* Starting point in netfilter development
@ 2014-06-30 13:03 Quentin Headen
2014-06-30 15:22 ` Florian Westphal
0 siblings, 1 reply; 6+ messages in thread
From: Quentin Headen @ 2014-06-30 13:03 UTC (permalink / raw)
To: netfilter-devel
Hello everyone. My name is Quentin Headen, and I am a student
developer who wishes to get more involved in Linux kernel programming.
I picked netfilter since I am also interested in networking software
development.
I have a few quick questions:
* Is there an active IRC channel for netfilter developers?
* When pulling repository changes, do I use git.netfilter.org, or the
main Linux kernel git repo?
* Where is a good place for me to get started with netfilter contributions?
* Is there any bug tracking done outside of the mailing list?
I would love to help out in this project. Thanks.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Starting point in netfilter development
2014-06-30 13:03 Starting point in netfilter development Quentin Headen
@ 2014-06-30 15:22 ` Florian Westphal
2014-07-01 1:45 ` Quentin Headen
0 siblings, 1 reply; 6+ messages in thread
From: Florian Westphal @ 2014-06-30 15:22 UTC (permalink / raw)
To: Quentin Headen; +Cc: netfilter-devel
Quentin Headen <qheaden@phaseshiftsoftware.com> wrote:
> * Is there an active IRC channel for netfilter developers?
Not that I am aware of. There is #netfilter on freenode,
sometimes developers are also on this channel though its mostly
dealing with end-user questions.
> * When pulling repository changes, do I use git.netfilter.org, or the
> main Linux kernel git repo?
nf.git and nf-next.git from kernel.org. git.netfilter.org
mostly hosts the userspace tools like iptables/nftables
and the associated libraries.
> * Where is a good place for me to get started with netfilter contributions?
It depends on wheter you want to focus on kernel or userspace,
and on what area you'd like to work on.
nftables is currently under active development; f.e. you could
add one of the missing iptables extensions such as hashlimit
or nfacct.
At least for hashlimit I suspect that an nftables equivalent should
not 'copy' hashlimit to nftables but instead take advantage
of nftables' architecture by e.g. using register(s) as input
(as compared to the packet).
Would avoid avoid adding all the hashlimit-mode/src-mask options
from the iptables match in the nft version, and it would be more
flexible because the data extraction/compaction would be in userspace.
Alternatively, you could look at the open bug reports/feature wishlist
items:
http://bugzilla.netfilter.org/buglist.cgi?product=nftables&component=nft&resolution=---
> * Is there any bug tracking done outside of the mailing list?
There is bugzilla.netfilter.org that some people use.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Starting point in netfilter development
2014-06-30 15:22 ` Florian Westphal
@ 2014-07-01 1:45 ` Quentin Headen
2014-07-02 20:43 ` Florian Westphal
0 siblings, 1 reply; 6+ messages in thread
From: Quentin Headen @ 2014-07-01 1:45 UTC (permalink / raw)
To: Florian Westphal; +Cc: netfilter-devel
Florian Westphal <fw@strlen.de> wrote:
> nftables is currently under active development; f.e. you could
> add one of the missing iptables extensions such as hashlimit
> or nfacct.
Working on hashlimit for nftables sounds interesting.
> nf.git and nf-next.git from kernel.org. git.netfilter.org
> mostly hosts the userspace tools like iptables/nftables
> and the associated libraries.
So to work on hashlimit functionality for nftables, I'm guessing I
would need to work with the code found on git.netfilter.org? Would it
be mostly a userspace coding experience?
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Starting point in netfilter development
2014-07-01 1:45 ` Quentin Headen
@ 2014-07-02 20:43 ` Florian Westphal
2014-07-03 9:18 ` Pablo Neira Ayuso
0 siblings, 1 reply; 6+ messages in thread
From: Florian Westphal @ 2014-07-02 20:43 UTC (permalink / raw)
To: Quentin Headen; +Cc: Florian Westphal, netfilter-devel
Quentin Headen <qheaden@phaseshiftsoftware.com> wrote:
> Florian Westphal <fw@strlen.de> wrote:
> > nftables is currently under active development; f.e. you could
> > add one of the missing iptables extensions such as hashlimit
> > or nfacct.
>
> Working on hashlimit for nftables sounds interesting.
Its not very beginner-friendly though.
nfacct *might* be a bit simpler.
Maybe someone else has a better idea.
> > nf.git and nf-next.git from kernel.org. git.netfilter.org
> > mostly hosts the userspace tools like iptables/nftables
> > and the associated libraries.
>
> So to work on hashlimit functionality for nftables, I'm guessing I
> would need to work with the code found on git.netfilter.org? Would it
> be mostly a userspace coding experience?
Yes, most of the functionality should be in userspace, but it
would need kernel support as well.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Starting point in netfilter development
2014-07-02 20:43 ` Florian Westphal
@ 2014-07-03 9:18 ` Pablo Neira Ayuso
2014-07-05 5:15 ` Quentin Headen
0 siblings, 1 reply; 6+ messages in thread
From: Pablo Neira Ayuso @ 2014-07-03 9:18 UTC (permalink / raw)
To: Florian Westphal; +Cc: Quentin Headen, netfilter-devel
On Wed, Jul 02, 2014 at 10:43:23PM +0200, Florian Westphal wrote:
> Quentin Headen <qheaden@phaseshiftsoftware.com> wrote:
> > Florian Westphal <fw@strlen.de> wrote:
> > > nftables is currently under active development; f.e. you could
> > > add one of the missing iptables extensions such as hashlimit
> > > or nfacct.
> >
> > Working on hashlimit for nftables sounds interesting.
>
> Its not very beginner-friendly though.
> nfacct *might* be a bit simpler.
I think this proposal was a good idea, but just to avoid overlap.
Arturo already started some hacking on that.
We're still discussing the integration with the new nftables
transaction infrastructure, the idea is to add native nf_tables
commands to add/delete/dump accounting objects, but that would add
dependencies between nfnetlink_acct and nf_tables, which is something
that should only happen on demand.
> Maybe someone else has a better idea.
Working on userspace seems like a better option for a newbie, I'd
suggest. So I would point to detecting bugs in nft, file them into
netfilter's bugzilla and trying to fix them.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Starting point in netfilter development
2014-07-03 9:18 ` Pablo Neira Ayuso
@ 2014-07-05 5:15 ` Quentin Headen
0 siblings, 0 replies; 6+ messages in thread
From: Quentin Headen @ 2014-07-05 5:15 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: Florian Westphal, netfilter-devel
On Thu, Jul 3, 2014 at 2:18 AM, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> Working on userspace seems like a better option for a newbie, I'd
> suggest. So I would point to detecting bugs in nft, file them into
> netfilter's bugzilla and trying to fix them.
I agree. I was able to download the nft source and get it compiled. I
will be poking around the source code, and putting nft to use to see
if there is anything I can fix, or any improvements I can possibly
propose. Thanks again for all of the suggestions from each of you.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-07-05 5:15 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-06-30 13:03 Starting point in netfilter development Quentin Headen
2014-06-30 15:22 ` Florian Westphal
2014-07-01 1:45 ` Quentin Headen
2014-07-02 20:43 ` Florian Westphal
2014-07-03 9:18 ` Pablo Neira Ayuso
2014-07-05 5:15 ` Quentin Headen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.