Re: [PATCH 2.6] Allow dynamic helper-port assignment

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Martijn Lievaart <m@rtij.nl>
To: Harald Welte <laforge@netfilter.org>
Cc: Netfilter Development Mailinglist <netfilter-devel@lists.netfilter.org>
Subject: Re: [PATCH 2.6] Allow dynamic helper-port assignment
Date: Mon, 14 Feb 2005 12:59:40 +0100	[thread overview]
Message-ID: <421092AC.30709@rtij.nl> (raw)
In-Reply-To: <20050213165638.GM20269@sunbeam.de.gnumonks.org>

Harald Welte wrote:

>Hi!
>
>The recent problem with h323 made me again consider the old idea of
>having runtime-configurable port assignments for helpers. 
>
>Ideally, we would actually have conntrack helpers be iptables targets,
>this way allowing totally dynamic assignemnt.  Maybe yet another
>pkttables todo.
>  
>

I've already been thinking about this before you mentioned it. Here's 
one way it could be done.

If a helper is loaded with the argument "noauto" (f.i.) it does not 
register the default ports, otherwise it does. This keeps backward 
compatibility, does what you want in general, but still gives a way out 
for those people who run ssh over port 21.

Additional ports can be registered with a target, f.i. "-p tcp -p 666 -s 
<someip> -j HELP --helper ftp". This would add a helper for this 
specific connection. Obviously, people that load modules with noauto 
need to help all connections themselves.

Pro:
+ Backward compatible
+ In general does the right thing while also allowing all flexibilty one 
could want.
Con:
- Looks like a lot of work to implement.
- Increases size of contrack structure? Can use that new contack 
extension thingy introduced lately if this crops up.

I already looked at the source to see if it was feasable, but decided it 
was a bit to much for me.

M4

next prev parent reply	other threads:[~2005-02-14 11:59 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-02-13 16:56 [PATCH 2.6] Allow dynamic helper-port assignment Harald Welte
2005-02-13 17:34 ` Max Kellermann
2005-02-13 22:38 ` Jozsef Kadlecsik
2005-02-14 11:21   ` Harald Welte
2005-02-14 11:59 ` Martijn Lievaart [this message]
2005-02-14 12:20   ` Martijn Lievaart

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=421092AC.30709@rtij.nl \
    --to=m@rtij.nl \
    --cc=laforge@netfilter.org \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.