From: Pierre Rondou <prondou@gmail.com>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: behave@ietf.org, v6ops@ietf.org, netfilter-devel@vger.kernel.org,
guy.leduc@ulg.ac.be, evyncke@cisco.com,
Cyril Soldani <cyril.soldani@ulg.ac.be>
Subject: Re: Netfilter Module for NAT IVI available
Date: Tue, 24 May 2011 17:46:57 +0200 [thread overview]
Message-ID: <4DDBD2F1.3020704@gmail.com> (raw)
In-Reply-To: <1306248975.3026.47.camel@edumazet-laptop>
Le 24/05/11 16:56, Eric Dumazet a écrit :
> Le jeudi 05 mai 2011 à 03:18 +0200, Pierre Rondou a écrit :
>
>> Hello everybody,
>>
>> I'm currently a student at the University of Liège. As part of my master
>> thesis, I have to develop a Linux kernel module for IVI (
>> http://datatracker.ietf.org/doc/rfc6219/ ).
>>
>> I now consider my module as finished (i.e, all functionalities are
>> implemented) and publish it.
>>
>> It is available on sourceforge:
>>
>> http://sourceforge.net/projects/nativi/
>>
>> Feel free to test it and report to me any bug, bad implementation,
>> error, ...
>>
>> If you believe that this module can be included is the Linux Kernel or
>> in the Xtables-addons framework, I'll be glad and will help you in this
>> task.
>>
>>
>> I have tested my module inside the Xtables-addons framework (version
>> 1.32) on a debian squeeze (6.0.1) linux with a 2.6.32-5 kernel (i686).
>>
>> Because of the lack of "EXPORT_SYMBOL" in the kernel, I had to
>> copy-paste several functions from the kernel into the
>> nativi_kernel_code.c file in order to use some features already
>> available in the kernel (ip_finish_output, ip6_output, icmp_send).
>>
>> Documentation is provided in the source code, if you have any question
>> don't hesitate to ask me.
>>
>>
> Hi Pierre
>
> 1) Are you sure netfilter is the right place for this IVI feature ?
> (fact that you had to copy/paste ~1300 lines of code from kernel
> might show that this would be better to use a module hooked into
> forwarding stack ?)
>
I used Xtables to produce my module, fact is that I was (and still am) a
kernel nooby, Xtables seemed to a be good way to produce this code.
I'm not sure to what you're refering about, are you suggesting I should
have developed the module directly into the kernel?
> 2) How this can integrate a {conntrack enabled} firewall ?
>
>
I can't ... It's a drawback of the module. The fact is that I only have
found a very little documentation about conntrack code, so I dropped the
idea of dealing with it.
But it shouldn't be difficult to update the conntrack for a kernel pro I
guess ;-)
Regards,
Pierre
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2011-05-24 15:47 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-05 1:18 Netfilter Module for NAT IVI available Pierre Rondou
2011-05-24 14:56 ` Eric Dumazet
2011-05-24 15:46 ` Pierre Rondou [this message]
2011-05-24 15:55 ` Eric Dumazet
2011-05-25 12:59 ` Pierre Rondou
2011-05-25 13:09 ` Maciej Żenczykowski
2011-05-25 13:16 ` Eric Dumazet
2011-05-25 13:34 ` Pierre Rondou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DDBD2F1.3020704@gmail.com \
--to=prondou@gmail.com \
--cc=behave@ietf.org \
--cc=cyril.soldani@ulg.ac.be \
--cc=eric.dumazet@gmail.com \
--cc=evyncke@cisco.com \
--cc=guy.leduc@ulg.ac.be \
--cc=netfilter-devel@vger.kernel.org \
--cc=v6ops@ietf.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).