Re: Will netfilter patches be submitted to kernel base?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jun 23, 2003 at 02:48:44PM -0500, Gary Cote wrote:
> 
> Can anyone brief me on whether there's any sort of master
> plan to submit the netfilter patches into the kernel base?

sure, we are constantly submitting patches to the 2.4.x and 2.5.x
kernels.

> And further, whether there's any thought to back porting 
> them to 2.4.x? If effort is the limiting factor, then my
> company may be sufficiently motivated to cough up some
> free time.

Which ones are you talking about?  2.5.x work is mostly eliminating
skb_linearize() from all parts of netfilter/iptables.  Apart from that,
almost all our patches are for 2.4.x

> I'm specifically interested in the pptp-conntrack-nat patch.
> I noticed that the patch modifies ip_conntrack_core.c and
> ip_nat_core.c. Aside from what appear to be debug statements,
> it looks like a net change of *two* lines of code. The rest of
> the patch consists of new files.

yes.  Th reason for not submitting it is not one of it being instable or
affecting too many other subsystems.  The main reasons are:

- still doesn't support multiple calls in one session
- some people seem to have DNAT problems
- it expands the ip_conntrack_tuple by at least 4 to 8 bytes, which
  is quite some penalty, considering there are two  tuples in every 
  connection tracking entry

> Would it be possible to get only those small changes into the 
> kernel base? Then, we'd be able to build the GRE/PPTP helpers 
> as loadable modules and not have to patch the kernel.

You cannot just put those two lines into the kernel, since they require
the respective header files.  And they increade the tuple size, see
above.

> We're something of a value-added reseller. We bundle our system
> software within a linux workstation. We've so far managed to run 
> our product on off-the-shelf distros and would prefer not to get
> into the business of building, shipping, and maintaining custom
> kernels.

I can understand that position, but you have to understand that we have 
different motivations for putting code into the linux kernel.

-- 
- Harald Welte <laforge@xxxxxxxxxxxxx>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

Attachment: pgp00485.pgp
Description: PGP signature


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux