linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Richard Weinberger <richard@nod.at>
Cc: jengelh@medozas.de, eric.dumazet@gmail.com,
	linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
	netfilter-devel@vger.kernel.org, rostedt@goodmis.org
Subject: Re: [PATCH v6] Netfilter ring buffer support
Date: Mon, 12 Mar 2012 15:12:30 +0100	[thread overview]
Message-ID: <20120312141230.GA32616@1984> (raw)
In-Reply-To: <4F5DF9B1.6050703@nod.at>

On Mon, Mar 12, 2012 at 02:27:13PM +0100, Richard Weinberger wrote:
[...]
> >Looking at the code, those are included if bridging is enabled.
> >Otherwise, I'll be happy to take a patch for this.
> 
> Doesn't NFLOG just pass the packet header to userspace?

It also passes several interesting metainformation regarding the
packet to user-space as well. And it can be easily extended to add
more metainformation without breaking backward compatibility.

> How can you derive meta-information like "PHYSIN" and "PHYSOUT" from
> the packet header?

See nflog_get_physindev and nflog_get_physoutdev in libnetfilter_log.

> Iff NFLOG is able to produce same log string like LOG does I'm fine.

This is a patch yet incomplete for libnetfilter_log:

http://1984.lsi.us.es/git/rlogd/tree/libnflog.patch

It allows you to print in LOG output format. It still need to add
support for UDP, UDPlite, and so on, but that shouldn't be hard to
make.

I'd be happy if someone takes it over and finish it.

> >>3. rlogd needs NFLOG which copies every packet (header) to userspace.
> >>What about performance...?
> >
> >Reliability is also important, running things in user-space means that
> >bugs will no crash your system. Instead, they may crash your logging
> >daemon.
> >
> >What I find hard to justify is that this feature can be implemented in
> >user-space with the existing netfilter logging interface.
> 
> I understand that I have no chance to fight against the "this can be
> done in userspace"-argument. :-)

Regarding Netfilter in general, I'd specifically would like to
move towards making as many things in user-space as we can (while
evaluting performance impact, of course). We're getting a nice set of
netlink interfaces that are allowing us this. Thus, the idea is to
follow hybrid architecture: provide generic infrastructure in
kernel-space (by means of netlink), then develop specific features in
user-space.

In that direction, I expect to come up with a user-space cthelper
infrastructure soon so we can also implement helpers in user-space.

  reply	other threads:[~2012-03-12 14:12 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-03-05 23:19 [PATCH v6] Netfilter ring buffer support Richard Weinberger
2012-03-05 23:19 ` [PATCH 1/6] Netfilter: Merge ipt_LOG and ip6_LOG into xt_LOG Richard Weinberger
2012-03-05 23:19 ` [PATCH 2/6] netfilter: xt_LOG: fix bogus extra layer-4 logging information Richard Weinberger
2012-03-05 23:19 ` [PATCH 3/6] ring_buffer: Export for_each_buffer_cpu() Richard Weinberger
2012-03-05 23:19 ` [PATCH 4/6] xt_log: Make printk() in sb_close() optional Richard Weinberger
2012-03-05 23:19 ` [PATCH 5/6] Netfilter: xt_LOG: Implement ring buffer support Richard Weinberger
2012-03-06  2:47   ` Steven Rostedt
2012-03-05 23:19 ` [PATCH 6/6] Netfilter: xt_LOG: Add timestamp support Richard Weinberger
2012-03-07 15:29   ` Pablo Neira Ayuso
2012-03-07 15:33     ` Richard Weinberger
2012-03-07 15:40     ` Eric Dumazet
2012-03-08  1:28 ` [PATCH v6] Netfilter ring buffer support Pablo Neira Ayuso
2012-03-08  9:02   ` Richard Weinberger
2012-03-12 13:08     ` Pablo Neira Ayuso
2012-03-12 13:27       ` Richard Weinberger
2012-03-12 14:12         ` Pablo Neira Ayuso [this message]
2012-03-12 18:00           ` Richard Weinberger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120312141230.GA32616@1984 \
    --to=pablo@netfilter.org \
    --cc=eric.dumazet@gmail.com \
    --cc=jengelh@medozas.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=richard@nod.at \
    --cc=rostedt@goodmis.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).