[ANNOUNCE] netfilter-2.6.14 git tree / TODO

Harald Welte laforge at netfilter.org
Sun Jul 31 12:27:45 CEST 2005 

Hi Christian, I'm cc'ing the list so others don't miss the explanations
below:

On Sun, Jul 31, 2005 at 05:24:22AM -0300, Christian Hentschel wrote:

> I'd like to help with some of these stuff.
> I'm thinking about the conntrack part of the TODO list.

great.  I'm currently working on libnfnetlink_{queue,log} and later
probably ulogd2, so there is no overlap.

> Anyways, i'll need some detail of what's needing to be done =).

well, when you want to do the 'conntrack' part, you first need to fix up
'libnfnetlink_conntrack' (and libct, which is part of 'conntrack'
itself).

The main changes on the kernel side have been:

1) everything inside a 'struct nfattr' (But not itself!) is now always
   int network byte order.  So the userspace code needs ntohl(),
   ntohs(), .. all over the place.  Special care needs to be taken for
   64bit values, since at least I am not aware of any standard/portable
   'ntohll' like functions.  So my idea was to implement them once and
   put them into libnfnetlink.

2) the _FLUSH messages have been removed.  sending a _DEL message with
   no further specification will match all entries and  therefore _is_ a
   flush.

3) the tuples are now built by nested attributes.  This means that we
   don't pass any kernel structures to userspace, but rather encapsulate
   every value in it's own attribute.  userspace needs to correctly
   parse this and put it into some userspace structures.  None of the 
   library and application code should include anything from the kernel
   but include/linux/netfilter/nfnetlink*.h

4) some other messages have been renamed (RPLY -> REPLY). Mostly
   cosmetic.

After all this has been implemented, we can think of cleaning up the
layering between conntrack/libct/libnfnetlink_conntrack, but that's more
of a cleanup issue.  Let's make it functional first.

TIA,
	Harald

-- 
- Harald Welte <laforge at netfilter.org>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/netfilter-devel/attachments/20050731/f6705c82/attachment.bin

More information about the netfilter-devel mailing list