On Tuesday 2010-07-13 02:11, Samuel Ortiz wrote:
>
>The userspace notification Xtables target sends a netlink notification
>whenever a packet hits the target. Notifications have a label attribute
>for userspace to match it against a previously set rule. The rules also
>take a --all option to switch between sending a notification for all
>packets or for the first one only.
>Userspace can also send a netlink message to toggle this switch while the
>target is in place. This target uses the nefilter netlink framework.
Would it not make sense to modify that module?
Sounds an awful lot like NFQUEUE without passing the payload :)
>+++ b/net/netfilter/xt_NFNOTIF.c
>+struct nfnotif_tg {
>+ struct list_head entry;
>+ struct work_struct work;
>+
>+ char *label;
>+ __u8 all_packets;
>+ struct net *net;
>+
>+ __u8 send_notif;
>+
>+ unsigned int refcnt;
>+};
Has unnecessary padding holes.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
