From: Ignacy Gawedzki <i@lri.fr>
To: netfilter-devel@vger.kernel.org
Subject: Netfilter API and libiptc
Date: Thu, 5 Feb 2009 15:17:22 +0100 [thread overview]
Message-ID: <20090205141722.GB21417@qubit> (raw)
Hi everybody,
I'm currently working on a project that relies on manipulation of iptables in
order to perform fine data packet accounting. This manipulation is performed
dynamically, so the code initially used libiptc.
Since iptables 1.4.0, libiptc is not distributed anymore, so I resolved to
incorporate the code into our own source distribution, just as people from
collectd seemingly did. All seemed to work well until yesterday, when we
eventually pinpointed our calls to the (internal) libiptc as a cause of a
kernel freeze. It only happened on a generic Ubuntu Hardy kernel
(2.6.24-22-generic) on one particular laptop (I didn't succeed in reproducing
the freeze on another hardware with the same distribution). I suppose it has
something to do with the change of the format of data flowing to kernelspace
(iptables 1.3.8 came distributed on that freezing machine), could anyone here
confirm that this is possible indeed?
Now my question is: how are we supposed to proceed from now on in order to
manipulate iptables? I read about libxtables and the corresponding libxtc.h
(though these are not yet packaged in the current Ubuntu Intrepid), but it's
not clear to me how the communication with the kernel is actually to be done.
Thanks for any information that could help me making this work properly.
Ignacy
--
P.S. All information contained in the above letter is false,
for reasons of military security.
next reply other threads:[~2009-02-05 14:33 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-05 14:17 Ignacy Gawedzki [this message]
2009-02-09 17:10 ` Netfilter API and libiptc Patrick McHardy
2009-02-09 18:39 ` Ignacy Gawedzki
2009-02-11 13:39 ` Jesper Dangaard Brouer
2009-02-11 14:37 ` Patrick McHardy
2009-02-11 16:02 ` Jan Engelhardt
2009-02-12 5:13 ` Patrick McHardy
2009-02-12 5:55 ` Jan Engelhardt
2009-02-12 5:58 ` Patrick McHardy
2009-02-12 6:14 ` Jan Engelhardt
2009-02-12 6:18 ` Patrick McHardy
2009-02-12 6:29 ` Jan Engelhardt
2009-02-12 6:34 ` Patrick McHardy
2009-02-16 13:08 ` Jesper Dangaard Brouer
2009-02-16 13:47 ` Jesper Dangaard Brouer
2009-02-16 14:08 ` Patrick McHardy
2009-02-16 16:52 ` Jan Engelhardt
2009-02-16 16:54 ` Patrick McHardy
2009-02-12 9:17 ` Jesper Dangaard Brouer
2009-02-12 10:42 ` Jesper Dangaard Brouer
2009-02-12 13:33 ` Ignacy Gawedzki
2009-02-12 14:11 ` Jan Engelhardt
2009-02-12 14:50 ` Jesper Dangaard Brouer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090205141722.GB21417@qubit \
--to=i@lri.fr \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.