Re: Firewall netlink question...

Harald Welte (laforge@gnumonks.org)
Wed, 24 Jan 2001 13:27:53 +0100


On Mon, Jan 22, 2001 at 10:26:00AM +0000, Scaramanga wrote:
>
> Yeah, after some quick googling and freshmeating, i came accross a daemon
> that picked up these QUEUEd packets and multiplexed them to various child
> processes, which seemed very innefcient, the documentation said something
> about QUEUE not being multicast in nature, like the old firewall netlink.

ah... you are referring to my ipqmpd (ip queue multiplex daemon). Yes, it
is not very efficient. But it is right now the only way to have multiple
processes using the ip_queue.

The ideal solution is a queue handler which does in fact handle more than
one queue from inside the kernel. Unfortunately nobody got around writing
it yet.

> What was wrong with the firewall netlink? My re-implementation works great
> here. I can't see why anything else would be needed, QUEUE seems twice as
> complex. Unless with QUEUE the userspce applications can make decisions on
> what to do with the packet? In which case, it would be far too inefficient
> for an application like mine, where all i need is to be able to read the
> IP datagrams..

well... the ip_queue module as opposed to your implementation as iptables
target has the following advantages:

- can be used from each netfilter-hook attached code (not only from
an ip table)
- is more generic (you can register different queue handler, ipv6, ...)

btw: please move this discussion to netfilter-devel@lists.samba.org

> Regards

-- 
Live long and prosper
- Harald Welte / laforge@gnumonks.org                http://www.gnumonks.org
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M- 
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/