[UPnP-SDK-discuss] UPNP Server/Application Gateway for Linux

[Brian J. Murrell]

--6Nae48J/T25AfBN4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Apr 07, 2002 at 11:12:23AM +0200, Harald Welte wrote:
>=20
> To be more precise:  A userspace daemon using the upcoming ctnetlink
> interface to add connection tracking entries / nat mappings and
> ip_conntrack_expect's to the firewall.

Hey, that sounds like the stateful packet filter engine I wrote on
ipchains when ipchains was the state of the art technology.
ftp://ftp.interlinx.bc.ca/pub/spf for anyone still interested.

> Dynamically inserting/removing rules seems like a big hack, but not like
> a solution.

Why?  I thought that userspace solutions were _always_ considered "the
better way(tm)" to do things when possible.  What is a better solution
to UPnP than a userspace daemon manipulating netfilter rules?

Perhaps you prefer the UPnP daemon to act more like a true application
proxy and do application level forwarding to satisfy the requests made
of it?

That seems like more overhead than is necessary to me.  Considering
netfilter to be a set of gates and the UPnP daemon to be a gatekeeper
seems like the right mix of userspace/kernel space to me.

On a side note, does UPnP do anything more/better than SOCKS5?  Did MS
needlessly invent another protocol again?  I was always under the
impression that SOCKS5 allowed UDP as well as requesting TCP and UDP
listeners.

b.

--=20
Brian J. Murrell

--6Nae48J/T25AfBN4
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8sBpZl3EQlGLyuXARAlxYAJ9L8RYgD7UDst+zUTPQrQaVtve9ZACg8QsG
e3G6w661Wh6qzoRyYPIi/vA=
=CEKr
-----END PGP SIGNATURE-----

--6Nae48J/T25AfBN4--