From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Patrick McHardy <kaber@trash.net>
Cc: Philip Craig <philipc@snapgear.com>, Thomas Graf <tgraf@suug.ch>,
Netfilter Development Mailinglist
<netfilter-devel@vger.kernel.org>
Subject: Re: libnl netfilter log
Date: Sat, 08 Dec 2007 19:16:25 +0100 [thread overview]
Message-ID: <475ADF79.1030204@netfilter.org> (raw)
In-Reply-To: <475A2987.8030505@trash.net>
Patrick McHardy wrote:
> I've added support for netfilter queueing to libnl based on the
> logging support and would like to suggest a few changes.
>
> One of the problems with the netfilter libraries has been adding
> support for new features, since that often required changing
> function signatures, for example:
>
> extern int nfq_set_verdict(struct nfq_q_handle *qh,
> u_int32_t id,
> u_int32_t verdict,
> u_int32_t data_len,
> unsigned char *buf);
>
> extern int nfq_set_verdict_mark(struct nfq_q_handle *qh,
> u_int32_t id,
> u_int32_t verdict,
> u_int32_t mark,
> u_int32_t datalen,
> unsigned char *buf);
>
> libnl always took an object-centric approach, so this would
> look something like this:
>
> nfnl_queue_msg_set_verdict(pkt, verdict);
> nfnl_queue_msg_set_mark(pkt, mark);
> nfnl_queue_msg_send_verdict(pkt);
>
> which avoids this problem. The libnl logging support deviates
> from this scheme, for example with this function:
>
> int nfnl_log_set_mode(struct nl_handle *nlh, uint16_t queuenum,
> uint8_t copy_mode, uint32_t copy_range)
>
> What I would like to change is make struct nfnl_log the logging
> instance, so you would have:
>
> nfnl_log_set_mode(log, mode);
> nfnl_log_set_copy_range(log, range);
> nfnl_log_send_config(log);
>
> and add a new struct nfnl_log_message, which represents the
> actual messages. Similar for queueing, we would have a
> struct nfnl_queue and nfnl_queue_message.
>
> Any objections or suggestions to this API change?
Looks fine to me. Actually, much better than the current API :)
> Somewhat related, there currently is a problem with message
> reception since libnl uses a page-sized buffer for recvmsg(),
> but netfilter can send messages up to 64k. I recall there
> was some recvmsg buffer size probing some time ago, but it
> seems to be gone. Should I reintroduce it, increase the size
> to 64k or make it configurable?
If you reintroduce the probing I think that something similar to the
libnfnetlink behaviour would be fine. But, indeed, I prefer to make it
configurable.
--
"Los honestos son inadaptados sociales" -- Les Luthiers
next prev parent reply other threads:[~2007-12-08 18:16 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-12-08 5:20 libnl netfilter log Patrick McHardy
2007-12-08 18:16 ` Pablo Neira Ayuso [this message]
2007-12-08 18:24 ` Pablo Neira Ayuso
2007-12-09 16:08 ` Patrick McHardy
2007-12-09 16:09 ` Patrick McHardy
2007-12-10 0:53 ` Philip Craig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=475ADF79.1030204@netfilter.org \
--to=pablo@netfilter.org \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=philipc@snapgear.com \
--cc=tgraf@suug.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.