Re: [PATCH RFC] xt_layer7 - Patrick McHardy

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: James King <t.james.king@gmail.com>,
	Matthew Strait <quadong@users.sourceforge.net>,
	Netfilter Development Mailinglist
	<netfilter-devel@vger.kernel.org>
Subject: Re: [PATCH RFC] xt_layer7
Date: Sun, 05 Oct 2008 15:50:47 +0200	[thread overview]
Message-ID: <48E8C637.5060700@trash.net> (raw)
In-Reply-To: <alpine.LNX.1.10.0810040750300.19954@fbirervta.pbzchgretzou.qr>

Jan Engelhardt wrote:
> On Saturday 2008-10-04 03:22, James King wrote:
> 
>> I've re-written xt_layer7 (l7-filter) so that it not longer requires
>> patching of the nf_conn structure for data storage, using ct_extend
>> instead, with the goal that it can eventually be used against a
>> vanilla kernel with an unpatched iptables.
> 
> I had the same idea too a while back but put off on it - busy with
> other iptables things :)
> 
> Right now, you still cannot use it with a vanilla kernel because
> patches like #3 you attached enlarges the allocated region (remember,
> NF_CT_EXT_NUM just increased by one!), which is going to be a big
> impact {for users not using all the extensions} {if every imaginable
> extensions adds itself a NF_CT_EXT_ number}.
> 
> Can someone think of a way to nicely fix this up? Like, a linked
> list instead of the ct_extend[] array perhaps? Yes yes, that's not O(1),
> but how many extensions at a time are you using anyway!

That would have a pretty big storage and runtime impact, I
don't think its a good idea.

I think I could agree to add something like a NF_CT_EXT_LIST
extensions that wouldn't be used by mainline, but you could
use it for xtables-addons. There's some padding in nf_ct_ext
so it would (currently) not have any negative impact on mainline.
I haven't spent much though on this so it might not work though.

next prev parent reply	other threads:[~2008-10-05 13:50 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-10-04  7:22 [PATCH RFC] xt_layer7 James King
2008-10-04 11:58 ` Jan Engelhardt
2008-10-05 13:50   ` Patrick McHardy [this message]
2008-10-06 18:57     ` James King
2008-10-06 19:15       ` Jan Engelhardt
2008-10-06 19:48         ` James King
2008-10-08 20:48           ` James King
2008-10-08 21:34             ` Jan Engelhardt
2008-10-09 13:59               ` Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=48E8C637.5060700@trash.net \
    --to=kaber@trash.net \
    --cc=jengelh@medozas.de \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=quadong@users.sourceforge.net \
    --cc=t.james.king@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.