Re: PPTP connection tracking and NAT helper

Re: PPTP connection tracking and NAT helper

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 713 bytes --]

On Mon, Apr 12, 2004 at 10:34:46AM -0300, Dario Oliveira wrote:
> Hi Harald Welte, 
> why your testing feature "PPTP connection tracking and NAT helper"
> doesn't appear in ./runme extra command when i try to install
> patch-o-matic-ng ???

because you apparently seem to be using an incompatible (e.g. 2.6.x)
kernel.

>  thanks.

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: PPTP connection tracking and NAT helper

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 1241 bytes --]

On Wed, May 04, 2005 at 03:57:18PM -0400, Lukasz Kosewski wrote:

> The problem I have is that in 2.6.11, there no longer exists a 'union 
> ip_conntrack_nat_help' in include/linux/netfilter_ipv4/ip_conntrack.h,
> to which the PPTP/NAT patches make changes.  While I can simply change
> the patches such that they ignore this, I am not certain whether or
> not this is intended, or whether I will be losing some functionality.

please read the netfilter-devel archive.  I get asked this question at
least ten times a week:

There is no pptp/gre conntrack and nat helper for 2.6.11+, since this
kernel version contains a redesigned infrastructure for such helpers.

At this time, I see very limited chance that this new infrastructure is
sufficient enough to actually implement the same functionality.  A
straight 1:1 port ist definitely not possible.

-- 
- Harald Welte <laforge@netfilter.org>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: PPTP connection tracking and NAT helper

[Phil Oester]

[-- Attachment #1: Type: text/plain, Size: 452 bytes --]

On Thu, May 05, 2005 at 09:52:58AM +0200, Harald Welte wrote:
> please read the netfilter-devel archive.  I get asked this question at
> least ten times a week:
> 
> There is no pptp/gre conntrack and nat helper for 2.6.11+, since this
> kernel version contains a redesigned infrastructure for such helpers.

How bout we make it harder for people to try?  Attached patch adds
a 'Requires' to pptp in pom, and fixes up broken Requires handling.

Phil



[-- Attachment #2: patch-pptprequires --]
[-- Type: text/plain, Size: 1393 bytes --]

diff -ru pom-orig/Netfilter_POM.pm pom-new/Netfilter_POM.pm
--- pom-orig/Netfilter_POM.pm	2005-04-01 02:09:00.000000000 -0500
+++ pom-new/Netfilter_POM.pm	2005-05-05 12:59:22.633618136 -0400
@@ -196,10 +196,10 @@
 		# if the requirement refers to the tested patchlet,
 		# project version must fulfil the requirement.
 		# Multiple requirements are ANDed.
-		return 0 if $pver eq $prog 
-			    && !$self->version_compare($proj, $op, $ver);
+		return 1 if $pver eq $prog 
+			    && $self->version_compare($proj, $op, $ver);
 	}
-	return 1;
+	return 0;
 }
 
 # are the requirements for a specific patchlet fulfilled?
diff -ru pom-orig/pptp-conntrack-nat/help pom-new/pptp-conntrack-nat/help
--- pom-orig/pptp-conntrack-nat/help	2003-11-17 03:09:34.000000000 -0500
+++ pom-new/pptp-conntrack-nat/help	2005-05-05 11:25:47.241525968 -0400
@@ -20,3 +20,4 @@
 - doesnt' support multiple calls within one session
 - you have to recompile your iptables userspace program since some 
   structure sizes change
+- does NOT work with kernels > 2.6.10
diff -ru pom-orig/pptp-conntrack-nat/info pom-new/pptp-conntrack-nat/info
--- pom-orig/pptp-conntrack-nat/info	2005-02-01 08:23:01.000000000 -0500
+++ pom-new/pptp-conntrack-nat/info	2005-05-05 12:57:47.510079112 -0400
@@ -3,3 +3,4 @@
 Status: Testing, especially the 2.6.x port
 Repository: extra
 Depends: !nat-reservations
+Requires: linux < 2.6.11

Re: PPTP connection tracking and NAT helper

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 973 bytes --]

On Thu, May 05, 2005 at 10:04:00AM -0700, Phil Oester wrote:
> On Thu, May 05, 2005 at 09:52:58AM +0200, Harald Welte wrote:
> > please read the netfilter-devel archive.  I get asked this question at
> > least ten times a week:
> > 
> > There is no pptp/gre conntrack and nat helper for 2.6.11+, since this
> > kernel version contains a redesigned infrastructure for such helpers.
> 
> How bout we make it harder for people to try?  Attached patch adds
> a 'Requires' to pptp in pom, and fixes up broken Requires handling.

oh, I wasn't aware of that.  I've committed your changes, thanks.
-- 
- Harald Welte <laforge@netfilter.org>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]