lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 25 Jan 2015 22:44:35 +0300 From: Oleg <lego12239@...dex.ru> To: netdev@...r.kernel.org Subject: Re: CONFIG_NF_CONNTRACK_PROCFS On Sun, Jan 25, 2015 at 12:22:09PM +0100, Florian Westphal wrote: > Oleg <lego12239@...dex.ru> wrote: > > net/netfilter/nf_conntrack procfs file is marked as obsolete in the recent > > kernels. What's wrong with it? Or it's simply a new fashion to replace > > simple file interface with anything else? > > proc has several drawbacks vs. ctnetlink: > - not extensible In the what way? Sorry, but i think that limitations isn't in proc, but in a human fantasy. > - doesn't have ability to query for particular items What about something like: exec 3<>nf_conntrack; echo show tcp dport 12345 >&3; cat <&3 HERE_WE_GET_NEEDED_ENTRIES exec 3<&- ? > - no add/delete support What about simple: echo add ENTRY > nf_conntrack echo delete ENTRY > nf_conntrack ? > - no event notification (e.g. conntrack -E) Florian, are you seriosly? What's wrong with simple: cat nf_conntrack_event ? Moreover, all things i have wrote save already existent scripts works. May be i don't understand anything? Please correct me if so. P.S. netlink is really cool thing, but i think we go in the wrong way. -- Nemanov Oleg -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists