From: Patrick McHardy <kaber@trash.net>
To: Luciano Coelho <luciano.coelho@nokia.com>
Cc: ext Jan Engelhardt <jengelh@medozas.de>,
"netfilter-devel@vger.kernel.org"
<netfilter-devel@vger.kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
Timo Teras <timo.teras@iki.fi>
Subject: Re: [RFC] netfilter: WIP: Xtables idletimer target implementation
Date: Mon, 31 May 2010 17:59:47 +0200 [thread overview]
Message-ID: <4C03DCF3.1080001@trash.net> (raw)
In-Reply-To: <1275040724.24490.121.camel@chilepepper>
Luciano Coelho wrote:
> On Fri, 2010-05-28 at 10:05 +0200, ext Jan Engelhardt wrote:
>> On Friday 2010-05-28 07:25, Luciano Coelho wrote:
>>> Do you have any other suggestion on how I can associate the rules to
>>> specific interfaces?
>> -A INPUT -i foo -j do
>> -A do -j idletimer
>>
>> A little funny, but actually this would allow me to keep a timer
>> for a group of interfaces rather than just per-if.
>
> Yes, this is what our userspace apps are doing. I've formulated my
> question in an unclear way. If you check the rest of the code, I create
> sysfs files under the interface's directory and use it as an attribute
> to notify the userspace when the timer has expired.
>
> In short, I need to figure out a way to associate each rule with an
> interface in sysfs, so I can notify the userspace when the timer has
> expired. I couldn't figure out another way to do it. Any suggestions?
How about just using an arbitrary user-supplied name? People can
name them after interfaces, or anything else.
>>>>> +static int xt_idletimer_checkentry(const struct xt_tgchk_param *par)
>>>>> +{
>>>>> + const struct xt_idletimer_info *info = par->targinfo;
>>>>> + const struct ipt_entry *entryinfo = par->entryinfo;
>>>>> + const struct ipt_ip *ip = &entryinfo->ip;
>>>> I'm not sure spying on ipt_ip is a long-term viable solution.
>>> Do you have any other suggestions on how I could get an interface
>>> associated with the rule? I thought about having the userspace pass the
>>> interface as an option to the rule (like I already do for the timeout
>>> value), but that looked ugly to me, since the interface can already be
>>> defined as part of the ruleset.
>> I have patches ready since a while that decouple ipt_ip
>> from a rule, so there is no guarantee that such will exist.
>
> Okay, if that's the case, then I don't know how to associate the rule
> with a specific net object in the kobject tree. Maybe I have to figure
> out a different way to notify the userspace, unless I add the target
> option I mentioned above. :/
>
>
next prev parent reply other threads:[~2010-05-31 15:59 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-27 20:54 [RFC] netfilter: WIP: Xtables idletimer target implementation Luciano Coelho
2010-05-27 23:17 ` Jan Engelhardt
2010-05-28 5:25 ` Luciano Coelho
2010-05-28 8:05 ` Jan Engelhardt
2010-05-28 9:58 ` Luciano Coelho
2010-05-31 15:59 ` Patrick McHardy [this message]
2010-05-31 19:12 ` Luciano Coelho
2010-05-31 19:51 ` Jan Engelhardt
2010-05-31 20:11 ` Luciano Coelho
2010-05-31 20:31 ` Luciano Coelho
2010-06-01 18:33 ` Luciano Coelho
2010-06-01 18:38 ` Jan Engelhardt
2010-06-01 18:41 ` Luciano Coelho
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C03DCF3.1080001@trash.net \
--to=kaber@trash.net \
--cc=jengelh@medozas.de \
--cc=luciano.coelho@nokia.com \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=timo.teras@iki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.