Hi Jan, On Wed, 24 Nov 2010, Jan Engelhardt wrote: > By request of Pablo, I am posting the Xtables2 Netlink interface > specification for review. Additionally, further documentation and > toolchain around it is available through the temporary project page at > > http://jengelh.medozas.de/projects/xtables/ > > which currently includes > > * User Documentation Chapter 1: Architectural Differences > > * Developer Documentation Part 1: Netlink interface (WIP) > This is copied below to facilitate inline replies > > * Runnable Linux source tree > > * Runnable userspace library (libnetfilter_xtables) > with small test-and-debug program [...] Please add fine-grained error reporting to the protocol: in my opinion the main shortcoming of the current kernel-userspace xtables protocol is the lack of the proper error reporting. I mean, the new protocol should be able to carry back which rule caused the error, in the rule whether it was a general kind of error (ENOMEM), or a table, chain, match or target error and exactly what was the error at table/chain/match/target level. Say, the TCPMSS target should be able to report back that it cannot be used outside of FORWARD, OUTPUT and POSTROUTING. Or that the rule must match TCP SYN packets. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html