seems to be too restrictrive to me (the > > table can be used for other purposes as well); 'conntrack' would be > > misleading; 'prestate' is a little bit ugly. > > So we need to filter them out before conntrack and currently that seems > impossible without adding the notrack/prestate table. > > So we'd like a notrack/prestate table very much, I had plans on adding a > table before conntrack...
I just thought of something else regarding a table before conntrack. How much "before" are we talking about? Here's what I mean: Everyone so far seems to be thinking about adding a new autonomous table with separate hooks positioned at a priority NF_IP_PRI_FIRST < x < NF_IP_PRI_CONNTRACK (where x is the priority of the new table) for the purposes of selecting which packets to exempt from the conntrack system. What about hooking the table directly into the conntrack core, and simply calling ipt_do_table() _before_ the ip_conntrack_in() function is entered, either directly at NF_IP_PRE_ROUTING, or after ip_conntrack_local() at NF_IP_LOCAL_OUT? Precedent: the nat table. What does everyone think? > > -- > /Martin Brad ===== Brad Chapman Permanent e-mail: [EMAIL PROTECTED] Current e-mail: [EMAIL PROTECTED] Alternate e-mail: [EMAIL PROTECTED] __________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/