Pablo Neira Ayuso wrote:
Jan Engelhardt wrote:
What will netlink bring us, with respect to the two states:
- old iptables, new kernel
- new iptables, old kernel
so matching some UUIDs (and .revision is one, more or less) seems like the way
to go.
Netlink doesn't stick us to fixed structure layouts as it happens to the
current interface since we represent the messages kernel <-> userspace
in TLV (type-length-value) format. Thus, userspace and kernel won't
share structures and new features just require a new type. For that
reason, the netlink interface won't require such revision infrastructure.
Not that I'm against your patches, I'm just stating the right direction
to go for those 5-10 years that you have mentioned. And of course, we
don't have a single line of such interface at the moment :)
Actually we do, I've been working on it, but had to interrupt
for some other stuff. I hope to get back to it over christmas
and beginning of next year. The goal is to add a compat layer
for old iptables userspace, but I don't really care about how
ugly it gets since we hopefully never have to look at it again
until its removal :)
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
