BORBELY Zoltan wrote:
Hi,
On Mon, Jun 16, 2008 at 10:52:28PM +0200, Patrick McHardy wrote:
I'm wondering, how is this expectation creation working at all?
The NULL expectfn makes me think it will crash as soon as the
expectation arrives. This *needs* support from the helpers to
properly set the expectfn.
The nf_nat_follow_master did the trick for me if I set the expectation
entry from user space. With NULL expectfn it didn't work.
Yes, so the kernel is broken.
And more specific to this problem: back when Harald was working
on userspace helpers, the idea was to add a dummy helper specifically
so we have one to assign to the connection. The helper would (IIRC)
just queue the expected packets and userspace could take it from
there. Of course queuing could be made optional and (f.i.) it could
just use nf_nat_follow_master.
I'd like to create a cross-platform user space ftp proxy, not a nf
conntrack+nat helper module, so my goals are a bit different. The
netfilter code contains everything I need, and the netlink interface
is quite good to instruct the kernel code to do as the proxy wants.
I understand that, the expectation part looks like a subset of what
a helper module does though, with the only differences that a helper
might want to queue the packet. And since expectfn setup also doesn't
belong in nf_conntrack_netlink.c (especially not NAT related expectfns),
this is how I think it should be done.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
