On Sat, 2007-28-04 at 21:19 -0700, David Miller wrote:
> I think filtering in the kernel makes sense when the kernel
> is in a unique place to make the algorithmic complexity of the
> filtering minimal. The TCP socket dumping is a good example
> of that.
>
> For things like this I think it's rea
From: jamal <[EMAIL PROTECTED]>
Date: Fri, 27 Apr 2007 09:43:41 -0400
> [XFRM] Export SPD info
>
> With this patch you can use iproute2 in user space to efficiently
> see how many policies exist in different directions.
>
> Signed-off-by: Jamal Hadi Salim <[EMAIL PROTECTED]>
I've applied this.
From: jamal <[EMAIL PROTECTED]>
Date: Fri, 27 Apr 2007 10:29:28 -0400
> On Fri, 2007-27-04 at 15:55 +0200, Patrick McHardy wrote:
>
> >
> > It it really worth the extra code for dumping them conditionally?
> > The attributes are neither large nor will they be sent very often.
> >
>
> That thou
On Fri, 2007-27-04 at 15:55 +0200, Patrick McHardy wrote:
>
> It it really worth the extra code for dumping them conditionally?
> The attributes are neither large nor will they be sent very often.
>
That thought did cross my mind when i was coding this;-> I hate the way
netlink filters are done
jamal wrote:
> +static int build_spdinfo(struct sk_buff *skb, u32 pid, u32 seq, u32 flags)
> +{
> + struct xfrm_spdinfo si;
> + struct nlmsghdr *nlh;
> + u32 *f;
> +
> + nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSPDINFO, sizeof(u32), 0);
> + if (nlh == NULL) /* shouldnt really
Here's the SPD version against net-2.6.
cheers,
jamal
[XFRM] Export SPD info
With this patch you can use iproute2 in user space to efficiently
see how many policies exist in different directions.
Signed-off-by: Jamal Hadi Salim <[EMAIL PROTECTED]>
---
commit d3db0b0580d7aa519aabc898656bd5ef034
