On Thu, 24 Oct 2002, raptor wrote:
> anyone to know a tool that will display more friendly output ...
> probably a tree like structure (if no cross sections occur)...
Some time ago I've started working on something like this, only
different. ;-)
Actually it is a perl module which interfaces with IPTables (and
so far it only reads standard data, no writing and no special
matching modules...).
What is "special" about it, is that it uses ioctls to read
tables, not libipt. Reasons for it were: first of all libipt
used in a "daemon" leaks memory (some advanced hash-like magic
gets too complicated and not all memory mallocated gets freed),
secondly perl is already equipped with quite efficient means
of managing lists, etc so most of libipt's code isn't needed. :)
And having bypassed libipt gives a little bit more flexibility
(for instance, a matching module could be written as a pure
perl code, using unpack and pack functions)...
Of course most of it is a bit of my wishful thinking, but
some of it works already. Unfortunately it is available
only through anonymous cvs (far too early to release it):
cvs -d :pserver:cvs@atlantis.ssw.krakow.pl:/var/cvs co \
IPTables-perl/perliptc4
Regards,
Dawid
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
