On 08/03/2018 12:14 AM, Oleg wrote:
On Thu, Aug 02, 2018 at 06:44:26PM +0430, Saber Rezvani wrote:
Dear all,
Some of my friends and I have decided to work on Linux community, and
add a new feature to the networking subsystem. We have concluded that
URL filtering with IP/NF tables may be a good feature if we can
implement it in Linux networking subsystem. Because through our research
we found out with the current IP/NF tables since that payload is spread
through several packets, it is not possible.
IMHO, this can be easier implemented with help of userspace.
This can be nfq-based program(something like
https://github.com/lego12239/trfl), that assembles tcp session packets
and mark matched connections for blocking.
In that case I think we will lose a great deal of performance,
won't we?
First of all, I am eagerly looking forward to having your opinion about
this feature? Secondly, how could possibly we assure that community will
accept this feature? You know we want to have a contribution for the
community.
Do you think this feature will be useful now? For example, filtering uri in
https isn't possible and http using is decreasing now.
Why this feature is not useful? I believe URL filtering has its own
customers, hasn't it?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
