Pablo Neira Ayuso wrote:
Hi Jozsef,
Pablo Neira Ayuso wrote:
I see, but something similar to nfnetlink_queue/NFQUEUE (per-process)
together with an extended version of the `conntrack match' for events
would be more flexible
Another very simple choice can be to add more multicast groups according
to the sort of events. We can get more fine grain event selection while
keeping it per-process. Currently, there's only three sort of events:
NEW, UPDATE and DESTROY. We can add more netlink multicast groups to
allow user-space to select what kind of events they are interested.
netlink doesn't seem to support overlapping event groups, and UPDATE and
ASSURED groups would overlap. Thus, we'll need to call
netlink_broadcast() twice. I still don't find a non-intrusive way to do
some non-BPF-based filtering :(
--
"Los honestos son inadaptados sociales" -- Les Luthiers
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
