From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [RFC PATCH 0/1] xtables: allow to monitor table update event
Date: Thu, 25 Oct 2012 19:19:11 +0200 [thread overview]
Message-ID: <20121025171911.GA9571@1984> (raw)
In-Reply-To: <50893620.70107@6wind.com>
Hi Nicolas,
On Thu, Oct 25, 2012 at 02:52:48PM +0200, Nicolas Dichtel wrote:
> Le 15/10/2012 15:10, Nicolas Dichtel a écrit :
> >Le 02/10/2012 15:06, Nicolas Dichtel a écrit :
> >>The following patch is an example of a userspace tools (in fact, iptables)
> >>that use the new netlink API to monitor tables activity.
> >>
> >>I will also send a patch against libnfnetlink to update linux includes with
> >>this new feature.
> >>
> >>Maybe another API can be used for this feature: adding a setsockopt() on an
> >>iptc socket to enable monitoring. When a table is updated, a packet (built with
> >>CMSG_* macro for example) can be sent over all sockets that monitor tables
> >>acitivity (like km sockets in IPsec). I know that this socket was used only with
> >>[g|s]etsockopt(), but this can avoid adding another netlink API.
> >>
> >>Comments are welcome.
> >Any feedback about this patch or the other proposed API?
>
> Still no comment about this feature? Maybe another option to solve the problem?
Adding a new nfnetlink subsystem to just reports table updates seems
a bit too much to me.
I'd aim to the nftables proposal that I just made. If this doesn't
happen in a reasonable amount of time, get back to the mailing list
and push us again to get this in.
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2012-10-25 17:19 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-24 15:39 [PATCH] nfnetlink: add a new subsystem to advertise tables update Nicolas Dichtel
2012-10-02 13:06 ` [RFC PATCH 0/1] xtables: allow to monitor table update event Nicolas Dichtel
2012-10-02 13:06 ` [RFC PATCH 1/1] " Nicolas Dichtel
2012-10-02 13:07 ` [RFC PATCH] includes: add definitions of nfnl_tables Nicolas Dichtel
2012-10-15 13:10 ` [RFC PATCH 0/1] xtables: allow to monitor table update event Nicolas Dichtel
2012-10-25 12:52 ` Nicolas Dichtel
2012-10-25 17:19 ` Pablo Neira Ayuso [this message]
2012-10-26 8:05 ` Nicolas Dichtel
2012-10-26 8:44 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121025171911.GA9571@1984 \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=nicolas.dichtel@6wind.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.