Re: How many ways are there to interact with Linux TCP/IP stack?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Philip Craig <philipc@snapgear.com>
To: Mayank <linuxblr_in@yahoo.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: How many ways are there to interact with Linux TCP/IP stack?
Date: Mon, 27 Feb 2006 11:33:59 +1000	[thread overview]
Message-ID: <44025707.5030800@snapgear.com> (raw)
In-Reply-To: <20060224083724.13182.qmail@web37814.mail.mud.yahoo.com>

On 02/24/2006 06:37 PM, Mayank wrote:
> I am new to netfilter world, can someone please
> clarify on how many ways are there to interact with
> the Linux TCP/IP stack, based on google reading,  I
> think it can be achieved in following 3 ways-
>
> 1. Userspace ¬– LIBIPQ can be used in
>    conjugation with –j QUEUE
> 2. Kernal modules- by using nf_register_hook
> 3. IPTABLES match – by using register_match
>
> Are there more ways? does anybody has any comparison
> info  in terms of performance etc ? Which one is
> faster?

Basically, the only way is nf_register_hook.  The other 2 are just
infrastructure built on top of that.

That is, iptables registers a netfilter hook, and calls the matches
and targets from this hook.

QUEUE is just a iptables target, so it is called by iptables.

For performance, QUEUE is clearly slower, since it passes the packet
to user space.

Choosing between netfilter hooks or iptables matches should be based
purely on whether you want to use iptables functionality.

     prev parent reply	other threads:[~2006-02-27  1:33 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-02-24  8:37 How many ways are there to interact with Linux TCP/IP stack? Mayank
2006-02-27  1:33 ` Philip Craig [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=44025707.5030800@snapgear.com \
    --to=philipc@snapgear.com \
    --cc=linuxblr_in@yahoo.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.