[Wifidog] Version 1.0

Philippe April papril777 at yahoo.com
Sun Apr 25 19:51:17 EDT 2004 

>>   1. we can use the do_command() function from iptables.c
>>   Pros: we don't fork
>>   Cons: we need to link with libdl.so
>>         when we compile iptables.c, we need to specify where the dynamic
>>         iptables libraries (matches and targets) are (ugly).
>
> Not a problem, it's a very standard autoconf job.  However iptables-devel
> is
> rarely packages in distros, so it could be an obstacle to widespread
> adoption.

Yeah... well, I'm not sure I feel like including iptables sources with
WiFiDog, + I don't really like the feel of it (coding wise) anyway.

>>   2. we can fork() and call the iptables binary directly
>>   Pros: good flexibility
>>   Cons: fork()
>
> If you ignore the compile and packaging issues, does that actually make
> your
> life easier that coding wise?

I think this is the best we can go for... Basically a mix of direct
libiptc calls for querying, and the rest would be calls to the iptables
binary. This is simplifying things quite a bit yes.

>> I think we should go for #2. By doing so, there's no shell scripts, and
>> we're still pretty efficient.
>>
>> I'd like Benoit's advice on this:
>>
>> I replaced the way we look at counters by direct calls to libiptc, which
>> is much more efficient. Now, if we go with calls to iptables binary,
>> should we do everything that way (ie. redo the counters function to call
>> iptables to get the counters, but parse the results in C?) or should we
>> still link to (and depend on) libiptc?
>>
>> If we want to link to libiptc, I suggest we change WiFiDog's autoconf to
>> ask "where is your static libiptc.a and headers" and link with it. It'll
>> be possible on the WRT54G, and pretty much anywhere as long as you
>> installed the iptables-dev package or similar. Now, is that doable? That
>> way we wouldn't have to include iptables sources (ugly).
>
> Yes, it pretty easy do do (well, as easy as autoconf vodoo can be).

Nice! Well, I think we should go for that. I'll do more testing and code
some proof of concept so people can look at it, then we can use it.

Philippe


_______________________________________________
Wifidog mailing list
Wifidog at isf.waglo.com
http://isf.waglo.com/mailman/listinfo/wifidog_isf.waglo.com

More information about the Wifidog mailing list