[Devel] OT: Text/filesystem intefaces to netfilter
Enrico Weigelt
weigelt at metux.de
Sat Feb 9 00:52:53 PST 2008
Hi folks,
although this is an offtopic, I'd like to rise it here, since
many folks here seem to be involved in netfilter stuff:
What do you think about purely an filesystem/text based interface
to netfilter ? This would remove the trouble of incompatibilities
between kernel and userland, eg. if typesizes don't match
(32bit vs. 64bit) or structures have been extended/changed.
I had those problems while trying to get OpenVZ run on an given
appliance distro. (not an OpenVZ problem, but with their own
netfilter version). It took me really long time to track down
the actual problem (first suspected an 32/64 bit issue, but
later found out they've changed some netlink packet structures).
If the whole interface would be just an synthetic filesystem
(maybe directly within sysfs), everything would be *much* easier.
And there would be no such (binary!) dependencies between kernel
and userland.
cu
--
---------------------------------------------------------------------
Enrico Weigelt == metux IT service - http://www.metux.de/
---------------------------------------------------------------------
Please visit the OpenSource QM Taskforce:
http://wiki.metux.de/public/OpenSource_QM_Taskforce
Patches / Fixes for a lot dozens of packages in dozens of versions:
http://patches.metux.de/
---------------------------------------------------------------------
More information about the Devel
mailing list