From: Patrick McHardy <kaber@trash.net>
To: Joakim Axelsson <gozem@gozem.se>
Cc: Massimiliano Hofer <max@nucleus.it>,
Netfilter Development Mailinglist
<netfilter-devel@lists.netfilter.org>
Subject: Re: priv_data patch
Date: Mon, 14 Aug 2006 16:31:34 +0200 [thread overview]
Message-ID: <44E08946.1040105@trash.net> (raw)
In-Reply-To: <20060814142559.GS7194@kriss.csbnet.se>
Joakim Axelsson wrote:
> 2006-08-14 15:34:05+0200, Patrick McHardy <kaber@trash.net> ->
>
>>I'm afraid I have some bad news ..
>>
>>[...]
>
> I do not completly understand you. Today a modification of ONE rule will or
> will not trigger the checkentry()/init() of ALL rules?
Yes it will. Modification happens like this:
- dump entire table to userspace
- modify table
- send new table to kernel
_All_ matches and target and reinstantiated, since the kernel doesn't
know which rule in the currently active table corresponds to which
in the new table. When moving state out of the data shared with
userspace it will get lost during this.
> I know they did before (in 2.4) since modules i have written has code to
> workaround this. Having a low limiter like say a few packets each 5min can't
> just be reset each time we modify another unrelated rule.
Exactly.
> Latly howver it seams as it doesn't? What do you mean we are breaking with
> this patch? A match/target doesn't have to use this new data area. Just let
> don't alter them and they will continue to act aas they always done? We will
> however provide better tools for new modules (not yet in pom-ng).
Well, if nobody can use it reasonable there is no reason to introduce
it.
next prev parent reply other threads:[~2006-08-14 14:31 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-14 13:34 priv_data patch Patrick McHardy
2006-08-14 14:25 ` Joakim Axelsson
2006-08-14 14:31 ` Patrick McHardy [this message]
2006-08-14 15:20 ` Joakim Axelsson
2006-08-14 15:28 ` Patrick McHardy
2006-08-14 16:04 ` Joakim Axelsson
2006-08-14 16:13 ` Patrick McHardy
2006-08-14 16:55 ` Joakim Axelsson
2006-08-14 16:59 ` Patrick McHardy
2006-08-15 8:27 ` Amin Azez
2006-08-15 8:40 ` Joakim Axelsson
2006-08-14 15:31 ` Patrick McHardy
2006-08-14 15:40 ` Joakim Axelsson
2006-08-14 15:46 ` Patrick McHardy
2006-08-14 15:56 ` Joakim Axelsson
2006-08-14 16:01 ` Patrick McHardy
2006-08-14 16:13 ` Joakim Axelsson
2006-08-14 16:26 ` Patrick McHardy
2006-08-14 16:40 ` Joakim Axelsson
2006-08-14 16:50 ` Patrick McHardy
2006-08-14 17:11 ` Joakim Axelsson
2006-08-14 17:48 ` Patrick McHardy
2006-08-14 17:59 ` Joakim Axelsson
2006-08-14 15:53 ` Massimiliano Hofer
2006-08-14 14:40 ` Massimiliano Hofer
2006-08-14 14:48 ` Patrick McHardy
2006-08-14 14:58 ` Joakim Axelsson
2006-08-14 15:05 ` Patrick McHardy
2006-08-14 16:19 ` Massimiliano Hofer
2006-08-14 16:32 ` Joakim Axelsson
[not found] ` <200608141557.35918.max@nucleus.it>
[not found] ` <44E08AC7.2050204@trash.net>
[not found] ` <200608141702.50753.max@nucleus.it>
2006-08-14 15:14 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44E08946.1040105@trash.net \
--to=kaber@trash.net \
--cc=gozem@gozem.se \
--cc=max@nucleus.it \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.