Re: Netfilter Module for NAT IVI available

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Le 24/05/11 16:56, Eric Dumazet a Ãcrit :

Le jeudi 05 mai 2011 Ã 03:18 +0200, Pierre Rondou a Ãcrit :

Hello everybody,

I'm currently a student at the University of LiÃge. As part of my master
thesis, I have to develop a Linux kernel module for IVI (
http://datatracker.ietf.org/doc/rfc6219/ ).

I now consider my module as finished (i.e, all functionalities are
implemented) and publish it.

It is available on sourceforge:

http://sourceforge.net/projects/nativi/

Feel free to test it and report to me any bug, bad implementation,
error, ...

If you believe that this module can be included is the Linux Kernel or
in the Xtables-addons framework, I'll be glad and will help you in this
task.


I have tested my module inside the Xtables-addons framework (version
1.32) on a debian squeeze (6.0.1) linux with a 2.6.32-5  kernel (i686).

Because of the lack of "EXPORT_SYMBOL" in the kernel, I had to
copy-paste several functions from the kernel into the
nativi_kernel_code.c file in order to use some features already
available in the kernel (ip_finish_output, ip6_output, icmp_send).

Documentation is provided in the source code, if you have any question
don't hesitate to ask me.


Hi Pierre

1) Are you sure netfilter is the right place for this IVI feature ?
    (fact that you had to copy/paste ~1300 lines of code from kernel
might show that this would be better to use a module hooked into
forwarding stack ?)
I used Xtables to produce my module, fact is that I was (and still am) a kernel nooby, Xtables seemed to a be good way to produce this code. I'm not sure to what you're refering about, are you suggesting I should have developed the module directly into the kernel? 


2) How this can integrate a {conntrack enabled} firewall ?
I can't ... It's a drawback of the module. The fact is that I only have found a very little documentation about conntrack code, so I dropped the idea of dealing with it. But it shouldn't be difficult to update the conntrack for a kernel pro I guess ;-) 

Regards,

Pierre
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux