From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Cc: netfilter-devel@vger.kernel.org, Jan Engelhardt <jengelh@inai.de>
Subject: Re: [RFC PATCH 0/1] xtables: allow to monitor table update event
Date: Fri, 26 Oct 2012 10:44:34 +0200 [thread overview]
Message-ID: <20121026084434.GA6970@1984> (raw)
In-Reply-To: <508A4445.5020500@6wind.com>
Hi Nicolas,
On Fri, Oct 26, 2012 at 10:05:25AM +0200, Nicolas Dichtel wrote:
> Le 25/10/2012 19:19, Pablo Neira Ayuso a écrit :
> >Hi Nicolas,
> >
> >On Thu, Oct 25, 2012 at 02:52:48PM +0200, Nicolas Dichtel wrote:
> >>Le 15/10/2012 15:10, Nicolas Dichtel a écrit :
> >>>Le 02/10/2012 15:06, Nicolas Dichtel a écrit :
> >>>>The following patch is an example of a userspace tools (in fact, iptables)
> >>>>that use the new netlink API to monitor tables activity.
> >>>>
> >>>>I will also send a patch against libnfnetlink to update linux includes with
> >>>>this new feature.
> >>>>
> >>>>Maybe another API can be used for this feature: adding a setsockopt() on an
> >>>>iptc socket to enable monitoring. When a table is updated, a packet (built with
> >>>>CMSG_* macro for example) can be sent over all sockets that monitor tables
> >>>>acitivity (like km sockets in IPsec). I know that this socket was used only with
> >>>>[g|s]etsockopt(), but this can avoid adding another netlink API.
> >>>>
> >>>>Comments are welcome.
> >>>Any feedback about this patch or the other proposed API?
> >>
> >>Still no comment about this feature? Maybe another option to solve the problem?
> >
> >Adding a new nfnetlink subsystem to just reports table updates seems
> >a bit too much to me.
>
> What about the second proposal? Sending messages through the iptc socket?
> If you have some other ideas, we can change the design of the
> implementation, it's not a problem.
It's been four weeks since you posted your patch and you've been
asking for feedback *every single week* with no results at all. So,
nobody cares.
I see no existing FOSS projects using using this (apart from you
iptables change to report events).
And I already told you, I don't think it makes sense to maintain more
than one firewalling subsystem using netlink as interface.
Please, stop.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2012-10-26 8:44 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-24 15:39 [PATCH] nfnetlink: add a new subsystem to advertise tables update Nicolas Dichtel
2012-10-02 13:06 ` [RFC PATCH 0/1] xtables: allow to monitor table update event Nicolas Dichtel
2012-10-02 13:06 ` [RFC PATCH 1/1] " Nicolas Dichtel
2012-10-02 13:07 ` [RFC PATCH] includes: add definitions of nfnl_tables Nicolas Dichtel
2012-10-15 13:10 ` [RFC PATCH 0/1] xtables: allow to monitor table update event Nicolas Dichtel
2012-10-25 12:52 ` Nicolas Dichtel
2012-10-25 17:19 ` Pablo Neira Ayuso
2012-10-26 8:05 ` Nicolas Dichtel
2012-10-26 8:44 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121026084434.GA6970@1984 \
--to=pablo@netfilter.org \
--cc=jengelh@inai.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=nicolas.dichtel@6wind.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.