[NETFILTER 08/08]: nf_conntrack: UDPLITE support

Yasuyuki KOZAKAI yasuyuki.kozakai at toshiba.co.jp
Mon Jul 16 10:07:24 CEST 2007


From: Patrick McHardy <kaber at trash.net>

> >>[NETFILTER]: nf_conntrack: UDPLITE support
> > 
> > 
> > Maybe you predict this question :) Why do you think that new module is
> > needed instead of reusing codes in nf_conntrack_proto_udp.c ?
> 
> 
> I did :) Reusing code for the conntrack helper didn't seem to buy
> much, the only two functions that actually do anything besides
> copying header values are too different to merge (checksumming/
> packet handling). It also needs seperate sysctls, which is
> responsible for another 20%-30% of the code. So it comes down to
> saving two or three completely trivial functions, which is IMO
> not even worth exporting them.
> 
> For the NAT helpers it makes a lot more sense. The port selection
> logic, the in_range check, the manip_pkt function for UDP/TCP
> and the nf_conntrack_netlink functions could all be generalized
> and moved to a common helper helper :) This is the main reason
> why I didn't include a NAT helper yet, I have some unfinished
> work to do all that.

That is nice idea. Thanks for explanation.

-- Yasuyuki Kozakai



More information about the netfilter-devel mailing list