On 15/10/10 17:44, Patrick McHardy wrote:
> Am 14.10.2010 14:02, schrieb Pablo Neira Ayuso:
>> This patch allows to listen to events that inform about
>> expectations destroyed.
> 
> This looks fine, but I'm wondering why we're not delivering
> events for expectations created and destroyed by helpers using
> nf_conntrack_expect_related()/nf_conntrack_unexpect_related().

We already deliver events for new expectations. Wrt. destroyed
expectations, nf_ct_unexpect_related() internally calls
nf_ct_unlink_expect(), so they are also delivered.

BTW, you can test this patch with the following patch for the
conntrack-tools (I didn't apply it yet).