Another state - TIMEDOUT

tlewis@mindspring.com tlewis@mindspring.com
Sat, 21 Jul 2001 15:56:02 -0400 (EDT) 

I will Monday be releasing an alpha userland packet manipulation framework
suited for this sort of application.  Anyone interested in participating
in its early development can drop me a line, and I will make sure that
they are in the loop.  v0 public release is slated for September.

--
Todd Lewis
tlewis@mindspring.com

On Sat, 21 Jul 2001, Harald Welte wrote:

> On Fri, Jul 20, 2001 at 09:46:12PM +0000, Fabrice MARIE wrote:
> 
> > Why don't you implement this in userland using ip_queue?
> 
> Exactly. I think this is the way to go. 
> 
> > You could queue all the untracked packets, and in userland check if
> > they are part of a timeout connection...
> 
> Hm, the only issue is how would you know which packets are 'untracked'.
> Yes, of course, you can queue all the NEW packets to userspace, but then
> you would have a noticable delay durinc connection establishing.
> 
> > userland memory limit in not an issue as big as in kernel space.
> 
> yup. it can be swapped, 
> 
> > Additionally, the delay of doing this in userland is not so important,
> > since it's not a time critical data, the packets are going to be dropped
> > anyway, and the admin can largely wait that the log happens..
> 
> Why don't use the ULOG target?  The ULOG target would copy you the packets
> (or even only the packet headers) to userspace, while the real packet does
> not get delayed.
> 
> For getting information about the 'old' conntrack entries, I think using
> Jay Schulist's ctnetlink patch is the way to go. 
> 
> So you have one userspace process who get's netlink messages each time 
> a conntrack entry dies, and you get all new packets. By saving all that
> 'died' conntrack entry and matching the packets you receive over ULOG 
> against them, ...
> 
> > > > But honestly, I can't really tell, since I'm not completely familiar
> > > > with most of the internal guts of the conntrack hash tables and stuff.
> > > This is also why I haven't tried to patch something in myself ..
> > 
> > I wouldn't patch it myself as well ;-)
> 
> Well, as it is doable complete in userspace, I don't think that everybody
> can do that, no need to know anything about kernel hacking.
> 
> > > > I wonder what Mr. Harald thinks....
> > > So do I :)
> > 
> > Harald... Any comments ?
> 
> Sure. I was just busy travelling the last days. Now left the brazilian
> Winter and am in sunny Ottawa, Canada :)
> 
> > Have a nice day,
> > Fabrice.
> 
> -- 
> Live long and prosper
> - Harald Welte / laforge@gnumonks.org                http://www.gnumonks.org
> ============================================================================
> GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M- 
> V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*)
>