Another state - TIMEDOUT
Sat, 21 Jul 2001 15:56:02 -0400 (EDT)
I will Monday be releasing an alpha userland packet manipulation framework
suited for this sort of application. Anyone interested in participating
in its early development can drop me a line, and I will make sure that
they are in the loop. v0 public release is slated for September.
On Sat, 21 Jul 2001, Harald Welte wrote:
> On Fri, Jul 20, 2001 at 09:46:12PM +0000, Fabrice MARIE wrote:
> > Why don't you implement this in userland using ip_queue?
> Exactly. I think this is the way to go.
> > You could queue all the untracked packets, and in userland check if
> > they are part of a timeout connection...
> Hm, the only issue is how would you know which packets are 'untracked'.
> Yes, of course, you can queue all the NEW packets to userspace, but then
> you would have a noticable delay durinc connection establishing.
> > userland memory limit in not an issue as big as in kernel space.
> yup. it can be swapped,
> > Additionally, the delay of doing this in userland is not so important,
> > since it's not a time critical data, the packets are going to be dropped
> > anyway, and the admin can largely wait that the log happens..
> Why don't use the ULOG target? The ULOG target would copy you the packets
> (or even only the packet headers) to userspace, while the real packet does
> not get delayed.
> For getting information about the 'old' conntrack entries, I think using
> Jay Schulist's ctnetlink patch is the way to go.
> So you have one userspace process who get's netlink messages each time
> a conntrack entry dies, and you get all new packets. By saving all that
> 'died' conntrack entry and matching the packets you receive over ULOG
> against them, ...
> > > > But honestly, I can't really tell, since I'm not completely familiar
> > > > with most of the internal guts of the conntrack hash tables and stuff.
> > > This is also why I haven't tried to patch something in myself ..
> > I wouldn't patch it myself as well ;-)
> Well, as it is doable complete in userspace, I don't think that everybody
> can do that, no need to know anything about kernel hacking.
> > > > I wonder what Mr. Harald thinks....
> > > So do I :)
> > Harald... Any comments ?
> Sure. I was just busy travelling the last days. Now left the brazilian
> Winter and am in sunny Ottawa, Canada :)
> > Have a nice day,
> > Fabrice.
> Live long and prosper
> - Harald Welte / firstname.lastname@example.org http://www.gnumonks.org
> GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M-
> V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*)