From: Patrick McHardy <kaber@trash.net>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH 4/4] netfilter: ctnetlink: add support for user-space expectation helpers
Date: Tue, 28 Sep 2010 21:08:50 +0200 [thread overview]
Message-ID: <4CA23D42.1030202@trash.net> (raw)
In-Reply-To: <20100921093529.3279.30748.stgit@decadence>
Am 21.09.2010 11:35, schrieb Pablo Neira Ayuso:
> This patch adds the basic infrastructure to support user-space
> expectation helpers via ctnetlink and the netfilter queuing
> infrastructure NFQUEUE. Basically, this patch:
>
> * adds NF_CT_EXPECT_USERSPACE flag to identify user-space
> created expectations. I have also added a sanity check in
> __nf_ct_expect_check() to avoid that kernel-space helpers
> may create an expectation if the master conntrack has no
> helper assigned.
> * adds some branches to check if the master conntrack helper
> exists, otherwise we skip the code that refers to kernel-space
> helper such as the local expectation list and the expectation
> policy.
> * allows to set the timeout for user-space expectations with
> no helper assigned.
>
> This patch also modifies ctnetlink to skip including the helper
> name in the Netlink messages if no kernel-space helper is set
> (since no user-space expectation has not kernel-space kernel
> assigned).
>
> You can access an example user-space FTP conntrack helper at:
> http://people.netfilter.org/pablo/nf-ftp-helper-userspace-POC.tar.bz
Applied, thanks Pablo. I've also fixed up the URL to include
userspace-conntrack-helpers/ in the path :)
prev parent reply other threads:[~2010-09-28 19:08 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-21 9:34 [PATCH 0/4] We all need more expectations Pablo Neira Ayuso
2010-09-21 9:34 ` [PATCH 1/4] netfilter: nf_nat: better error handling of nf_ct_expect_related() in helpers Pablo Neira Ayuso
2010-09-21 15:07 ` Patrick McHardy
2010-09-22 6:35 ` Patrick McHardy
2010-09-21 9:34 ` [PATCH 2/4] netfilter: ctnetlink: missing validation of CTA_EXPECT_ZONE attribute Pablo Neira Ayuso
2010-09-22 6:36 ` Patrick McHardy
2010-09-21 9:35 ` [PATCH 3/4] netfilter: ctnetlink: allow to specify the expectation flags Pablo Neira Ayuso
2010-09-21 15:18 ` Patrick McHardy
2010-09-21 22:38 ` Pablo Neira Ayuso
2010-09-22 6:37 ` Patrick McHardy
2010-09-21 9:35 ` [PATCH 4/4] netfilter: ctnetlink: add support for user-space expectation helpers Pablo Neira Ayuso
2010-09-21 15:20 ` Patrick McHardy
2010-09-21 22:38 ` Pablo Neira Ayuso
2010-09-22 6:45 ` Patrick McHardy
2010-09-22 11:07 ` Pablo Neira Ayuso
2010-09-28 19:08 ` Patrick McHardy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CA23D42.1030202@trash.net \
--to=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).