Re: SNMP conntrack module a la netbios_ns

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Tim Waugh <twaugh@redhat.com>
Cc: Netfilter Development Mailinglist <netfilter-devel@vger.kernel.org>
Subject: Re: SNMP conntrack module a la netbios_ns
Date: Sat, 05 Dec 2009 12:17:32 +0100	[thread overview]
Message-ID: <4B1A414C.6020303@trash.net> (raw)
In-Reply-To: <1259945902.2510.35.camel@localhost.localdomain>

Tim Waugh wrote:
> On Fri, 2009-12-04 at 11:22 +0100, Patrick McHardy wrote:
>> There is one problem however, we already have the SNMP NAT helper,
>> which also registers for the SNMP port. Those would clash if you
>> add a second registration.
> 
> Does that mean that even a simple copy of nf_conntrack_netbios_ns.c with
> the port changed to 161 wouldn't work, or just that a more general
> solution would be hard to implement?
> 
> What's the solution to that?  Must there be a single conntrack module to
> handle both the SNMP broadcast queries and SNMP NAT?

Correct, its not valid to have two helpers registered for the
same tuple. The SNMP NAT helper is an exception among the helpers
in that it doesn't register any expectations, but only rewrites
packets. What you'd need to do is change it to not register a
helper itself, but have your new module pass packets to the NAT
module in case its loaded, just as the other conntrack helpers do.

But as I said, the better way is to add generic broadcast tracking.
It shouldn't be that much more work and I'm not sure I really want
to add more workarounds like the netbios_ns helper since we'll have
to deal with compatibility problems once we do add broadcast tracking.

     prev parent reply	other threads:[~2009-12-05 11:17 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-12-04  9:53 SNMP conntrack module a la netbios_ns Tim Waugh
2009-12-04 10:20 ` Patrick McHardy
2009-12-04 10:22   ` Patrick McHardy
2009-12-04 16:58     ` Tim Waugh
2009-12-05 11:17       ` Patrick McHardy [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4B1A414C.6020303@trash.net \
    --to=kaber@trash.net \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=twaugh@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.