Hi everybody,
I'm currently working on a project that relies on manipulation of iptables in
order to perform fine data packet accounting. This manipulation is performed
dynamically, so the code initially used libiptc.
Since iptables 1.4.0, libiptc is not distributed anymore, so I resolved to
incorporate the code into our own source distribution, just as people from
collectd seemingly did. All seemed to work well until yesterday, when we
eventually pinpointed our calls to the (internal) libiptc as a cause of a
kernel freeze. It only happened on a generic Ubuntu Hardy kernel
(2.6.24-22-generic) on one particular laptop (I didn't succeed in reproducing
the freeze on another hardware with the same distribution). I suppose it has
something to do with the change of the format of data flowing to kernelspace
(iptables 1.3.8 came distributed on that freezing machine), could anyone here
confirm that this is possible indeed?
Now my question is: how are we supposed to proceed from now on in order to
manipulate iptables? I read about libxtables and the corresponding libxtc.h
(though these are not yet packaged in the current Ubuntu Intrepid), but it's
not clear to me how the communication with the kernel is actually to be done.
Thanks for any information that could help me making this work properly.
Ignacy
--
P.S. All information contained in the above letter is false,
for reasons of military security.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
