Re: chain_cache - Ozgur Akan

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ozgur Akan <akan@aiqa.com>
To: Henrik Nordstrom <hno@marasystems.com>
Cc: Netfilter Developers List <netfilter-devel@lists.netfilter.org>
Subject: Re: chain_cache
Date: Fri, 21 May 2004 09:33:26 +0300	[thread overview]
Message-ID: <40ADA2B6.3040107@aiqa.com> (raw)
In-Reply-To: <Pine.LNX.4.44.0405201705320.7143-100000@filer.marasystems.com>

Henrik Nordstrom wrote:

>The task you are amiming at (detect duplicate rules) purely involves
>modifying libiptc and requires a reasonable understanding of libiptc as 
>you need to find the previous rule when inserting a new rule.. This is 
>unfortunately not as easy as it may sound as the rules is managed in-place 
>in their binary format and all you have is the offset where the new rule 
>should be inserted.
>

Yes after some study I understand that libiptc needs to be modified. 
When a rule is modified, deleted, appended or inserted we have to check 
the previous and next rule in the chain. (Of course for the first rule 
there will be no previous rule and for the last there will be no next 
rule, so append and insert 1 are easier to check)

>
>The best place for to detect this is probably TC_INSERT_ENTRY. There you 
>have a somewhat reasonable view of the chain in question and access to the 
>binary rule representations.
>  
>
What I think to do is to write a function to check previous and next 
rule. It may get an argument of -1 to check previous rule, 1 to check 
next rule and 0 to check both.

Also it may be a patch for insert_rules. insert_rules is used in all 
rule manuplation functions in libiptc.

I have not decided yet which solution will be the best but I am about to 
find it...

thank you for your comments.

regards,

-- 
Ozgur Akan

next prev parent reply	other threads:[~2004-05-21  6:33 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <40AC600C.2090500@aiqa.com>
2004-05-20  9:52 ` chain_cache Henrik Nordstrom
2004-05-20 12:04   ` chain_cache Ozgur Akan
2004-05-20 15:24     ` chain_cache Henrik Nordstrom
2004-05-21  6:33       ` Ozgur Akan [this message]
2004-05-21  8:57         ` chain_cache Henrik Nordstrom
2004-05-21 10:35           ` chain_cache Ozgur Akan
2004-05-21 11:25             ` chain_cache Henrik Nordstrom
2004-05-13 13:30 chain_cache Ozgur Akan
2004-05-14 11:12 ` chain_cache Ozgur Akan
2004-05-16 12:15   ` chain_cache Henrik Nordstrom

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=40ADA2B6.3040107@aiqa.com \
    --to=akan@aiqa.com \
    --cc=hno@marasystems.com \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.