Re: why every time that a rule is inserted/appended....

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Harald Welte <laforge@netfilter.org>
To: diegows <diegows@linux.org.ar>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: why every time that a rule is inserted/appended....
Date: Wed, 28 May 2003 20:30:45 +0200	[thread overview]
Message-ID: <20030528183045.GB12978@naboo> (raw)
In-Reply-To: <3ED2887B.5050807@linux.org.ar>

[-- Attachment #1: Type: text/plain, Size: 1178 bytes --]

On Mon, May 26, 2003 at 06:34:51PM -0300, diegows wrote:
> ...the entire table is replaced?

the idea was to have an atomic snapshot from the kernel, which is
especially important for the counters.

ipchains doesn't read a chain atomically and thus packets are still
traversing between rules are being read from the kernel.  This leads to
inconsistencies in 

> If this could be better, advise me and i try to patch that.

Sure it can be done better, and there have been at least two approaches
to introduce a new kernel/userspace interface, both based on nfnetlink.

However, this is not a 'small patch' but a fundamental design change.

[maybe I'll finally find some time to do pkttables stuff again... but
now there is lots of other distracting stuff like that dual opteron box
;)]

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

next prev parent reply	other threads:[~2003-05-28 18:30 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-05-26 21:34 why every time that a rule is inserted/appended diegows
2003-05-27  5:49 ` Andre Uratsuka Manoel
2003-05-27 10:29   ` Balazs Scheidler
2003-05-28 18:30 ` Harald Welte [this message]
2003-05-28 21:26   ` Diego Woitasen
2003-05-31 17:08     ` Harald Welte

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20030528183045.GB12978@naboo \
    --to=laforge@netfilter.org \
    --cc=diegows@linux.org.ar \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.