On Tue, 2010-07-13 at 13:49 +0200, ext Jan Engelhardt wrote: > On Tuesday 2010-07-13 12:23, Luciano Coelho wrote: > >> > >> Indeed, this looks to me like something that you can do with NFLOG and > >> some combination of matches. > > > >Is it possible to have the NFLOG send only one notification to the > >userspace? In the example above, once the quota exceeds, the userspace > >will be notified of every packet arriving, won't it? That would cause > >unnecessary processing in the userspace. > > > >The userspace could remove the rule when it gets the first notification > >and only add it again when it needs to get the information again (as a > >"toggle" functionality), but I think that would take too long and there > >would be several packets going through before the rule could be removed. > > With xt_condition that should not be a problem > (-A INPUT -m condition --name ruleXYZ -j NFLOG..) > This is settable through procfs. Right. I didn't know about the condition match, because I can't see it either on net-next-2.6 nor on nf-next-2.6. I found your patch in the netfilter-devel archives, though. Any idea when it will be applied? -- Cheers, Luca. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
