Hi folks,
although this is an offtopic, I'd like to rise it here, since many folks here seem to be involved in netfilter stuff: What do you think about purely an filesystem/text based interface to netfilter ? This would remove the trouble of incompatibilities between kernel and userland, eg. if typesizes don't match (32bit vs. 64bit) or structures have been extended/changed. I had those problems while trying to get OpenVZ run on an given appliance distro. (not an OpenVZ problem, but with their own netfilter version). It took me really long time to track down the actual problem (first suspected an 32/64 bit issue, but later found out they've changed some netlink packet structures). If the whole interface would be just an synthetic filesystem (maybe directly within sysfs), everything would be *much* easier. And there would be no such (binary!) dependencies between kernel and userland. cu -- --------------------------------------------------------------------- Enrico Weigelt == metux IT service - http://www.metux.de/ --------------------------------------------------------------------- Please visit the OpenSource QM Taskforce: http://wiki.metux.de/public/OpenSource_QM_Taskforce Patches / Fixes for a lot dozens of packages in dozens of versions: http://patches.metux.de/ --------------------------------------------------------------------- _______________________________________________ Devel mailing list [email protected] https://openvz.org/mailman/listinfo/devel
