On 08/07/2018 05:46 PM, Laura Garcia wrote:
On Fri, Aug 3, 2018 at 11:03 AM, Oleg <lego12239@xxxxxxxxx> wrote:
On Fri, Aug 03, 2018 at 01:21:05AM +0430, Saber Rezvani wrote:
On 08/03/2018 12:14 AM, Oleg wrote:
On Thu, Aug 02, 2018 at 06:44:26PM +0430, Saber Rezvani wrote:
Dear all,
Some of my friends and I have decided to work on Linux community, and
add a new feature to the networking subsystem. We have concluded that
URL filtering with IP/NF tables may be a good feature if we can
implement it in Linux networking subsystem. Because through our research
we found out with the current IP/NF tables since that payload is spread
through several packets, it is not possible.
Hi!
I believe that this is a very feasible feature, at least for header
filtering. In fact, iptables has already a string match that could be
used for this purpose.
Hopefully, this ability will be available for nft soon.
Do you know who exactly working on this feature in nft? could you
possibly introduce me to him/her?
You know we have decided to work on this issue. So It is a best practice
to get in touch with running development team who works on this feature.
Even we can join them, too.
Do you think this feature will be useful now? For example, filtering uri in
https isn't possible and http using is decreasing now.
There are some components in the kernel to decrypt HTTPS, so
software-based ssl offload in the kernel is coming.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html