[Wifidog] Version 1.0

Philippe April papril777 at yahoo.com
Sun Apr 25 19:51:17 EDT 2004

>>   1. we can use the do_command() function from iptables.c
>>   Pros: we don't fork
>>   Cons: we need to link with libdl.so
>>         when we compile iptables.c, we need to specify where the dynamic
>>         iptables libraries (matches and targets) are (ugly).
> Not a problem, it's a very standard autoconf job.  However iptables-devel
> is
> rarely packages in distros, so it could be an obstacle to widespread
> adoption.

Yeah... well, I'm not sure I feel like including iptables sources with
WiFiDog, + I don't really like the feel of it (coding wise) anyway.

>>   2. we can fork() and call the iptables binary directly
>>   Pros: good flexibility
>>   Cons: fork()
> If you ignore the compile and packaging issues, does that actually make
> your
> life easier that coding wise?

I think this is the best we can go for... Basically a mix of direct
libiptc calls for querying, and the rest would be calls to the iptables
binary. This is simplifying things quite a bit yes.

>> I think we should go for #2. By doing so, there's no shell scripts, and
>> we're still pretty efficient.
>> I'd like Benoit's advice on this:
>> I replaced the way we look at counters by direct calls to libiptc, which
>> is much more efficient. Now, if we go with calls to iptables binary,
>> should we do everything that way (ie. redo the counters function to call
>> iptables to get the counters, but parse the results in C?) or should we
>> still link to (and depend on) libiptc?
>> If we want to link to libiptc, I suggest we change WiFiDog's autoconf to
>> ask "where is your static libiptc.a and headers" and link with it. It'll
>> be possible on the WRT54G, and pretty much anywhere as long as you
>> installed the iptables-dev package or similar. Now, is that doable? That
>> way we wouldn't have to include iptables sources (ugly).
> Yes, it pretty easy do do (well, as easy as autoconf vodoo can be).

Nice! Well, I think we should go for that. I'll do more testing and code
some proof of concept so people can look at it, then we can use it.


Wifidog mailing list
Wifidog at isf.waglo.com

More information about the Wifidog mailing list