From: Phil Dibowitz <phil@ipom.com>
To: netfilter@lists.netfilter.org
Subject: nfnetlink, cfnetlink, and iptables2
Date: Sat, 04 Dec 2004 23:40:08 -0800 [thread overview]
Message-ID: <41B2BB58.3070601@ipom.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 2202 bytes --]
Hey folks,
I posted this to the netfilter-devel list, but got no response. I'm not
sure if they felt it wasn't appropriate for the devel list, so I'm
posting it here in hopes of more information.
A while back Herald Welte emailed me and suggested I port my application
(iptstate) to use the new ctnetlink/nfnetlink framework (as opposed to
reading data out of /proc).
I haven't had much time since then, but I decided to sit down and look
at this, and I'm a bit confused by what I found. I found libnfnetlink here:
http://ftp.iasi.roedu.net/netfilter/libnfnetlink/snapshot/
and libctnetlink here:
http://ftp.iasi.roedu.net/netfilter/libctnetlink/snapshot/
And since cfnetlink requires nfnetlink, I went to compile that first.
And ran into some problems. So I started browsing the archives, and it
seems people refer to an old "ctnetlink/nfnetlink" and a new one... and
the new one is part of "iptables2" ? I haven't followed
netfilter/iptables developement very carefully, so I don't know what
iptables2 is, but seems to be the latest suite of "frontend"
applications to netfilter.
At the very least, libnfnetlink requires nfnetlink.h, which I would have
thought was part of libnfnetlink, but it appears it's not. I found a
mention of a "release" of iptables2 here:
http://lists.netfilter.org/pipermail/netfilter/2001-November/016646.html
but the download requires a password which I don't have. Additionally
the post talkes about a whole lot of kernel incompatibilities between
old versions and new versions and it doesn't appear the latest versions
have made it into the main kernel tree yet. Is this correct? If so, this
doesn't actually sound like something ready for primetime yet...
Perhaps someone can relate ctnetlink/nfnetlink (old and new) to
libcfnetlink/libnfnetlink and iptables2, and the current kernels for me?
Thanks...
--
Phil Dibowitz phil@ipom.com
Freeware and Technical Pages Insanity Palace of Metallica
http://www.phildev.net/ http://www.ipom.com/
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
- Benjamin Franklin, 1759
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 256 bytes --]
reply other threads:[~2004-12-05 7:40 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41B2BB58.3070601@ipom.com \
--to=phil@ipom.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox