Benefits of Netfilter userspace extensions
simon.peter at gmx.de
Mon Feb 5 18:03:24 CET 2007
in general, is it beneficial to implement netfilter extensions
(especially packet mangling ones, using libnetfilter-queue) into
userland versus kernel?
Pros I can think of are:
- Ease of implemention, easier debugging, etc.
- More robust against bugs (only userspace program fails)
Of course there are cons, too:
- Not as secure (userspace program might be easy to kill)
Did I miss anything?
Would you guys recommend to implement my packet mangling extension into
userspace, especially if I need to pull in a lot of information from
More information about the netfilter-devel