* connbytes patch eliminated
@ 2006-05-03 18:22 Michael McCallister
2006-05-04 15:57 ` Andy Furniss
0 siblings, 1 reply; 3+ messages in thread
From: Michael McCallister @ 2006-05-03 18:22 UTC (permalink / raw)
To: netfilter; +Cc: devik, laforge
Hello,
First, a warning - I am a newbie to netfilter, so I may ask some stupid
questions here. I believe the connbytes patch offers exactly what I am
looking for - granted it is listed as experimental, but I am willing to
test it out since if offers the functionality I think I need - mainly
depriotizing bulk transfers. I am concerned because it appears it was
dropped from the main linux kernel, the last kernel I found with it was
linux-2.6.15.7. Also, it is not in pom-ng - at least I could not find
it in pom snapshots or cvs
(http://svn.netfilter.org/cgi-bin/viewcvs.cgi/trunk/patch-o-matic-ng/).
So I get the impression there may be plans to get rid of the connbytes
patch. The latest iptables still does checks for it though "[ -f
$KERNEL_DIR/net/ipv4/netfilter/ipt_connbytes.c ] && echo connbytes".
Was there a decision that it was not suitable anymore and it is being
eliminated in favor of another approach? If so, any advice as to the
new approach is greatly appreciated. Also, if it was dropped from the
kernel/pom because it was highly unstable and caused system crashes -
that would be great information too :-)
Thanks for any help - my apologies if I missed something obvious.
Michael
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: connbytes patch eliminated
2006-05-03 18:22 connbytes patch eliminated Michael McCallister
@ 2006-05-04 15:57 ` Andy Furniss
2006-05-04 16:46 ` Michael McCallister
0 siblings, 1 reply; 3+ messages in thread
From: Andy Furniss @ 2006-05-04 15:57 UTC (permalink / raw)
To: Michael McCallister; +Cc: devik, laforge, netfilter
Michael McCallister wrote:
> Hello,
>
> First, a warning - I am a newbie to netfilter, so I may ask some stupid
> questions here. I believe the connbytes patch offers exactly what I am
> looking for - granted it is listed as experimental, but I am willing to
> test it out since if offers the functionality I think I need - mainly
> depriotizing bulk transfers. I am concerned because it appears it was
> dropped from the main linux kernel, the last kernel I found with it was
> linux-2.6.15.7. Also, it is not in pom-ng - at least I could not find
> it in pom snapshots or cvs
> (http://svn.netfilter.org/cgi-bin/viewcvs.cgi/trunk/patch-o-matic-ng/).
> So I get the impression there may be plans to get rid of the connbytes
> patch. The latest iptables still does checks for it though "[ -f
> $KERNEL_DIR/net/ipv4/netfilter/ipt_connbytes.c ] && echo connbytes".
> Was there a decision that it was not suitable anymore and it is being
> eliminated in favor of another approach? If so, any advice as to the
> new approach is greatly appreciated. Also, if it was dropped from the
> kernel/pom because it was highly unstable and caused system crashes -
> that would be great information too :-)
>
> Thanks for any help - my apologies if I missed something obvious.
> Michael
>
Still there new name - the whole netfilter config has changed since I
last did one.
[andy@amd ~]$ grep -i connbytes /boot/config-2.6.16.11
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
Andy.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: connbytes patch eliminated
2006-05-04 15:57 ` Andy Furniss
@ 2006-05-04 16:46 ` Michael McCallister
0 siblings, 0 replies; 3+ messages in thread
From: Michael McCallister @ 2006-05-04 16:46 UTC (permalink / raw)
To: andy.furniss; +Cc: devik, laforge, netfilter
Andy Furniss wrote the following on 05/04/2006 08:57 AM:
> Michael McCallister wrote:
>
>> Hello,
>>
>> First, a warning - I am a newbie to netfilter, so I may ask some
>> stupid questions here. I believe the connbytes patch offers exactly
>> what I am looking for - granted it is listed as experimental, but I
>> am willing to test it out since if offers the functionality I think I
>> need - mainly depriotizing bulk transfers. I am concerned because it
>> appears it was dropped from the main linux kernel, the last kernel I
>> found with it was linux-2.6.15.7. Also, it is not in pom-ng - at
>> least I could not find it in pom snapshots or cvs
>> (http://svn.netfilter.org/cgi-bin/viewcvs.cgi/trunk/patch-o-matic-ng/).
>> So I get the impression there may be plans to get rid of the
>> connbytes patch. The latest iptables still does checks for it though
>> "[ -f $KERNEL_DIR/net/ipv4/netfilter/ipt_connbytes.c ] && echo
>> connbytes". Was there a decision that it was not suitable anymore
>> and it is being eliminated in favor of another approach? If so, any
>> advice as to the new approach is greatly appreciated. Also, if it
>> was dropped from the kernel/pom because it was highly unstable and
>> caused system crashes - that would be great information too :-)
>>
>> Thanks for any help - my apologies if I missed something obvious.
>> Michael
>>
>
> Still there new name - the whole netfilter config has changed since I
> last did one.
>
> [andy@amd ~]$ grep -i connbytes /boot/config-2.6.16.11
> CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
>
> Andy.
Thanks Andy,
I can see that my problem is I need iptables from CVS. I guess things
have moved around in the kernel recently:
http://svn.netfilter.org/cgi-bin/viewcvs.cgi/trunk/iptables/extensions/.connbytes-test?rev=6579&view=markup
I generally try avoid building custom kernels (I'm a "rpm -ivh
kernel-xxx.rpm" kind of guy) so I didn't know things changed that
often. Thanks again for the insight.
Michael
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-05-04 16:46 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-05-03 18:22 connbytes patch eliminated Michael McCallister
2006-05-04 15:57 ` Andy Furniss
2006-05-04 16:46 ` Michael McCallister
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.