| |||||||||||||
Implementing network channelsImplementing network channelsPosted May 4, 2006 22:19 UTC (Thu) by smoogen (subscriber, #97)In reply to: Implementing network channels by kfiles Parent article: Implementing network channels
The case where I could see the need for high throughput and high integrity or modification would be in a router. In some cases you want the netfilter stack to be very low level. I could see netfilter in this 'world' to be split into a layered approach. A very high level port open/port closed ACL level, a lower related/established, and a very low level 'what the f is this doing in my packet level.'
(Log in to post comments)
routers / firewalls Posted May 9, 2006 2:48 UTC (Tue) by xoddam (subscriber, #2322) [Link] Packets don't go to userspace at all if they're going *through* a router.But we still need this functionality for firewalls on the host. Some firewall applications need to track connections, scan packets within a connection, and even have the option of dropping connections altogether (eg. intrusion protection). Netfilter will need some rearrangement to achieve this if channels go direct to userspace.
|
|||||||||||||