From: Scaramanga <scaramanga@barrysworld.com>
To: linux-kernel@vger.kernel.org
Subject: Re: Firewall netlink question...
Date: Mon, 22 Jan 2001 10:26:00 +0000 [thread overview]
Message-ID: <20010122102600.A4458@lemsip.lan> (raw)
In-Reply-To: <20010122073343.A3839@lemsip.lan> <Pine.LNX.4.21.0101221045380.25503-100000@titan.lahn.de>
In-Reply-To: <Pine.LNX.4.21.0101221045380.25503-100000@titan.lahn.de>; from pmhahn@titan.lahn.de on Mon, Jan 22, 2001 at 09:46:03 +0000
Hi,
> QUEUE means to pass the packet to userspace (if supported by the kernel).
Looking at the code it seemed to do the same thing as the old netlink, but
with more complexity, to what end though, i couldnt tell, was only a brief
skim.
> $ sed -n -e '1874,1876p' /usr/src/linux-2.4.0/Documentation/Configure.help
> CONFIG_IP_NF_QUEUE
> Netfilter has the ability to queue packets to user space: the
> netlink device can be used to access them using this driver.
>
> $ lynx /usr/share/doc/iptables/html/packet-filtering-HOWTO-7.html
>
Yeah, after some quick googling and freshmeating, i came accross a daemon
that picked up these QUEUEd packets and multiplexed them to various child
processes, which seemed very innefcient, the documentation said something
about QUEUE not being multicast in nature, like the old firewall netlink.
What was wrong with the firewall netlink? My re-implementation works great
here. I can't see why anything else would be needed, QUEUE seems twice as
complex. Unless with QUEUE the userspce applications can make decisions on
what to do with the packet? In which case, it would be far too inefficient
for an application like mine, where all i need is to be able to read the
IP datagrams..
Am I missing something totally obvious?
Regards
--
// Gianni Tedesco <scaramanga@barrysworld.com>
Fingerprint: FECC 237F B895 0379 62C4 B5A9 D83B E2B0 02F3 7A68
Key ID: 02F37A68
egg.microsoft.com: Remote operating system guess: Solaris 2.6 - 2.7
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2001-01-22 10:27 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-01-22 7:33 Firewall netlink question Scaramanga
2001-01-22 9:46 ` Philipp Matthias Hahn
2001-01-22 10:26 ` Scaramanga [this message]
2001-01-22 11:28 ` Daniel Stone
2001-01-22 11:58 ` Scaramanga
2001-01-23 7:33 ` Daniel Stone
2001-01-24 4:28 ` Scaramanga
2001-01-24 12:30 ` Harald Welte
2001-01-24 15:26 ` Scaramanga
2001-01-24 12:27 ` Harald Welte
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20010122102600.A4458@lemsip.lan \
--to=scaramanga@barrysworld.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox