| |
| |
| |
|
Comments:
<0> gug
<1> gug
<0> gug :)
<2> gug
<2> Octavian: have you seen the userspace ctsync daemon Pablo just posted to netfilter-devel ?
<0> no, not yet
<0> Gandalf: there is a bunch of email i have to dig through...
<2> I have the same problem :(
<2> especially wrt linux-kernel
<1> me too, I already gave up reading linux-kernel
<1> and after a week spent without reading emails I've a _lot_ of emails to read...
<3> hey hidden
<1> Gandalf_: I'm looking for a relatively short paper about RCU (basic concepts, etc)
<1> Gandalf_: do you have any suggestions?
<1> jengelh: hello
<3> lwn.net
<3> http://lwn.net/Articles/37889/
<3> http://lwn.net/Articles/93617/ http://lwn.net/Articles/174641/
<3> http://lwn.net/Articles/4974/
<1> ok, thanks
<3> google for "rcu site:lwn.net"
<3> oh and might take a look at LDD3
<2> Hidden: what are you going to use rcu for?
<1> Gandalf_: a Netfilter module implementing the zone-based DAC (discretional access control) layer of Zorp
<1> Gandalf_: thus it will be possible to use the same access control model for packet filtered and proxyed traffic
<1> Gandalf_: and I'd like to convince Bazsi that using RCU will be OK
<2> Hidden: heh, rcu is nice
<2> Hidden: my summer project is to rcuify conntrack, and possibly to port ipv4 NAT to nf_conntrack
<2> and maybe rcuify NAT as well
<4> Hi, can anybody point me to a howto or some article about the new x_tables architecture in netfilter?
<5> i'm using iptables to cl***ify my NATs packets for QoS sharing. say for prioritizing ssh, do i need a --sport and --dport or just the one of them?
<6> hey
<6> i started logging NET tcp connections from my lan to internet
<6> the bad thing i need UDP too, and that is stateless. Any idea how to log like only one packet between two endpoints (ip:port) each 5 minutes?
<7> do the logging via netlink and have a perl script remember data and compare based on that.
<7> but that's just a guess :)
<6> and the perfomance will be?
<6> ;-)
<7> wibble. :)
<6> I'm currently logging thru ULOG
<1> Gandalf_: will you have _that_ much time? :)
<2> Hidden: heh, rcuify conntrack is my primary goal (and optimize parts of it as well), then I'll see how much time I have left
<7> hmm. is there any way to escape a chain and continue on with the next rule after that chain is called?
<6> -j RETURN
<7> does I need a specific version of iptables for that?
<2> CaT[tm]: no, works in all versions
<7> hrm
<2> arturaz: are you using conntrack, if so then you can use -m state --state ESTABLISHED -j ULOG for the logging
<6> well, i'm only logging state NEW in tcp
<2> Hidden: I'll have four weeks vacation, hopefully I'll have time for some serious coding
<6> however, what's with the udp?
<2> arturaz: sorry, I actually meant NEW :)
<6> i thought it was stateless?
<7> ok. I have a bad case of selective blindness. no idea how many times I've looked at the manpage for that.
<2> arturaz: conntrack keeps "state" of udp as well
<6> how does it do that? ;]
<6> don't answer
<6> i know
<6> voodoo magic...
<2> :)
<7> lots of ram ;)
<7> at a guess. :)
<0> hi arturaz :)
<6> hi Octavian
<6> ;P
<0> arturaz: I will take a look at your code this evening, my 'ctsyncd' is almost done, too ;)
<7> time to have fun with dhcp and iptables and RETURN :)
<6> Octavian, my code? ;-)
<0> arturaz: yes, I will take a look at your conntrackd
<6> _my_ conntrackd? ^_^ :)
<8> octavian: you seem to be under some misunderstanding ;)
<0> LaF0rge: so... tell me :)
<1> Octavian: arturaz != Pablo
<6> yay, someone mixed me with Pablo :)
<6> i feel honored ;]
<6> anyone knows how to gzip ULOG logs on the fly?
<7> I do enjoy remotely changing firewall rules
<6> =]]
<6> heh, that is one of the best things in life
<6> esp. if someone breaks
<7> kinda wishing I could set a default rule for a chain outside of the rule-list. would make appending rules a lot easier.
<7> or the ability to use negative rule numbers with say -2 being the spot just before the last rule.
<6> CaT[tm], ever heard about chain policies?
<7> can't set them on custom chains I believe
<6> yeah, that ****s =]
<2> CaT[tm]: negative rulenumbers wouldn't be very hard to implement...
<7> gandalf: are the rules backwards linked with a link to the last one or do you have to count and step back?
<7> art: yeah. that'd be dandy.
<2> CaT[tm]: it's a doubly-linked circular list, one optimization when modifying rulesets is actually to walk backwards through the rules if the affected position is in the "bottom half" of the rules
<7> gandalf: so -ve rule numbers would just be a modifier of that. kinda reverse the logic.
<2> CaT[tm]: we have the total number of rules in the chain. So what's needed is only to use that number minus the new number and then use that instead
<7> yeah and then carry on as normal
<2> yes
<2> should be fairly simple
<7> 2 lines I'd say. :)
<7> an if and a sub.
<2> yes
<2> and a boundary-check as well so we don't try to access a real rule-numer -557
<2> etc
<7> yeah. :)
<7> abs(rn) <= numrules or somesuch
<7> there's probably a check for that already, no?
<2> yes but it probably only checks positive numbers and rejects all negative :)
<9> 2.6.16.18 dedicated to NETFilter i see =)
<10> hi all, someone knows if I can throttle down the the throughput to a given host ? I need this for testing a an issue with slow connections.
<11> hi! i don't know how a PPPoE works because i don't have one yet but i need to know how can i find what eth is linked to what ppp. can someone help me please? i'm interested in the pppoe client side
<0> hu
<8> hi octavian
Return to
#netfilter
or
Go to some related
logs:
framebuffer in menu.list
suse vnc on :0
+javascript +removeChild +an object exists
82801BA AC97 FC5
3gpwiz gentoo
filadoda
+open source autodialer
#bash
remove ClamScanned
#kde
|
|