Hi, Le mardi 09 janvier 2007 à 01:53 +0100, Pablo Neira Ayuso a écrit : > Eric Leblond wrote: > > It is not correct to do a dump (and send a netlink message) for each > > ifindex resolution. Thus, libnfnetlink needs to listen to netlink > > interfaces message. A permanent "task" is thus needed to have the job > > done : It can be a dedicated thread or a carefully hidden select. > /* create a table ifindex to interface */ > struct nfnl_ifindex2name_table *nfnl_ifindex2name_open(); > /* destroy table */ > void nfnl_ifindex2name_close(struct nfnl_ifindex2name_table *); > > /* returns a socket descriptor to listen to interface events */ > int nfnl_ifindex2name_events_open(); Speaking as NuFW's developper and thus libnetfilter_queue user, this clearly mean that I need to modify select part of my code, not just add some functions calls. It forces the developper to use directly libnfnetlink. This goes against my way to see libnetfilter_queue and other libnetfilter* libraries. > /* process data available for the socket and update the table */ > int nfnl_ifindex2name_process_event(int, struct nfnl_ifindex2name_table *); > /* close socket */ > void nfnl_ifindex2name_events_close(int); /* close the socket */ > > Another alternative could be the use of libnl, although this introduces > a new library dependency for every libnetfilter_queue application. I think that ifname resolution is necessary for an application if it is a linked with wanted features. If it has to use it, application can link to libnl (or something else) and have it done. If it don't need it then libnetfilter_queue is enough. route netlink message is not a part of Netfilter, we should'nt use it in Netfilter code if it is not transparent : * It duplicates code * It changes the "spirit" of libnetfilter* libraries BR, -- Eric Leblond INL