[Wifidog] Version 1.0

Benoit Grégoire bock at step.polymtl.ca
Sun Apr 25 14:00:03 EDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 25 April 2004 12:45 pm, Philippe April wrote:
> BTW the cleanup_POST version is still running on my WRT54G.
>
> More updates (Benoit I'll need your advice).
>
> If we try to add rules to the firewall, we'll need to do a bunch of things
> for every match and target, like loading the dynamic modules by ourselves,
> etc. Basically, we'd be recoding iptables into wifidog, unless we want to
> do that, well... here are the other results:
>
> Results:
>
>   1. we can use the do_command() function from iptables.c
>   Pros: we don't fork
>   Cons: we need to link with libdl.so
>         when we compile iptables.c, we need to specify where the dynamic
>         iptables libraries (matches and targets) are (ugly).

Not a problem, it's a very standard autoconf job.  However iptables-devel is 
rarely packages in distros, so it could be an obstacle to widespread 
adoption.

>   2. we can fork() and call the iptables binary directly
>   Pros: good flexibility
>   Cons: fork()

If you ignore the compile and packaging issues, does that actually make your 
life easier that coding wise?

> I think we should go for #2. By doing so, there's no shell scripts, and
> we're still pretty efficient.
>
> I'd like Benoit's advice on this:
>
> I replaced the way we look at counters by direct calls to libiptc, which
> is much more efficient. Now, if we go with calls to iptables binary,
> should we do everything that way (ie. redo the counters function to call
> iptables to get the counters, but parse the results in C?) or should we
> still link to (and depend on) libiptc?
>
> If we want to link to libiptc, I suggest we change WiFiDog's autoconf to
> ask "where is your static libiptc.a and headers" and link with it. It'll
> be possible on the WRT54G, and pretty much anywhere as long as you
> installed the iptables-dev package or similar. Now, is that doable? That
> way we wouldn't have to include iptables sources (ugly).

Yes, it pretty easy do do (well, as easy as autoconf vodoo can be).

- -- 
Benoit Grégoire, http://step.polymtl.ca/~bock/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAi/yjmZ6zzPlLuwMRAjEFAJ9x/Ffy7kVmoaVHIQMjus1HAorPEgCg2reW
eSyLqg7rK84mK4L3cPqldHU=
=0gUK
-----END PGP SIGNATURE-----

_______________________________________________
Wifidog mailing list
Wifidog at isf.waglo.com
http://isf.waglo.com/mailman/listinfo/wifidog_isf.waglo.com



More information about the Wifidog mailing list