Harald Welte's blog

conntrack and nat helpers in 2.6.x

The last couple of days I'm trying to finalize the first release of patch-o-matic-ng. Everything seems really close now. A lot of patchlets available for 2.4.x however are missing for 2.6.x kernels. Maybe the biggest and most important lack is for all conntrack/nat helpers.

The reason is that the semantics for those helpers have completely changed. They now get fed non-linear skb's by the conntrack core, which in turn means that they all need to copy the skb payload into some temporary buffer in order to search for some particular string (e.g. PORT command).

The conntrack core should definitely provide some function that is able to look for strings within a packet. Need to think more about this.

Harald Welte's blog

	RSS Categories Root (727) ccc (22) electronics (10) gsm (1) gsm (5) knf (4) linux (537) a780 (39) ath-driver (1) conferences (87) cyberjack (4) gnuradio (5) gpl-violations (105) gspc (6) mrtd (32) netfilter (114) ct sync (6) openmoko (31) opentom (7) via (7) misc (10) personal (86) bollywood (16) taiwan (2) photography (9) politics (21) swpat (3) Archives 2008 (68) October (7) September (11) August (6) July (9) June (3) May (8) April (6) March (6) February (7) January (5) 2007 (53) December (9) November (5) October (3) September (6) August (3) July (3) June (3) April (3) March (6) February (7) January (5) 2006 (154) December (12) November (9) October (8) September (12) August (10) July (13) June (21) May (13) April (23) March (6) February (14) January (13) 2005 (248) December (8) November (25) October (33) September (22) August (17) July (30) June (27) May (21) April (14) March (22) February (13) January (16) 2004 (198) December (8) November (18) October (18) September (15) August (19) July (17) June (11) May (5) April (22) March (13) February (24) January (28) 2003 (5) December (3) November (1) September (1) 2002 (1) February (1) Harald's Web gnumonks.org hmw-consulting.com dunkelromantik.org Projects netfilter/iptables ulogd asis gspc opentom.org librfid openmrtd gpl-devices.org gpl-violations.org OpenPCD OpenBeacon OpenMoKo Other Bloggers Rusty Russell David Miller Martin Pool Lawrence Lessig Sirtaj Singh Kang Jeremy Kerr Atul Chitnis Frank Rosengart (German) Tim Pritlove fukami Michael Lauer Stefan Schmidt Kalyan Varma Aggregators kernelplanet.org planet.netfilter.org planet.openezx.org planet.openmoko.org planet.foss.in Articles on this blog/journal are licensed under a Creative Commons Attribution-NoDerivs 2.5 License.	Fri, 22 Feb 2002 conntrack and nat helpers in 2.6.x The last couple of days I'm trying to finalize the first release of patch-o-matic-ng. Everything seems really close now. A lot of patchlets available for 2.4.x however are missing for 2.6.x kernels. Maybe the biggest and most important lack is for all conntrack/nat helpers. The reason is that the semantics for those helpers have completely changed. They now get fed non-linear skb's by the conntrack core, which in turn means that they all need to copy the skb payload into some temporary buffer in order to search for some particular string (e.g. PORT command). The conntrack core should definitely provide some function that is able to look for strings within a packet. Need to think more about this. [ /linux/netfilter \| permanent link ]