[PATCH pom-ng 0/5] RFC: ip_nat|conntrack_h323.c on 2.6,
first preview
Herve Eychenne
rv at wallfire.org
Wed Jan 19 09:56:15 CET 2005
On Wed, Jan 19, 2005 at 09:30:38AM +0100, Jozsef Kadlecsik wrote:
> On Wed, 19 Jan 2005, Max Kellermann wrote:
> > I have worked a bit on porting the H.323 conntrack module to Linux
> > 2.6. Here is my first preview. Both connection tracking and NAT work
> > well in my home network (gnomemeeting and ohphone, tunneling
> > disabled).
> >
> > It's still the old brute force method, no real protocol evaluation is
> > performed. I will implement that the "right" way after the port to the
> > Linux 2.6 API is finished and tested. The current algorithm is not
> > recommended for production environments, because it is insecure,
> > sometimes buggy and horribly inefficient.
> Yes, exactly. That was why I refrained from porting it to 2.6...
> If you want to write a decent helper, then ethereal has got a H.323 (ASN)
> decoder written in C, which could probably be re-used. :-)
Yes... but do we really want a big ASN-1 parser in the kernel?
Is there a nice way to have it rely on kernel facilities, while staying in
userspace though?
Herve
--
_
(°= Hervé Eychenne
//)
v_/_ WallFire project: http://www.wallfire.org/
More information about the netfilter-devel
mailing list