Re: [libvirt] [PATCH] nwfilter: probe for inverted ctdir
On 03/21/2013 04:04 PM, Stefan Berger wrote:
Linux netfilter at some point inverted the meaning of the
'--ctdir reply'
and newer netfilter implementations now expect '--ctdir original'
instread and vice-versa.
s/instread/instead/
We probe for this netfilter change via a UDP message over loopback
and 3
filtering rules applied to INPUT. If the sent byte arrives, the newer
netfilter implementation has been detected.
Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com>
---
src/nwfilter/nwfilter_ebiptables_driver.c | 123
++++++++++++++++++++++++++++++
1 file changed, 123 insertions(+)
+/*
+ * --ctdir original vs. reply's meaning was inverted in the netfilter
+ * at some point. We probe for it.
+ */
+static bool iptables_ctdir_corrected = false;
C guarantees that this is initialized to false without having to
explicitly state that.
Looks big, but it's a one-time probe done at initialization, and seems
like it does the trick. You may want to wait for a review from Laine,
but I didn't spot anything else wrong.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 621 bytes)