Le 24/05/11 17:55, Eric Dumazet a Ãcrit :
Hi Pierre
1) Are you sure netfilter is the right place for this IVI feature ?
(fact that you had to copy/paste ~1300 lines of code from kernel
might show that this would be better to use a module hooked into
forwarding stack ?)
I used Xtables to produce my module, fact is that I was (and still am) a
kernel nooby, Xtables seemed to a be good way to produce this code.
I'm not sure to what you're refering about, are you suggesting I should
have developed the module directly into the kernel?
We all were kernel newbie at very beginning ;)
Sure, unfortunately there is no real book to teach new coders on what
they should do.
2) How this can integrate a {conntrack enabled} firewall ?
I can't ... It's a drawback of the module. The fact is that I only have
found a very little documentation about conntrack code, so I dropped the
idea of dealing with it.
But it shouldn't be difficult to update the conntrack for a kernel pro I
guess ;-)
This has to be discussed before even coding ;)
One packet going through this gateway has one IPv6 side and one ipv4
side. This can be a problem to firewalling (either its ipv4, either its
ipv6) and conntracking.
It is a problem that's sure.
But as stated before, I didn't any suitable conntrack doc :(
My main thesis goal is to provide a working module, conntrack support
would be a bonus, but for now, I cannot do it on my own because of a
lack of conntrack knowledge.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
