Re: [RFC PATCH nf_conntrack_extend] new extensions without changes kernel source

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: "Vitaly E. Lavrov" <lve@guap.ru>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [RFC PATCH nf_conntrack_extend] new extensions without changes kernel source
Date: Tue, 29 Oct 2013 13:22:12 +0100	[thread overview]
Message-ID: <20131029122212.GA8019@localhost> (raw)
In-Reply-To: <525EEAB7.4090901@guap.ru>

Hi Vitaly,

On Wed, Oct 16, 2013 at 11:36:23PM +0400, Vitaly E. Lavrov wrote:
> How to add additional data to the conntrack? This is needed to
> the implementation of ndpi-netfilter.
> 
> Now it is possible to add data to a struct "nf_conn-> ext" through
> nf_conntrack_extend, but it requires a change in the kernel code.
> 
> I have developed a patch to register custom extensions in nf_conn->ext.
> In the kernel configuration, you can specify the maximum number of additional
> extensions (0..8). When registering a custom extension to specify an
> additional unique identifier extension (u32). In the extension properties
> seq_print added optional method to display data in "/proc/net/nf_conntrack".
> 
> What lacks is in this patch?

I'm reticent to get this extremely generic infrastructure into
mainstream, we need to know more on the ndpi needs and discuss some
generic infrastructure that most layer 7 implementation can benefit
from.

BTW, please try to avoid /proc interfaces, we try to run away from them
if possible, using ctnetlink would be better.

next prev parent reply	other threads:[~2013-10-29 12:22 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-10-16 19:36 [RFC PATCH nf_conntrack_extend] new extensions without changes kernel source Vitaly E. Lavrov
2013-10-29 12:22 ` Pablo Neira Ayuso [this message]
2013-10-31  9:22   ` Dirk
2013-11-02 14:30   ` Vitaly E. Lavrov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20131029122212.GA8019@localhost \
    --to=pablo@netfilter.org \
    --cc=lve@guap.ru \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).