From: Pierre Rondou <prondou@gmail.com>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: "Maciej Żenczykowski" <zenczykowski@gmail.com>,
netfilter-devel@vger.kernel.org, guy.leduc@ulg.ac.be,
evyncke@cisco.com, "Cyril Soldani" <cyril.soldani@ulg.ac.be>
Subject: Re: Netfilter Module for NAT IVI available
Date: Wed, 25 May 2011 15:34:36 +0200 [thread overview]
Message-ID: <4DDD056C.1030208@gmail.com> (raw)
In-Reply-To: <1306329404.2820.18.camel@edumazet-laptop>
Le 25/05/11 15:16, Eric Dumazet a écrit :
> Le mercredi 25 mai 2011 à 15:09 +0200, Maciej Żenczykowski a écrit :
>
>> Not that I've really been following the thread.
>> But I think that this sort of functionality should most likely be
>> developed as a virtual (tun/tap/veth/sit) style tunnel-like device.
>>
>> You would use ipv4/ipv6 routing in the normal kernel to direct traffic
>> out this virtual interface, and immediately ipv6/ipv4 traffic would
>> come back out of it.
>>
>> This should allow all the rest of the kernel (including connection
>> tracking) to function normally - although of course every connection
>> would be registered in an unrelated way twice (once as v4, once as
>> v6).
>>
>> I think this has nice 'black box' semantics.
>>
> CERNET doc refers to : http://linux.ivi2.org/
>
> With an implementation for linux-2.6.18 : http://linux.ivi2.org/impl/
>
> This seems enough to me, and not intrusive.
>
> Pierre, you really should discuss why a netfilter module is needed at
> all. Maybe you have a pdf or some slides somewhere (no code, but formal
> discussion) ?
>
>
Well, as stated before, it is a master thesis work, so at the time I
started this work, I didn't knew anything about the kernel organization
(even though it's been years I use linux everyday).
At first I have browsed a bit in the netfilters' files, but it was
nearly impossible to understand what file was related to what, I had no
clue on where to install my transition code.
Then a co-worker came with Jan's ebook (Writting Netfilter Modules) and
Professors watching my thesis (Guy Leduc and Eric Vyncke, in copy)
agreed that is was a good way to implement my translation code.
Now, may be Maciej's way or CERNET's way to get it into the kernel is
better, but as it's a thesis, it has to be my own work and moreover, I
have to understand what I'm doing, which is the case with Jan's
excellent ebook.
The main drawback with "in-kernel" module is that there is almost no
documentation, so I had no idea on how and where put my transition
module or simply what to do (structures, ...).
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2011-05-25 13:34 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-05 1:18 Netfilter Module for NAT IVI available Pierre Rondou
2011-05-24 14:56 ` Eric Dumazet
2011-05-24 15:46 ` Pierre Rondou
2011-05-24 15:55 ` Eric Dumazet
2011-05-25 12:59 ` Pierre Rondou
2011-05-25 13:09 ` Maciej Żenczykowski
2011-05-25 13:16 ` Eric Dumazet
2011-05-25 13:34 ` Pierre Rondou [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DDD056C.1030208@gmail.com \
--to=prondou@gmail.com \
--cc=cyril.soldani@ulg.ac.be \
--cc=eric.dumazet@gmail.com \
--cc=evyncke@cisco.com \
--cc=guy.leduc@ulg.ac.be \
--cc=netfilter-devel@vger.kernel.org \
--cc=zenczykowski@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.