On Fri, 15 Apr 2011, Jean-Philippe Menil wrote: > Le 15/04/2011 14:53, Jozsef Kadlecsik a ?crit : > > > > On Thu, 14 Apr 2011, Jean-Philippe Menil wrote: > > > > > Le 31/03/2011 21:55, Jean-Philippe Menil a ?crit : > > > > That's what i tought, and i needed to be sure. > > > > > > > > As i can miss the counters for the moment, i will kept my rules. > > > > But as i'm very intereted by ipset, i will think to do otherwise. > > > I return to this story of counters. > > > Since, i don't really need some counters, but just to know when there is > > > no > > > more traffic for a user to decrement an idle timeout; > > > i decide to use ipset with the bitmap ip,mac and the timeout value. > > > > > > However, the timeout doesn't do really what i need, i use a dirty hack to > > > set > > > the timeout counters every time a packet is matched; > > > so when there are no more packet, the timeout value begin to decrement. > > > > > > I do this in the bitmap_ipmac_ttest function, i'm just wondering if it is > > > the > > > right place to do this? > > The proper way would be to reset the timeout value by the SET target, > > which is not supported yet. > > you mean, in the iptables userspace? > > Why not, had a flag like "-idle" in ipset, and reset the timeout to defaults > when the flag is set? > > I'm just asking this, to be sure to do this properly, even if this request is > margin. Both sides need to support the functionality: kernel and userspace. Before weekend I'll release ipset 6.4 which will support it. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
