----- Original message -----
>
> On Friday 2010-07-16 14:16, Luciano Coelho wrote:
> > > >
> > > > Yes, of course, but I meant without exporting it to procfs. ;) That
> > > > would probably make the code a lot simpler (actually I can't
> > > > imagine
> a
> > > > simpler match/target than a "variable" match/target ;)
> > >
> > > Well, if not procfs, what should influence this anonymous variable?
> > > The weather? (No really, that came up at last NFWS. Using a
> userspace
> > > program, you can write into the procfs file and thus firewall based
> upon
> > > storm and thunder....)
> >
> > Heh! :)
> >
> > What I need is a state variable that is set and read by netfilter
> > tables. The idea is to have a state variable high_throughput that will
> > be set to true (high) or false (low) depending on the rateest results.
> > This would be used to prevent multiple NFLOG events for the same state
> > (say, "HIGH") from being sent to userspace.
>
> We have exactlt that -- the nfmark, accessible via -j MARK.
Yes, but with nfmark we have to mangle every packet. I was thinking about a "global" mark, that is not associated with either packets nor connections.
That would be the condition match plus a way to set it with netfilter rules.
--
Cheers,
Luca��.n��������+%�������w��{.n����z�����n�r�������&��z�ޗ�zf���h���~����������_��+v���)ߣ�
