* Logging NAT translations? @ 2004-07-28 21:07 Chris Green 2004-08-01 17:01 ` Harald Welte 0 siblings, 1 reply; 7+ messages in thread From: Chris Green @ 2004-07-28 21:07 UTC (permalink / raw) To: netfilter-devel Hey folks, Is there a way to log the translations that occur in the NAT table? I'd prefer an something along the lines of listening to a netlink socket but I'm having a hard time finding information on doing this. If this doesn't exist already, can anyone give me pointers on implementing it? The closest I've found is nfnetlink-ctnetlink. Anyone know what the status of this is? I know it doesn't work with 2.6 and I've been told it doesn't work with recent 2.4s either. Cheers, Chris -- Chris Green <cmg@dok.org> You now have 14 minutes to reach minimum safe distance. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Logging NAT translations? 2004-07-28 21:07 Logging NAT translations? Chris Green @ 2004-08-01 17:01 ` Harald Welte 2004-08-02 15:16 ` Chris Green 2004-08-02 16:11 ` Sven Schuster 0 siblings, 2 replies; 7+ messages in thread From: Harald Welte @ 2004-08-01 17:01 UTC (permalink / raw) To: Chris Green; +Cc: netfilter-devel [-- Attachment #1: Type: text/plain, Size: 898 bytes --] On Wed, Jul 28, 2004 at 05:07:41PM -0400, Chris Green wrote: > The closest I've found is nfnetlink-ctnetlink. Yes, this should provide you with all information you need. > Anyone know what the status of this is? I know it doesn't work with > 2.6 and I've been told it doesn't work with recent 2.4s either. then someone needs to do some porting/merging work... patches appreciated ;) This is still not in the mainline kernel, because the netlink message format is still not stable. > Cheers, > Chris -- - Harald Welte <laforge@netfilter.org> http://www.netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Logging NAT translations? 2004-08-01 17:01 ` Harald Welte @ 2004-08-02 15:16 ` Chris Green 2004-08-02 15:42 ` Chris Green 2004-08-02 16:11 ` Sven Schuster 1 sibling, 1 reply; 7+ messages in thread From: Chris Green @ 2004-08-02 15:16 UTC (permalink / raw) To: netfilter-devel [-- Attachment #1: Type: text/plain, Size: 831 bytes --] Harald Welte <laforge@netfilter.org> writes: > then someone needs to do some porting/merging work... patches > appreciated ;) Ok... I'm happy to work on it if I can get some pointers on where/how development should happen. I'm guessing HEAD iptables, HEAD patch-o-matic-ng, linux-2.6.7? The requirements hierarchy is a pain for me to figure out. Shouldn't be too bad to generate a graphviz digraph for it though. For POM-NG, should I be doing: ./runme pending ./runme nfnetlink-ctnetlink-0.13 or should I walk through the deps in nfnetlink-ctnetlink-0.13/info, apply/fix all of those patches recursively. For fixing a single patch, what should the .orig tree be? The tree with all dependencies applied? Any guidance on tree mangagement would be appreciated. Thanks, Chris -- Chris Green <cmg@dok.org> Chicken's thinkin' [-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Logging NAT translations? 2004-08-02 15:16 ` Chris Green @ 2004-08-02 15:42 ` Chris Green 0 siblings, 0 replies; 7+ messages in thread From: Chris Green @ 2004-08-02 15:42 UTC (permalink / raw) To: netfilter-devel [-- Attachment #1: Type: text/plain, Size: 415 bytes --] Chris Green <cmg@dok.org> writes: > > The requirements hierarchy is a pain for me to figure out. Shouldn't > be too bad to generate a graphviz digraph for it though. I'm a fool. Didn't realize that ! meant conflict not obscure dependency syntax. I would still appreciate patch management recommendations however :> -- Chris Green <cmg@dok.org> This is my signature. There are many like it but this one is mine. [-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Logging NAT translations? 2004-08-01 17:01 ` Harald Welte 2004-08-02 15:16 ` Chris Green @ 2004-08-02 16:11 ` Sven Schuster 2004-08-02 17:13 ` Harald Welte 1 sibling, 1 reply; 7+ messages in thread From: Sven Schuster @ 2004-08-02 16:11 UTC (permalink / raw) To: Harald Welte, Chris Green, netfilter-devel [-- Attachment #1: Type: text/plain, Size: 1527 bytes --] Hi Harald, hi Chris, On Sun, Aug 01, 2004 at 07:01:53PM +0200, Harald Welte told us: > On Wed, Jul 28, 2004 at 05:07:41PM -0400, Chris Green wrote: > > > The closest I've found is nfnetlink-ctnetlink. > > Yes, this should provide you with all information you need. > > > Anyone know what the status of this is? I know it doesn't work with > > 2.6 and I've been told it doesn't work with recent 2.4s either. > > then someone needs to do some porting/merging work... patches > appreciated ;) just jumping in here as I've done some basic porting work on nfnetlink-ctnetlink some time ago which wasn't a big pain to get it working on a 2.6.x kernel. But in the meantime there were some changes in the NAT/conntrack subsystem which I had to resolve to get the patch working and still have to, but, you know, no time left for this :-) I think those changes were around 2.6.3 kernel. I'll see if I still can find my old work and if I can do something to get it working on a recent 2.6.x kernel. But don't hold your breath, time is quite limited as always (like probably everybody here knows :-) Sven > > This is still not in the mainline kernel, because the netlink message > format is still not stable. > > > Cheers, > > Chris > > -- > - Harald Welte <laforge@netfilter.org> http://www.netfilter.org/ -- Linux zion 2.6.8-rc2 #1 Sun Jul 18 15:00:48 CEST 2004 i686 athlon i386 GNU/Linux 18:10:07 up 14 days, 19:38, 1 user, load average: 0.00, 0.03, 0.00 [-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Logging NAT translations? 2004-08-02 16:11 ` Sven Schuster @ 2004-08-02 17:13 ` Harald Welte [not found] ` <20040802180031.GA22839@zion.homelinux.com> 0 siblings, 1 reply; 7+ messages in thread From: Harald Welte @ 2004-08-02 17:13 UTC (permalink / raw) To: Sven Schuster; +Cc: Chris Green, netfilter-devel [-- Attachment #1: Type: text/plain, Size: 736 bytes --] > I'll see if I still can find my old work and if I can do something > to get it working on a recent 2.6.x kernel. But don't hold your > breath, time is quite limited as always (like probably everybody > here knows :-) even if it only works with 2.6.2/2.6.3, it might be worth sending your patch to the devel list, so somebody else can pick up. > Sven -- - Harald Welte <laforge@netfilter.org> http://www.netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
[parent not found: <20040802180031.GA22839@zion.homelinux.com>]
* Re: Logging NAT translations? [not found] ` <20040802180031.GA22839@zion.homelinux.com> @ 2004-08-03 15:10 ` Sven Schuster 0 siblings, 0 replies; 7+ messages in thread From: Sven Schuster @ 2004-08-03 15:10 UTC (permalink / raw) To: netfilter-devel [-- Attachment #1.1: Type: text/plain, Size: 1186 bytes --] [Resending this to netfilter-devel as this has been rejected because of the size of the attached patch. Patch is now gzipped.] Hi Harald, On Mon, Aug 02, 2004 at 07:13:01PM +0200, Harald Welte told us: > > I'll see if I still can find my old work and if I can do something > > to get it working on a recent 2.6.x kernel. But don't hold your > > breath, time is quite limited as always (like probably everybody > > here knows :-) > > even if it only works with 2.6.2/2.6.3, it might be worth sending your > patch to the devel list, so somebody else can pick up. > this was actually what I was intended to do. Attached you'll find a patch against current pom-ng which updates nfnetlink-ctnetlink to be able to apply it to 2.6. I did a short test with 2.6.3, it applied cleanly and should compile, too. I tested it using the ctnltest.c program which is now located in the libctnetlink module in CVS. Sven > -- > - Harald Welte <laforge@netfilter.org> http://www.netfilter.org/ -- Linux zion 2.6.8-rc2 #1 Sun Jul 18 15:00:48 CEST 2004 i686 athlon i386 GNU/Linux 19:56:19 up 14 days, 21:24, 2 users, load average: 0.38, 0.84, 0.49 [-- Attachment #1.2: nfnl-ctnl.patch.gz --] [-- Type: application/x-gzip, Size: 52465 bytes --] [-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2004-08-03 15:10 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-07-28 21:07 Logging NAT translations? Chris Green
2004-08-01 17:01 ` Harald Welte
2004-08-02 15:16 ` Chris Green
2004-08-02 15:42 ` Chris Green
2004-08-02 16:11 ` Sven Schuster
2004-08-02 17:13 ` Harald Welte
[not found] ` <20040802180031.GA22839@zion.homelinux.com>
2004-08-03 15:10 ` Sven Schuster
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.