import of old now defunct presentation slides svn repo

1 files changed, 18 insertions, 0 deletions

diff --git a/2006/userspace_helpers/abstract.txt b/2006/userspace_helpers/abstract.txt
new file mode 100644
index 0000000..0cd13ec
--- /dev/null
+++ b/2006/userspace_helpers/abstract.txt
@@ -0,0 +1,18 @@
+Complex protocols such as FTP, H.323, SIP, RTSP, require special treatment by
+stateful packet filters and network address translators.  Software implementing
+such special treatment is often referred to as "application level gateway" (ALG).
+In the Linux netfilter world, they are called "conntrack helpers" and "NAT helpers".
+
+So far, the Linux netfilter/iptables subystem, much like it's predecessor
+ipchains, only supported such helpers inside kernel space.
+
+However, recent advances in the netfilter world such as nfnetlink_queue,
+libnetfilter_queue, nfnetlink_conntrcack and libnetfilter_conntrack provide
+almost all the infrastructure required for running conntrack/NAT helpers in
+userspace.
+
+At this time, the author is working on the missing tiny additional piece called
+nfnetlink_cthelper and libnetfilter_cthelper.  At the time the paper will be
+finished and presented, it is expected that this code is mainline and the first
+userspace conntrack/nat helpers will be available.
+