From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Eric Leblond <eric@inl.fr>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [ULOGD2 PATCH 0/3] cleaning and build feature
Date: Fri, 12 Sep 2008 01:49:40 +0200 [thread overview]
Message-ID: <48C9AE94.1000208@netfilter.org> (raw)
In-Reply-To: <1221166085-23435-1-git-send-email-eric@inl.fr>
Eric Leblond wrote:
> Hello,
>
> This small patchset contains some cleaning and implement conditionnal compilation
> of NFLOG and NFCT input plugins. This feature was contained in the TODO list and I
> think it could be useful on system where one of the NFCT or NFLOG plugin can not
> be used.
>
> Las tpatch update the TODO list. The remaining item in this TODO list are:
> - add support for capabilities to run as non-root: It could be interesting but
> I don't know if we could achieve it with libnetfilter_log or libnetfilter_conntrack.
The binding and the sending requires CAP_NET_ADMIN, so we can initially
bind as root and them change to a non-root user to receiver messages,
this seem feasiable with libnetfilter_log. However, the problem here is
the resynchronize routine that I have introduced in NFCT: we request a
dump when we hit ENOBUFS and that's a sending.
Let me think about, maybe we can do something with a fork and a pipe.
> - support for static linking: As ulogd2 is plugin based, it may be strange but some
> embedded system could use it.
> - issues with ulogd_BASE and partially copied packets (--ulog-cprange): Has somebody
> encounter the problem ?
> - problem with ulogd_BASE and fragments: same remark
Probably outdated comment? We can ask Harald during workshop days.
> - port SQLITE3 plugin: Holger's work could be reused but the code was not really clean.
We can recover that work. We also have to add a change to db.c since
SQLITE3 has no procedures IIRC.
> - convert db layer and pgsql + mysql plugin to a 'parameter bind' scheme for efficiency:
> I don't understand the point.
Probably Harald can put some light on it.
> - autoconf detection of SCTP / DCCP support: Well, why not ;)
>
> From my point of view, there is no other thing in the TODO list before a RC release.
>
> Am I missing something ?
I have added BSF support to libnetfilter_conntrack. This could be
interesting to filter ctnetlink event messages from kernel-space. You
can find an example in the configuration file of conntrackd, see the
Filter clause.
The problem is the current configuration file format which is quite
cryptic. Using something flex/bison-based would be more flexible, but we
have to think about the file format before.
I have other concerns, I'm willing to schedule some time for ulogd to
make a new TODO list, we can probably discuss them during the workshop.
--
"Los honestos son inadaptados sociales" -- Les Luthiers
next prev parent reply other threads:[~2008-09-11 23:56 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-09-11 20:48 [ULOGD2 PATCH 0/3] cleaning and build feature Eric Leblond
2008-09-11 23:49 ` Pablo Neira Ayuso [this message]
2008-09-12 1:24 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48C9AE94.1000208@netfilter.org \
--to=pablo@netfilter.org \
--cc=eric@inl.fr \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox