netfilter

netfilter

[sokhan heng]

Hi there

I wonder if I could ask you one question please about
netfilter? I wonder if it can be used to prioritise
traffic, by that I mean when two packets are sent to
the same destination, one can be delayed to let the
other packet pass first. if it can, can you tell me
what topic should I look for to get how to do that
please?

Yours sincerely

Sokhan H 



	
		
__________________________________
Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/ 

Re: netfilter

[John A. Sullivan III]

On Tue, 2004-05-25 at 22:18, sokhan heng wrote:
> Hi there
> 
> I wonder if I could ask you one question please about
> netfilter? I wonder if it can be used to prioritise
> traffic, by that I mean when two packets are sent to
> the same destination, one can be delayed to let the
> other packet pass first. if it can, can you tell me
> what topic should I look for to get how to do that
> please?
> 
> Yours sincerely
> 
> Sokhan H 
<snip>
I do not believe that is a netfilter function.  You could take a look at
iproute2.  The documentation is frequently found in a file named
ip-cref.ps
-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net 

Re: netfilter

[Henrik Nordstrom]

On Tue, 25 May 2004, sokhan heng wrote:

> I wonder if I could ask you one question please about
> netfilter? I wonder if it can be used to prioritise
> traffic, by that I mean when two packets are sent to
> the same destination, one can be delayed to let the
> other packet pass first. if it can, can you tell me
> what topic should I look for to get how to do that
> please?

This is not the job of netfilter, but is instead done by the 
shaping/queueing components in the Linux kernel. See the tc command and 
related documentation.

Regards
Henrik

Entry point

[Daniel Corrêa de Azevedo]

   Hi there...
   I wonder if you guys could point me where should I place some code into 
iptables that should fire an event whenever any rule or chain is add, 
edited, or removed. I mean, is there any function that commits changes like 
the "iptc_commit" from libiptc?
   Hope I´m being clear enought so you guys can understand what I´m asking.
   Thanks any way,


              Daniel C. Azevedo

Re: Entry point

[Henrik Nordstrom]

On Thu, 27 May 2004, Daniel Corrêa de Azevedo wrote:

>    I wonder if you guys could point me where should I place some code into 
> iptables that should fire an event whenever any rule or chain is add, 
> edited, or removed. I mean, is there any function that commits changes like 
> the "iptc_commit" from libiptc?

The kernel operates on iptables, not individual rules.

In the official API there is the check function of each match/target. This 
is useful if you need to prepare something before your match/target is 
activated. It can also be used as a psuedo-trigger on loading new 
rulesets by using a dummy rule with your special target acting as "on 
change" trigger.

If you want to do it by hacking the iptables core code then see the
do_replace function in ip_tables.c.

Regards
Henrik

Netfilter

[satya phanisree]

Hi ,

    We are looking at trying to retrieve the complete conntrack table
using libnetfilter_conntrack API's. But when we used the below
sequence of API's we see that the call back register is getting called
once for every entery in the conntrack table. The sequence of API's we
have used is as follows :



cb
..........
..........
    nfct_snprintf ();<=====returns one entry from conntrack table
..........
..........


main

        nfct_callback_register ( ); <===== NFCT_T_ALL to fetch all the enteries
        ret = nfct_query ();
........
........



Is there a away for me to get the whole conntrack table in a single
invocation of single callback function ? So that the cb function not
called multiple times?


Thanks and Regards,

netfilter

[Jamal Hadi Salim]

[-- Attachment #1: Type: text/plain, Size: 0 bytes --]



[-- Attachment #2: call_for_sponsors3.odt --]
[-- Type: application/vnd.oasis.opendocument.text, Size: 46534 bytes --]

Re: netfilter

[Jeff Kirsher]

I assume you are looking for sponsers for 2015 since July 2014 has
already passed... :-)

On Fri, Oct 24, 2014 at 11:43 AM, Jamal Hadi Salim <jhs@mojatatu.com> wrote:
>



-- 
Cheers,
Jeff

netfilter

[Rohit Gupta]

Hello
 I m new in this field would you plz at which point netfilter is interacting
with iptables application.
Thanks and Regards
Rohit Gupta

Re: netfilter

[Jan Engelhardt]

>Hello
> I m new in this field would you plz at which point netfilter is interacting
>with iptables application.
>Thanks and Regards
>Rohit Gupta

"plz" consider the source, see the libiptc directory inside iptables.

netfilter

[Ed Street]

Hello,

Started working with netfilter under Selinux and I noted that it was
grouped with ipchains and labeled as 
/sbin/iptables                  system_u:object_r:ipchains_exec_t

Should this have a separate label and it's own te file?

Ed



--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: netfilter

[Stephen Smalley]

On Mon, 15 Jul 2002, Ed Street wrote:

> Started working with netfilter under Selinux and I noted that it was
> grouped with ipchains and labeled as
> /sbin/iptables                  system_u:object_r:ipchains_exec_t
>
> Should this have a separate label and it's own te file?

Only if it requires a distinct set of permissions and you want to enforce
that distinction in the policy.

--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com




--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.