Hi Nicolas, On Thu, Oct 25, 2012 at 02:52:48PM +0200, Nicolas Dichtel wrote: > Le 15/10/2012 15:10, Nicolas Dichtel a écrit : > >Le 02/10/2012 15:06, Nicolas Dichtel a écrit : > >>The following patch is an example of a userspace tools (in fact, iptables) > >>that use the new netlink API to monitor tables activity. > >> > >>I will also send a patch against libnfnetlink to update linux includes with > >>this new feature. > >> > >>Maybe another API can be used for this feature: adding a setsockopt() on an > >>iptc socket to enable monitoring. When a table is updated, a packet (built with > >>CMSG_* macro for example) can be sent over all sockets that monitor tables > >>acitivity (like km sockets in IPsec). I know that this socket was used only with > >>[g|s]etsockopt(), but this can avoid adding another netlink API. > >> > >>Comments are welcome. > >Any feedback about this patch or the other proposed API? > > Still no comment about this feature? Maybe another option to solve the problem? Adding a new nfnetlink subsystem to just reports table updates seems a bit too much to me. I'd aim to the nftables proposal that I just made. If this doesn't happen in a reasonable amount of time, get back to the mailing list and push us again to get this in. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
