[NETFILTER 08/08]: nf_conntrack: UDPLITE support

Patrick McHardy kaber at trash.net
Sun Jul 15 01:05:19 CEST 2007


Yasuyuki KOZAKAI wrote:
> From: Patrick McHardy <kaber at trash.net>
> Date: Sat, 14 Jul 2007 17:12:44 +0200 (MEST)
> 
> 
>>[NETFILTER]: nf_conntrack: UDPLITE support
> 
> 
> Maybe you predict this question :) Why do you think that new module is
> needed instead of reusing codes in nf_conntrack_proto_udp.c ?


I did :) Reusing code for the conntrack helper didn't seem to buy
much, the only two functions that actually do anything besides
copying header values are too different to merge (checksumming/
packet handling). It also needs seperate sysctls, which is
responsible for another 20%-30% of the code. So it comes down to
saving two or three completely trivial functions, which is IMO
not even worth exporting them.

For the NAT helpers it makes a lot more sense. The port selection
logic, the in_range check, the manip_pkt function for UDP/TCP
and the nf_conntrack_netlink functions could all be generalized
and moved to a common helper helper :) This is the main reason
why I didn't include a NAT helper yet, I have some unfinished
work to do all that.




More information about the netfilter-devel mailing list