[Wifidog] Version 1.0
bock at step.polymtl.ca
Sun Apr 25 14:00:03 EDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
On Sunday 25 April 2004 12:45 pm, Philippe April wrote:
> BTW the cleanup_POST version is still running on my WRT54G.
> More updates (Benoit I'll need your advice).
> If we try to add rules to the firewall, we'll need to do a bunch of things
> for every match and target, like loading the dynamic modules by ourselves,
> etc. Basically, we'd be recoding iptables into wifidog, unless we want to
> do that, well... here are the other results:
> 1. we can use the do_command() function from iptables.c
> Pros: we don't fork
> Cons: we need to link with libdl.so
> when we compile iptables.c, we need to specify where the dynamic
> iptables libraries (matches and targets) are (ugly).
Not a problem, it's a very standard autoconf job. However iptables-devel is
rarely packages in distros, so it could be an obstacle to widespread
> 2. we can fork() and call the iptables binary directly
> Pros: good flexibility
> Cons: fork()
If you ignore the compile and packaging issues, does that actually make your
life easier that coding wise?
> I think we should go for #2. By doing so, there's no shell scripts, and
> we're still pretty efficient.
> I'd like Benoit's advice on this:
> I replaced the way we look at counters by direct calls to libiptc, which
> is much more efficient. Now, if we go with calls to iptables binary,
> should we do everything that way (ie. redo the counters function to call
> iptables to get the counters, but parse the results in C?) or should we
> still link to (and depend on) libiptc?
> If we want to link to libiptc, I suggest we change WiFiDog's autoconf to
> ask "where is your static libiptc.a and headers" and link with it. It'll
> be possible on the WRT54G, and pretty much anywhere as long as you
> installed the iptables-dev package or similar. Now, is that doable? That
> way we wouldn't have to include iptables sources (ugly).
Yes, it pretty easy do do (well, as easy as autoconf vodoo can be).
Benoit Grégoire, http://step.polymtl.ca/~bock/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
-----END PGP SIGNATURE-----
Wifidog mailing list
Wifidog at isf.waglo.com
More information about the Wifidog