[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH v3] nwfilter: probe for inverted ctdir



On 03/22/2013 04:37 PM, Stefan Berger wrote:
Linux netfilter at some point inverted the meaning of the '--ctdir reply'
and newer netfilter implementations now expect '--ctdir original'
instead and vice-versa.
We probe for this netfilter change via a UDP message over loopback and 3
filtering rules applied to INPUT two times, one time with '--ctdir original'
which should then work on 'fixed' netfilter and one other time with
'--ctdir reply' which should only work on the 'old' netfilter.
If neither one of the tests gets the data through, then the loopback device
is probably not configured correctly. If both tests get the data through
something must be seriously wrong. In both of these two latter cases
no '--ctdir' will then be applied to the rules.

Are you going to let 1.0.4 sail without 'something like this'?



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]