Fwd: About l7-filter on lists.netfilter.org.
I asked about the l7-filter on lists.netfilter.org this is what I got back.
--- Harald Welte <firstname.lastname@example.org> wrote:
> Date: Sun, 15 Feb 2004 16:55:02 +0100
> From: Harald Welte <email@example.com>
> To: Mike Mestnik <firstname.lastname@example.org>
> CC: "lists.netfilter.org netfilter" <email@example.com>,
> Subject: Re: I found what I was looking for l7-filter.sf.net.
> On Mon, Feb 09, 2004 at 02:49:43PM -0800, Mike Mestnik wrote:
> > Are there any plans to add this to the patch-o-matic? If nothing else
> > could you put a link on your links page.
> Since the original authors of l7-filter did never contact us, we didn't
> know about their project at all.
> In fact, you are the first one mentioning it to me, and I'm now reading
> through their source.
> Although I'm not a fan of doing stuff like this inside the kernel, I
> think it is still a valid candidate for patch-o-matic (ng). However,
> this is up to the original software authors.
> A couple of comments:
> - put all the new struct ip_conntrack members into a seperate
> sub-structure (like the 'nat' and 'helper' substructures do)
> - think about type usage. Use unsigned int for stuff like numpackets,
> since it is not likely to become negative ;)
> - Adhere to CodingStyle (tab-width indent, ...)
> - use arch-independent types in ipt_childlevel_info, or it will break
> on sparc64 and other archs
> - don't put regexp.c/ressub.c into linux/include/linux/regexp. This
> belongs together with the iptables module
> - Add sufficient GPL notices to every
> - Please decouple the 'childlevel' match and submit it seperately. We
> could even submit it to the kernel soon.
> - I can't see any locking in your code, and I don't think it's SMP safe
> One additional question:
> - Did you consider basing your work on top of libqsearch?
> libqsearch is IMHO the preferred (and already existing and widely
> deployed, even in commercial products) way of doing pattern matching
> inside the kernel.
> - Harald Welte <firstname.lastname@example.org> http://www.netfilter.org/
> "Fragmentation is like classful addressing -- an interesting early
> architectural error that shows how much experimentation was going
> on while IP was being designed." -- Paul Vixie
> ATTACHMENT part 2 application/pgp-signature name=signature.asc
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.