From: Florian Westphal <fw@strlen.de>
To: Krishna Kumar2 <krkumar2@in.ibm.com>
Cc: Florian Westphal <fw@strlen.de>,
netfilter-devel@vger.kernel.org, sri@us.ibm.com,
Sulakshan Vajipayajula <svajipay@in.ibm.com>,
vivk@us.ibm.com
Subject: Re: [RFC] [PATCH 0/4] netfilter: "fail-open" feature support for NFQUEUE
Date: Mon, 7 May 2012 16:52:28 +0200 [thread overview]
Message-ID: <20120507145228.GC5015@breakpoint.cc> (raw)
In-Reply-To: <OF72EDDD93.E0BF0FC1-ON652579F7.002FC182-652579F7.004C26E2@in.ibm.com>
Krishna Kumar2 <krkumar2@in.ibm.com> wrote:
> Florian Westphal <fw@strlen.de> wrote on 05/07/2012 01:40:29 PM:
> > I think that exposing this feature as userspace-changeable via netlink
> > (eg. by adding "NFQA_CFG_FAILOPEN" attribute) rather than via ruleset
> > would make most sense, as only the application can know wheter it
> > can cope with missing packets.
>
> Thanks for your review. With this change, is there any reason to
> modify xt_NFQ_info_v2's bypass field, since app can specify this
> option directly? I tested without this for now and it works.
I don't think so. If the netlink attribute works for you we should
leave xt_NFQUEUE as-is.
Regards,
Florian
prev parent reply other threads:[~2012-05-07 14:52 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-07 6:03 [RFC] [PATCH 0/4] netfilter: "fail-open" feature support for NFQUEUE Krishna Kumar
2012-05-07 6:03 ` [RFC] [PATCH 1/4] netfilter: Define FAILOPEN flag Krishna Kumar
2012-05-07 6:04 ` [RFC] [PATCH 2/4] netfilter: Add new argument to enqueue handlers Krishna Kumar
2012-05-07 6:04 ` [RFC] [PATCH 3/4] netfilter: Add support for failopen in nf_queue() Krishna Kumar
2012-05-07 6:04 ` [RFC] [PATCH 4/4] netfilter: Enable fail-open Krishna Kumar
2012-05-07 7:56 ` Florian Westphal
2012-05-07 9:04 ` Pablo Neira Ayuso
2012-05-07 8:10 ` [RFC] [PATCH 0/4] netfilter: "fail-open" feature support for NFQUEUE Florian Westphal
2012-05-07 9:14 ` Pablo Neira Ayuso
2012-05-07 13:51 ` Krishna Kumar2
2012-05-07 14:52 ` Florian Westphal [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120507145228.GC5015@breakpoint.cc \
--to=fw@strlen.de \
--cc=krkumar2@in.ibm.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=sri@us.ibm.com \
--cc=svajipay@in.ibm.com \
--cc=vivk@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.