Re: [RFC] [PATCH 0/4] netfilter: "fail-open" feature support for NFQUEUE

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Krishna Kumar2 <krkumar2@xxxxxxxxxx> wrote:
> Florian Westphal <fw@xxxxxxxxx> wrote on 05/07/2012 01:40:29 PM:
> > I think that exposing this feature as userspace-changeable via netlink
> > (eg. by adding "NFQA_CFG_FAILOPEN" attribute) rather than via ruleset
> > would make most sense, as only the application can know wheter it
> > can cope with missing packets.
> 
> Thanks for your review. With this change, is there any reason to
> modify xt_NFQ_info_v2's bypass field, since app can specify this
> option directly? I tested without this for now and it works.

I don't think so. If the netlink attribute works for you we should
leave xt_NFQUEUE as-is.

Regards,
Florian
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

Powered by Linux