diff options
Diffstat (limited to '2006/userspace_helpers')
-rw-r--r-- | 2006/userspace_helpers/abstract.txt | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/2006/userspace_helpers/abstract.txt b/2006/userspace_helpers/abstract.txt new file mode 100644 index 0000000..0cd13ec --- /dev/null +++ b/2006/userspace_helpers/abstract.txt @@ -0,0 +1,18 @@ +Complex protocols such as FTP, H.323, SIP, RTSP, require special treatment by +stateful packet filters and network address translators. Software implementing +such special treatment is often referred to as "application level gateway" (ALG). +In the Linux netfilter world, they are called "conntrack helpers" and "NAT helpers". + +So far, the Linux netfilter/iptables subystem, much like it's predecessor +ipchains, only supported such helpers inside kernel space. + +However, recent advances in the netfilter world such as nfnetlink_queue, +libnetfilter_queue, nfnetlink_conntrcack and libnetfilter_conntrack provide +almost all the infrastructure required for running conntrack/NAT helpers in +userspace. + +At this time, the author is working on the missing tiny additional piece called +nfnetlink_cthelper and libnetfilter_cthelper. At the time the paper will be +finished and presented, it is expected that this code is mainline and the first +userspace conntrack/nat helpers will be available. + |