On 5/26/06, Massimiliano Hofer <max@xxxxxxxxxx> wrote:
I recently became maintainer of the condition patch. You can find a new version at "http://www.nucleus.it/pom-repo/condition.tar.gz";. From now on it will be handled as an external repository. I'm working on some other changes that should make it more acceptable, althought I've been busy in the last couple of weeks.
Sounds good :) Btw. is there somewhere some more recent Netfilter-Hacking-Howto-like documentation besides the kernel sources? The Howto was not even for 2.6, and at least 2.6.16 had some larger netfilter-related changes...
Some considerations: - adding a new system call or ioctl is more intrusive than a proc interface;
Definitely. Adding a new setsockopt option as mentioned in the Howto would be another possibility, but it at least feels a little weird if you can create a socket, set a special option on it and as a result you have influenced the behaviour of netfilter... Nevertheless it's fairly easy to use on the kernel side. Probably netlink/nfnetlink would be another (not file based) alternative.
- a file interface doesn't require a special app.
It also fits nicely into the "everything is a file" paradigm, and it's easy to use if you do write a special app to use that functionality.
You could argue about putting it in /sys or in the brand new configfs. I'd like feedback about the best way to handle this.
/sys seems to be intended for devices and their drivers and configuration, so I'd rather not use it for the configuration of a netfilter match. But after a short look at Documentation/filesystems/configfs/configfs.txt I would say that configfs was intended for this kind of stuff. As for /proc, I don't really know what to say, but my feelings are that it should rather not be used for new non process related things - they have duplicated some hardware related things in /sys which were in /proc already (e.g. the information in /proc/scsi/scsi), and even moved things out of /proc into /sys (iirc, this happened to some i2c/sensors-related stuff). Similar things might happen with configfs. This is why I would prefer a solution not involving /proc. But as I'm not really into kernel programming, I might be completely wrong ;). Best regards Manfred
