initial ct_sync port for Linux 2.6

KOVACS Krisztian hidden at
Fri Dec 17 00:10:00 CET 2004


   In the last few days I've started porting ct_sync to Linux 2.6 and 
Pablo Neira's new notifier API. This evening I managed to get it compile 
and work on my UML-based "test system", so I thought it's time to 
publish the code. However, since the 2.6 port is still in heavy 
development, and because of my difficulties with the Netfilter SVN the 
code is aveilable in a public GNU Arch archive repository here:

   For those of you unexperienced with tla, you can get the code using 
the following magic incantations:

$ tla register-archive hidden at \
$ tla get -A hidden at netfilter-ha--mainline--1.0

   The repository contains the complete patchset for Linux 2.6.9, plus 
the ported ct_sync code. I've done some changes in the code itself as well:

- simplified conntrack entry manipulation code while trying to minimize 
necessary core conntrack patches
- ct_sync does not depend on ctnetlink anymore, only Pablo Neira's new 
per-packet conntrack notifier patch is necessary
- the patchtree for 2.6.9 still contains the connmark patch, which has 
been included in the mainline kernel recently, so it won't be necessary 
for 2.6.10
- polling support in the receive thread has also been included, this 
feature is especially experimental (comments welcome)

   Unfortunately I did not have time to update the README yet, it's 
slightly outdated when describing the patching process required to 
compile ct_sync. However, with a little imagination everyone should be 
able to guess which changes to apply to the commands in the README. :)

   Of course, there are a couple of known bugs in the code as well, and 
the whole 2.6 tree is even more experimental than the 2.4 variant of the 

   KOVÁCS, Krisztián

More information about the netfilter-devel mailing list