All of lore.kernel.org
 help / color / mirror / Atom feed
* manual connection adding to ip_conntrack hash table
@ 2004-01-16 14:33 Konrad D.
  2004-01-16 16:53 ` Henrik Nordstrom
  0 siblings, 1 reply; 3+ messages in thread
From: Konrad D. @ 2004-01-16 14:33 UTC (permalink / raw)
  To: netfilter-devel

Hi!
I'm in the course of writing my thesis about connection tracking in netfilter,
it's sad but I need help. So I'm asking for help you, the netfilter developers.
Topic of my thesis is High Availability Firewall.
We have two PC computers connected together. One computer act as
firewall. The second one is "just in case" the first one broke down.
If that happend the second one must take place of the first one and
get informaction about all connections that was established.

AFAIK I need to get connections from /proc/net/ip_conntrack on 1st computer
and then put them in the same place on 2nd one. My question i how I
can do that? Can I add new connection to ip_conntrack hash table by calling
some function(s)? I'm not well programer so please dont be mad on me ;).
I was googling and searching linux source code for some clue, and I'm
pretty sure that I need to modify ip_conntrack hash table but I don't
know how. So please help.

Best regadrs

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: manual connection adding to ip_conntrack hash table
  2004-01-16 14:33 manual connection adding to ip_conntrack hash table Konrad D.
@ 2004-01-16 16:53 ` Henrik Nordstrom
  2004-01-16 17:03   ` KOVACS Krisztian
  0 siblings, 1 reply; 3+ messages in thread
From: Henrik Nordstrom @ 2004-01-16 16:53 UTC (permalink / raw)
  To: Konrad D.; +Cc: netfilter-devel

On Fri, 16 Jan 2004, Konrad D. wrote:

> I'm in the course of writing my thesis about connection tracking in netfilter,
> it's sad but I need help. So I'm asking for help you, the netfilter developers.
> Topic of my thesis is High Availability Firewall.

There has been several projects aiming to add connection tracking
synchronisation/failover to netfiler, but so far it is not completed.

The most current and active is netfilter-ha which can be browsed at
http://cvs.netfilter.org/netfilter-ha/ with mailinglist at 
http://lists.netfilter.org/mailman/listinfo/netfilter-failover

Regards
Henrik

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: manual connection adding to ip_conntrack hash table
  2004-01-16 16:53 ` Henrik Nordstrom
@ 2004-01-16 17:03   ` KOVACS Krisztian
  0 siblings, 0 replies; 3+ messages in thread
From: KOVACS Krisztian @ 2004-01-16 17:03 UTC (permalink / raw)
  To: Henrik Nordstrom; +Cc: Konrad D., netfilter-devel


  Hi,

On Fri, 2004-01-16 at 17:53, Henrik Nordstrom wrote:
> > I'm in the course of writing my thesis about connection tracking in netfilter,
> > it's sad but I need help. So I'm asking for help you, the netfilter developers.
> > Topic of my thesis is High Availability Firewall.
> 
> There has been several projects aiming to add connection tracking
> synchronisation/failover to netfiler, but so far it is not completed.
> 
> The most current and active is netfilter-ha which can be browsed at
> http://cvs.netfilter.org/netfilter-ha/ with mailinglist at 
> http://lists.netfilter.org/mailman/listinfo/netfilter-failover

  I can recommend reading Harald's paper on Netfilter failover, which
can be found in the proceedings of OLS 2002
(http://www.linux.org.uk/~ajh/ols2002_proceedings.pdf.gz). I also have a
thesis in Hungarian, largely based on Haralds paper, but I don't think
that it would be of much help for you. Browsing the archives of the
netfilter-failover list can also provide you with the basic ideas behind
the latest approach, which has some not completed code in the CVS.

  And of course, feel free to ask, either here or on netfilter-failover.

-- 
 Regards,
   Krisztian KOVACS

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2004-01-16 17:03 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-01-16 14:33 manual connection adding to ip_conntrack hash table Konrad D.
2004-01-16 16:53 ` Henrik Nordstrom
2004-01-16 17:03   ` KOVACS Krisztian

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.