Hey folks,
A while back Herald Welte emailed me (and CC'd the list) and suggested I port my application (iptstate) to use the new ctnetlink/nfnetlink framework (as opposed to reading data out of /proc).
I haven't had much time since then, but I decided to sit down and look at this, and I'm a bit confused by what I found. I found libnfnetlink here:
http://ftp.iasi.roedu.net/netfilter/libnfnetlink/snapshot/
and libctnetlink here:
http://ftp.iasi.roedu.net/netfilter/libctnetlink/snapshot/
And since cfnetlink requires nfnetlink, I went to compile that first. And ran into some problems. So I started browsing the archives, and it seems people refer to an old "ctnetlink/nfnetlink" and a new one... and the new one is part of "iptables2" ? I haven't followed netfilter/iptables developement very carefully, so I don't know what iptables2 is, but seems to be the latest suite of "frontend" applications to netfilter.
At the very least, libnfnetlink requires nfnetlink.h, which I would have thought was part of libnfnetlink, but it appears it's not. I found a mention of a "release" of iptables2 here:
http://lists.netfilter.org/pipermail/netfilter/2001-November/016646.html
but the download requires a password which I don't have. Additionally the post talkes about a whole lot of kernel incompatibilities between old versions and new versions and it doesn't appear the latest versions have made it into the main kernel tree yet. Is this correct? If so, this doesn't actually sound like something ready for primetime yet...
Perhaps someone can relate ctnetlink/nfnetlink (old and new) to libcfnetlink/libnfnetlink and iptables2, and the current kernels for me?
Thanks... -- Phil Dibowitz phil@xxxxxxxx Freeware and Technical Pages Insanity Palace of Metallica http://www.phildev.net/ http://www.ipom.com/
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, 1759
Attachment:
signature.asc
Description: OpenPGP digital signature
