[RFC] layer-2 netfilter/conntrack (was: Re: NAT-PT - how to do it ?)
Sat, 19 Jan 2002 11:54:29 -0800 (PST)
--- Sam Johnston <firstname.lastname@example.org> wrote:
> I'd certainly like to see layer-2 hooks introduced so I can do IP
> billing w/out a login client (to authenticate and set up the layer 3 rules).
Agreed. Having layer-2 hooks to work directly on the IPv4/IPv6 layer would
be very nice, and beneficial too for other things.
> Brad Chapman wrote:
> >Mr. Harald,
> >--- Harald Welte <email@example.com> wrote:
> >>On Fri, Jan 18, 2002 at 01:18:52AM +0100, Andreas Jellinghaus wrote:
> >>>>There's only one problem: Netfilter doesn't support re-injecting packets at
> >>>>a hook. You can easily steal the packet at one hook, but not reinject it
> >>>>into the other.
> >>>but can you change a packet ? can you change it this much:
> >>>replace the ipv4 header with an ipv6 header, maybe even more ?
> >>No, as netfilter hooks are layer-3-protocol specific. You can only change the
> >>ipv4 header and everything upwards (layer 3 and above).
> > Hmmm..... During 2.5.x do you think it would be a good idea to add layer-2
> >hook functionality to netfilter so that things like this become easier?
> > You said a long time ago that you wanted to do a layer-3 split of the
> >conntrack code, with core stuff going in net/core (or elsewhere) and
> >protocol-specific stuff going in net/ipv4 (or net/ipv6 or net/whatever). Having
> >layer-2 hooks would simplify the packet eyeballing for something like that. Plus,
> >it may have benefits for iptables2 itself, once the Netlink stuff goes in......
> > Before you say that it hasn't been done ;), it has - see netfilter-arp-246.patch
> >netfilter/patches. What I'm proposing is something like
> >this, but for all layer-2 stuff (Ethernet, ATM, PPP, SLIP, etc etc etc etc.....).
> > Do you think it's worth a study, sir?
> >>Live long and prosper
> >>- Harald Welte / firstname.lastname@example.org http://www.gnumonks.org/
> >Brad Chapman
> >Permanent e-mail: email@example.com
> >Current e-mail: firstname.lastname@example.org
> >Alternate e-mail: email@example.com
> >Do You Yahoo!?
> >Send FREE video emails in Yahoo! Mail!
Permanent e-mail: firstname.lastname@example.org
Current e-mail: email@example.com
Alternate e-mail: firstname.lastname@example.org
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!