From: Pierre Rondou <prondou@gmail.com>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: "Maciej Żenczykowski" <zenczykowski@gmail.com>,
netfilter-devel@vger.kernel.org, guy.leduc@ulg.ac.be,
evyncke@cisco.com, "Cyril Soldani" <cyril.soldani@ulg.ac.be>
Subject: Re: Netfilter Module for NAT IVI available
Date: Wed, 25 May 2011 15:34:36 +0200 [thread overview]
Message-ID: <4DDD056C.1030208@gmail.com> (raw)
In-Reply-To: <1306329404.2820.18.camel@edumazet-laptop>
Le 25/05/11 15:16, Eric Dumazet a écrit :
> Le mercredi 25 mai 2011 à 15:09 +0200, Maciej Żenczykowski a écrit :
>
>> Not that I've really been following the thread.
>> But I think that this sort of functionality should most likely be
>> developed as a virtual (tun/tap/veth/sit) style tunnel-like device.
>>
>> You would use ipv4/ipv6 routing in the normal kernel to direct traffic
>> out this virtual interface, and immediately ipv6/ipv4 traffic would
>> come back out of it.
>>
>> This should allow all the rest of the kernel (including connection
>> tracking) to function normally - although of course every connection
>> would be registered in an unrelated way twice (once as v4, once as
>> v6).
>>
>> I think this has nice 'black box' semantics.
>>
> CERNET doc refers to : http://linux.ivi2.org/
>
> With an implementation for linux-2.6.18 : http://linux.ivi2.org/impl/
>
> This seems enough to me, and not intrusive.
>
> Pierre, you really should discuss why a netfilter module is needed at
> all. Maybe you have a pdf or some slides somewhere (no code, but formal
> discussion) ?
>
>
Well, as stated before, it is a master thesis work, so at the time I
started this work, I didn't knew anything about the kernel organization
(even though it's been years I use linux everyday).
At first I have browsed a bit in the netfilters' files, but it was
nearly impossible to understand what file was related to what, I had no
clue on where to install my transition code.
Then a co-worker came with Jan's ebook (Writting Netfilter Modules) and
Professors watching my thesis (Guy Leduc and Eric Vyncke, in copy)
agreed that is was a good way to implement my translation code.
Now, may be Maciej's way or CERNET's way to get it into the kernel is
better, but as it's a thesis, it has to be my own work and moreover, I
have to understand what I'm doing, which is the case with Jan's
excellent ebook.
The main drawback with "in-kernel" module is that there is almost no
documentation, so I had no idea on how and where put my transition
module or simply what to do (structures, ...).
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2011-05-25 13:34 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-05 1:18 Netfilter Module for NAT IVI available Pierre Rondou
2011-05-24 14:56 ` Eric Dumazet
2011-05-24 15:46 ` Pierre Rondou
2011-05-24 15:55 ` Eric Dumazet
2011-05-25 12:59 ` Pierre Rondou
2011-05-25 13:09 ` Maciej Żenczykowski
2011-05-25 13:16 ` Eric Dumazet
2011-05-25 13:34 ` Pierre Rondou [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DDD056C.1030208@gmail.com \
--to=prondou@gmail.com \
--cc=cyril.soldani@ulg.ac.be \
--cc=eric.dumazet@gmail.com \
--cc=evyncke@cisco.com \
--cc=guy.leduc@ulg.ac.be \
--cc=netfilter-devel@vger.kernel.org \
--cc=zenczykowski@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).