Re: Xtables2 Netlink spec

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Jan,

On Wed, 24 Nov 2010, Jan Engelhardt wrote:

> By request of Pablo, I am posting the Xtables2 Netlink interface 
> specification for review. Additionally, further documentation and 
> toolchain around it is available through the temporary project page at
> 
> 	http://jengelh.medozas.de/projects/xtables/
> 
> which currently includes
> 
>  * User Documentation Chapter 1: Architectural Differences
> 
>  * Developer Documentation Part 1: Netlink interface (WIP)
>    This is copied below to facilitate inline replies
> 
>  * Runnable Linux source tree
> 
>  * Runnable userspace library (libnetfilter_xtables)
>    with small test-and-debug program
[...]

Please add fine-grained error reporting to the protocol: in my opinion the 
main shortcoming of the current kernel-userspace xtables protocol is the 
lack of the proper error reporting. I mean, the new protocol should be 
able to carry back which rule caused the error, in the rule whether it was 
a general kind of error (ENOMEM), or a table, chain, match or target error 
and exactly what was the error at table/chain/match/target level.

Say, the TCPMSS target should be able to report back that it cannot be 
used outside of FORWARD, OUTPUT and POSTROUTING. Or that the rule must 
match TCP SYN packets.

Best regards,
Jozsef
-
E-mail  : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux