Re: x_tables vs. nf-hipac - Bart De Schuymer

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Bart De Schuymer <bdschuym@pandora.be>
To: Harald Welte <laforge@netfilter.org>
Cc: Netfilter Development Mailinglist <netfilter-devel@lists.netfilter.org>
Subject: Re: x_tables vs. nf-hipac
Date: Tue, 11 Oct 2005 16:55:46 +0000	[thread overview]
Message-ID: <1129049746.3378.11.camel@localhost.localdomain> (raw)
In-Reply-To: <20051011143314.GC4756@rama.de.gnumonks.org>

Op di, 11-10-2005 te 16:33 +0200, schreef Harald Welte:
> At the moment, I'm still busy in consolidation of kernelspace.  I'm not
> sure how easy this will get for the userspace side.  Once I've done the
> userspace counterpart (consolidation of libipt_FOO / libipXt_FOO), I'll
> look at the arptables userspace code and see if we can integrate that
> somehow.
> 
> One rally sad thing is that arp_tables was deprived of matches, so we
> only have targets.  This means we cannot use any of the x_tables matches 
> (such as limit, mark, ...).

Yeah, I know. But I don't see why it can't be added, this shouldn't
break backwards compatibility. The struct arpt_entry has the members
target_offset and next_offset...

> If you would be willing to harmonize here (I think this only affects
> kernel space data structures that are not shared with userspace, so no
> compatibility issues), then eb_tables could directly use x_tables
> matches - if that is desired.

It's probably not worth it...

> However, ebtables matches quite nicely with pkt_tables (some people have
> suggested renaming it into nf_tables).  This is mainly because of the
> "watchers".  A pkt_tables rule has 
> - any number of matches
> - any number of targets (that have a "void" function and don't return
>   anything)
> - one user-specified verdict.
> 
> so all watchers can be implemented as targets.  So it all boils down on
> how much time I can find to complete pkt_tables. Maybe at some point
> early 2006, after we've survived the nf_conntrack merge, and added
> proper support for userspace conntrack helpers.

I'll wait for that then. Hopefully it will allow the RETURN verdict for
target modules. I'll concentrate on finalising the current ebtables
version in cvs for now.

cheers,
Bart

next prev parent reply	other threads:[~2005-10-11 16:55 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-10-10 11:05 x_tables vs. nf-hipac Carl-Daniel Hailfinger
2005-10-10 13:47 ` Amin Azez
2005-10-10 16:34 ` Harald Welte
2005-10-10 22:31   ` Bart De Schuymer
2005-10-11 12:27     ` Henrik Nordstrom
2005-10-11 17:18       ` Bart De Schuymer
2005-10-11 14:33     ` Harald Welte
2005-10-11 16:55       ` Bart De Schuymer [this message]
2005-10-11 17:52         ` Harald Welte

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1129049746.3378.11.camel@localhost.localdomain \
    --to=bdschuym@pandora.be \
    --cc=laforge@netfilter.org \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.