* how to use regex inside new netfilter extension modules?
@ 2010-03-03 18:41 Balaji Venkatamohan
2010-03-03 18:56 ` Jan Engelhardt
0 siblings, 1 reply; 3+ messages in thread
From: Balaji Venkatamohan @ 2010-03-03 18:41 UTC (permalink / raw)
To: netfilter-devel
Hello,
I need to use regular expressions inside the point of decision match
function. I could not use 'regex.h ' or any other standard C library
inside any of xt_*.c or xt_c*.h files. I could also see that none of the
netfilter match extensions have them. I would also like to know why is it
so?
Is there already any regular expression definitions defined in any of
linux modules?
Thanks,
Balaji
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: how to use regex inside new netfilter extension modules?
2010-03-03 18:41 how to use regex inside new netfilter extension modules? Balaji Venkatamohan
@ 2010-03-03 18:56 ` Jan Engelhardt
2010-03-04 1:33 ` Changli Gao
0 siblings, 1 reply; 3+ messages in thread
From: Jan Engelhardt @ 2010-03-03 18:56 UTC (permalink / raw)
To: Balaji Venkatamohan; +Cc: netfilter-devel
On Wednesday 2010-03-03 19:41, Balaji Venkatamohan wrote:
>
>I need to use regular expressions inside the point of decision match
>function. I could not use 'regex.h ' or any other standard C library
>inside any of xt_*.c or xt_c*.h files. I could also see that none of the
>netfilter match extensions have them. I would also like to know why is it
>so?
Regular expressions are not the cheapest, both time and memory-wise:
you have to keep in mind NF runs in irq context. Furthermore, since
you only see single packets rather than the connection stream, regexes
prove to be far less useful.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: how to use regex inside new netfilter extension modules?
2010-03-03 18:56 ` Jan Engelhardt
@ 2010-03-04 1:33 ` Changli Gao
0 siblings, 0 replies; 3+ messages in thread
From: Changli Gao @ 2010-03-04 1:33 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Balaji Venkatamohan, netfilter-devel
On Thu, Mar 4, 2010 at 2:56 AM, Jan Engelhardt <jengelh@medozas.de> wrote:
> On Wednesday 2010-03-03 19:41, Balaji Venkatamohan wrote:
>>
>>I need to use regular expressions inside the point of decision match
>>function. I could not use 'regex.h ' or any other standard C library
>>inside any of xt_*.c or xt_c*.h files. I could also see that none of the
>>netfilter match extensions have them. I would also like to know why is it
>>so?
Please refer to the source code of l7filter. http://l7-filter.sourceforge.net/
>
> Regular expressions are not the cheapest, both time and memory-wise:
> you have to keep in mind NF runs in irq context. Furthermore, since
> you only see single packets rather than the connection stream, regexes
> prove to be far less useful.
REs are useful and cheapest in some conditions.
--
Regards,
Changli Gao(xiaosuo@gmail.com)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-03-04 1:33 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-03-03 18:41 how to use regex inside new netfilter extension modules? Balaji Venkatamohan
2010-03-03 18:56 ` Jan Engelhardt
2010-03-04 1:33 ` Changli Gao
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.