Mon Aug 16 16:04:20 CEST 2004
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=us-ascii; format=flowed
I'm currently planning to write a new target to detect when ever a
network interface has been idle for a configurable amount of time.
First some background:
Usually this sort of thing can be accomplished by ppp modules
PPPIOCGIDLE ioctl. However I need this sort of "IDLE detection" for
interfaces other than ppp too. And usage of PPIOCGIDLE needs polling
which I consider bad.
I came up with a couple of choices:
1. Use PF_PACKET and filter all packets that will be considered to reset
the IDLE timer
2. Use iptables and QUEUE all packets as above
3. Poll match count of some iptable rule
4. Write a custom iptables target to send notification when interface
goes to idle
Options 1 and 2 involve great amounts of kernel to userland traffic. And
option 3 would require polling with relatively small interval to be
So looks like the option four is ideal for my situation. I'd propably
use netlink to send the events when interface seems to be idle. Other
possibility is to use d-bus if it gets included in vanilla kernel (see
Basically when ever a packet matches the IDLEDETECT target it would
reset the interfaces idle timer. When the timer would expire a netlink
message would be sent.
Now I'm asking if this is a good idea? And has anyone tried to do such a
If this approach seems to be okay I'd be willing to implement it
(assuming no one has done this yet). In this case would this be useful
enough to be included in the patch-o-matic (and possibly even mainstream
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the netfilter-devel