On Wed, 17 Apr 2002, Harald Welte wrote: > No, I'm fine with that. However, we might also think about adding > debug output to the NAT code, since paket manipulations are done without > any rule matching (after the first packet has passed through). > So maybe there could be some macro used at several points in the NAT code. > The macro can be defined empty, if no debug table support is compiled in.
Hm. Are you thinking on logging when say a conntrack/nat helper generates/detects an expectation? > Maybe we can make the logging interface similar to the 'queue handler' > stuff. There can be a 'log handler' registered which takes care of > logging the packet via some encapsulated mechanism. Yes, I was thinking on something similar. > Well. As for the naming, I'd say: > - UNTRACKED for the state name (ESTABLISHED,RELATED,INVALID,UNTRACKED) > - notrack for the table name > - NOTRACK for the target name > > What about 'stateless' (also misleading a little bit...)? > > Mh. 'first', 'before' ? I'm not good at naming... Is there a word > (which ideally also has some funny conotation) expressing the meaning of > 'before everything else' ? Any english native speakrers? What about something neutral: 'select' table I.e 'select' table for debugging packets, conntrack exemptions, early dropping of spoofed packets, unclean ones, DoS protection, etc. Regards, Jozsef - E-mail : [EMAIL PROTECTED], [EMAIL PROTECTED] WWW-Home: http://www.kfki.hu/~kadlec Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary