[FSF India] Re: [Gnu-India]Re: GNU Project List

M.P.Anand Babu fsf-india@gnu.org.in
Thu, 23 Aug 2001 08:09:03 +0530 (IST) 

Hi Naheed
Here you go for Netfilter Port to GNU/Hurd Project

ABOUT NETFILTER:
================
Netfilter is just a framework for building NAT and filtering.
Netfilter base code hooks into the protocol stack at various 
spots.
For example if you take TCP/IP stack, there
are 5 hooks 
    * LOCAL IN 
      Packets for this(local) machine
    * LOCAL OUT
      Packets from this machine 
    * PRE-ROUTING
      Packets entering this machine from network. It might
      be for this machine or routed thru this machine
    * POST-ROUTING
      Packets leaving this machine. May be from this machine
      or a packet routed thru this machine.
    * FORWARDING
      Packets routed thru ur machine.

So using these hooks it provides a framework to register
tables and modules.
Tables contains rules passed from user space thru iptables
command. These rules contain typically a match and a target.
When ever a packet enters the Netfilter framework, it is
passed thru these rules. If a packet is matched with a rule
,it will be passwd to the target module. The target
module can decide the fate of the packet.

ENVIRONMENT:
============
A real battle ground for Netfilter environment will be
* a network with atleast 100+ users connected to other intranet/internet
* Netfilter box with 2.4.x kernel with 2 ethernet cards
* and lot of time to experiment.

For a developer:
Even if you don't have such an env, you can still do
ur development on a single machine.
You can test simple rules on loopback (127.0.0.1).
You are just doing porting. Netfilter is already
a proven implementation. After porting, there
are users to help us in testing.

FOR DEVELOPER:
==============
We are very very lucky :)
Because The Hurd's TCP/IP stack is port(copied:) from
Linux 2.2 kernel. So it shouldn't be difficult for
us to port Netfilter to Hurd.

For all these steps, you have to constantly work with
me. Don't ever hesitate to ask even the stupidest question.
You never know how many others have the same question.

Next step is:
Step 1* Get urself familiarized with Netfilter usage 
     Read NAT-HowTo and Filtering-HowTo
Step 2* OK, Now you are ready for hacking
     Read Netfilter-Hackers Guide.
     Understand the design/implementation of Netfilter.
Step 3* Browse the source code of TCP/IP stack
     and NetFilter.
There are other guides of Rusty Russell. They
are Kernel hackers guide and Kernel Locking guide.
They are not necessary. Because in Hurd, we do it
in user space. Its easy.

I expect lot of mails from you here after.

I've no plans for LA, But I will be in Fremont(CA)
next week most probably.

Best Regards
ab

Naheed Vora writes:
 > Hi ab,
 > I am happy to have your permission as well as sureity
 > of guidance for the project. I met the professor today
 > and he is ready to help me through. I am not sure if I
 > will take as my credits or else as funtime project,
 > but I am seriously looking forward to work on this
 > project. The prof. will sit along with me and discuss
 > the framework and architecture of Netfilter translator
 > may be next week. I will keep you updated with the
 > progress and solicit your help whenever required.
 > 
 > Do let me know if you are planning to come to LA
 > during your visit to US. We can meet if you happen to
 > come to LA,
 > 
 > C ya,
 > Bye,
 > Naheed

-- 
Addicted to GNU Emacs
Inspired by GNU (www.gnu.org)