* [RFC,PATCH] introduce new API for libnfnetlink
@ 2006-06-18 23:26 Pablo Neira Ayuso
2006-06-21 16:24 ` Amin Azez
0 siblings, 1 reply; 2+ messages in thread
From: Pablo Neira Ayuso @ 2006-06-18 23:26 UTC (permalink / raw)
To: Netfilter Development Mailinglist; +Cc: Harald Welte, Patrick McHardy
Hi!
I have been spending some time on libnfnetlink these days based on a
previous patch that I sent some time ago [1]. Since the amount of
changes would result in API breakages, that is something that I consider
that we don't want, I decided to start some kind of version 2 of
libnfnetlink, the major changes from the current version is:
- Uniform error handling via errno
- Use of new netlink ADD_MEMBERSHIP socket option to join multicast groups
- A new approach for challenge functions listen/talk, now they use the
callbacks registered via register_callback()
- Single loop processing: nfnetlink_process()
- Iterators: more control for the programmer in the nfnetlink data
processing
- addattr* simplification
- Documentation available
The patch is available at:
http://people.netfilter.org/pablo/libnfnetlink-newapi.patch
This is still a work in progress, it needs more testing. I have plans to
do something similar for libnetfilter_conntrack in order to solve the
existing limitations.
Comments welcome.
[1] http://patchwork.netfilter.org/netfilter-devel/patch.pl?id=3315
--
The dawn of the fourth age of Linux firewalling is coming; a time of
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [RFC,PATCH] introduce new API for libnfnetlink
2006-06-18 23:26 [RFC,PATCH] introduce new API for libnfnetlink Pablo Neira Ayuso
@ 2006-06-21 16:24 ` Amin Azez
0 siblings, 0 replies; 2+ messages in thread
From: Amin Azez @ 2006-06-21 16:24 UTC (permalink / raw)
To: netfilter-devel; +Cc: Harald Welte, Patrick McHardy
Pablo Neira Ayuso wrote:
> Hi!
>
> I have been spending some time on libnfnetlink these days based on a
> previous patch that I sent some time ago [1]. Since the amount of
> changes would result in API breakages, that is something that I consider
> that we don't want, I decided to start some kind of version 2 of
> libnfnetlink, the major changes from the current version is:
>
> - Uniform error handling via errno
> - Use of new netlink ADD_MEMBERSHIP socket option to join multicast groups
> - A new approach for challenge functions listen/talk, now they use the
> callbacks registered via register_callback()
> - Single loop processing: nfnetlink_process()
> - Iterators: more control for the programmer in the nfnetlink data
> processing
> - addattr* simplification
> - Documentation available
>
> The patch is available at:
>
> http://people.netfilter.org/pablo/libnfnetlink-newapi.patch
Thanks for this Pablo.
As long as there is still a way to exit the message reading loop at the
end of the current packet (without discarding any messages), then it
will suit me.
I'm using the old conntrack API by receiving events and periodic dumps
of all conntracks over the same netlink. At certain times a signal goes
off which sets a flag to exit the read loop after the current netlink
packet, then a conntrack dump is requested and the readloop is re-entered.
I suppose this will still be possible?
Sam
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-06-21 16:24 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-06-18 23:26 [RFC,PATCH] introduce new API for libnfnetlink Pablo Neira Ayuso
2006-06-21 16:24 ` Amin Azez
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.