[RFC,ANNOUNCE] conntrack daemon (stateful replication)
Holger Eitzenberger
holger at my-eitzenberger.de
Tue May 30 08:58:05 CEST 2006
On Mon, May 29, 2006 at 12:09:59AM +0200, Pablo Neira Ayuso wrote:
> I've been working on a pet project during the last months. Part of this
> stuff is related with my works in the university.
Hi Pablo,
I am working on a daemon called 'ctsyncd', which for me started as a
proof-of-concept and is now almost in a state where I can release it
to the public. My current objective is simple master/slave scenario
without active/active, and I am almost done.
Hopefully I am able to look at your sources. With your great knowledge
of libnetfilter_conntrack and my programming skills we should consider
joining our efforts. But first I will release my code for public review
within a few days.
Stay tuned.
/holger
> - Stateful replication: the daemon keeps a cache of internal events via
> libnetfilter_conntrack and a cache of external event received from the
> other node.
> - Support for classical Primary/Backup settings
> - Support for Active/Active settings (two machines max. per VRRP instance)
> - Support for NAT: It recognizes NAT'ed connections and handles them
> properly.
> - UDP traffic ignore facility
> - ICMP traffic ignore facility
> - Ignore loopback traffic (not customizable at the moment)
> - Ignore traffic for certain set of machines: Useful to ignore traffic
> for the firewall since we just want to replicate conntracks that
> represent forwarded connections.
> - Dump internal and external caches via UNIX sockets
> - Flush internal, external caches and conntrack table
> - The communication between daemons is done in NETLINK format, so the
> protocol used is based on NETLINK over IP, to ensure backward compatibility.
> - Configuration via file
More information about the netfilter-devel
mailing list