All of lore.kernel.org
 help / color / mirror / Atom feed
From: Pierre Rondou <prondou@gmail.com>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: behave@ietf.org, v6ops@ietf.org, netfilter-devel@vger.kernel.org,
	guy.leduc@ulg.ac.be, evyncke@cisco.com,
	Cyril Soldani <cyril.soldani@ulg.ac.be>
Subject: Re: Netfilter Module for NAT IVI available
Date: Tue, 24 May 2011 17:46:57 +0200	[thread overview]
Message-ID: <4DDBD2F1.3020704@gmail.com> (raw)
In-Reply-To: <1306248975.3026.47.camel@edumazet-laptop>

Le 24/05/11 16:56, Eric Dumazet a écrit :
> Le jeudi 05 mai 2011 à 03:18 +0200, Pierre Rondou a écrit :
>    
>> Hello everybody,
>>
>> I'm currently a student at the University of Liège. As part of my master
>> thesis, I have to develop a Linux kernel module for IVI (
>> http://datatracker.ietf.org/doc/rfc6219/ ).
>>
>> I now consider my module as finished (i.e, all functionalities are
>> implemented) and publish it.
>>
>> It is available on sourceforge:
>>
>> http://sourceforge.net/projects/nativi/
>>
>> Feel free to test it and report to me any bug, bad implementation,
>> error, ...
>>
>> If you believe that this module can be included is the Linux Kernel or
>> in the Xtables-addons framework, I'll be glad and will help you in this
>> task.
>>
>>
>> I have tested my module inside the Xtables-addons framework (version
>> 1.32) on a debian squeeze (6.0.1) linux with a 2.6.32-5  kernel (i686).
>>
>> Because of the lack of "EXPORT_SYMBOL" in the kernel, I had to
>> copy-paste several functions from the kernel into the
>> nativi_kernel_code.c file in order to use some features already
>> available in the kernel (ip_finish_output, ip6_output, icmp_send).
>>
>> Documentation is provided in the source code, if you have any question
>> don't hesitate to ask me.
>>
>>      
> Hi Pierre
>
> 1) Are you sure netfilter is the right place for this IVI feature ?
>     (fact that you had to copy/paste ~1300 lines of code from kernel
> might show that this would be better to use a module hooked into
> forwarding stack ?)
>    
I used Xtables to produce my module, fact is that I was (and still am) a 
kernel nooby, Xtables seemed to a be good way to produce this code.
I'm not sure to what you're refering about, are you suggesting I should 
have developed the module directly into the kernel?

> 2) How this can integrate a {conntrack enabled} firewall ?
>
>    

I can't ... It's a drawback of the module. The fact is that I only have 
found a very little documentation about conntrack code, so I dropped the 
idea of dealing with it.
But it shouldn't be difficult to update the conntrack for a kernel pro I 
guess ;-)

Regards,

Pierre
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

  reply	other threads:[~2011-05-24 15:47 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-05-05  1:18 Netfilter Module for NAT IVI available Pierre Rondou
2011-05-24 14:56 ` Eric Dumazet
2011-05-24 15:46   ` Pierre Rondou [this message]
2011-05-24 15:55     ` Eric Dumazet
2011-05-25 12:59       ` Pierre Rondou
2011-05-25 13:09         ` Maciej Żenczykowski
2011-05-25 13:16           ` Eric Dumazet
2011-05-25 13:34             ` Pierre Rondou

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4DDBD2F1.3020704@gmail.com \
    --to=prondou@gmail.com \
    --cc=behave@ietf.org \
    --cc=cyril.soldani@ulg.ac.be \
    --cc=eric.dumazet@gmail.com \
    --cc=evyncke@cisco.com \
    --cc=guy.leduc@ulg.ac.be \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=v6ops@ietf.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.