Le 15/04/2011 14:53, Jozsef Kadlecsik a écrit :
Hi,
On Thu, 14 Apr 2011, Jean-Philippe Menil wrote:
Le 31/03/2011 21:55, Jean-Philippe Menil a écrit :
That's what i tought, and i needed to be sure.
As i can miss the counters for the moment, i will kept my rules.
But as i'm very intereted by ipset, i will think to do otherwise.
I return to this story of counters.
Since, i don't really need some counters, but just to know when there is no
more traffic for a user to decrement an idle timeout;
i decide to use ipset with the bitmap ip,mac and the timeout value.
However, the timeout doesn't do really what i need, i use a dirty hack to set
the timeout counters every time a packet is matched;
so when there are no more packet, the timeout value begin to decrement.
I do this in the bitmap_ipmac_ttest function, i'm just wondering if it is the
right place to do this?
The proper way would be to reset the timeout value by the SET target,
which is not supported yet.
Best regards,
Jozsef
-
E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary
Hi,
you mean, in the iptables userspace?
Why not, had a flag like "-idle" in ipset, and reset the timeout to
defaults when the flag is set?
I'm just asking this, to be sure to do this properly, even if this
request is margin.
Thanks for your advice
--
Jean-Philippe Menil - Pôle réseau Service IRTS
DSI Université de Nantes
jean-philippe.menil@xxxxxxxxxxxxxx
Tel : 02.53.48.49.27 - Fax : 02.53.48.49.09
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
