I asked about the l7-filter on lists.netfilter.org this is what I got back.
--- Harald Welte <[EMAIL PROTECTED]> wrote: > Date: Sun, 15 Feb 2004 16:55:02 +0100 > From: Harald Welte <[EMAIL PROTECTED]> > To: Mike Mestnik <[EMAIL PROTECTED]> > CC: "lists.netfilter.org netfilter" <[EMAIL PROTECTED]>, > [EMAIL PROTECTED] > Subject: Re: I found what I was looking for l7-filter.sf.net. > > On Mon, Feb 09, 2004 at 02:49:43PM -0800, Mike Mestnik wrote: > > Are there any plans to add this to the patch-o-matic? If nothing else > > could you put a link on your links page. > > Since the original authors of l7-filter did never contact us, we didn't > know about their project at all. > > In fact, you are the first one mentioning it to me, and I'm now reading > through their source. > > Although I'm not a fan of doing stuff like this inside the kernel, I > think it is still a valid candidate for patch-o-matic (ng). However, > this is up to the original software authors. > > A couple of comments: > > - put all the new struct ip_conntrack members into a seperate > sub-structure (like the 'nat' and 'helper' substructures do) > - think about type usage. Use unsigned int for stuff like numpackets, > since it is not likely to become negative ;) > - Adhere to CodingStyle (tab-width indent, ...) > - use arch-independent types in ipt_childlevel_info, or it will break > on sparc64 and other archs > - don't put regexp.c/ressub.c into linux/include/linux/regexp. This > belongs together with the iptables module > - Add sufficient GPL notices to every > - Please decouple the 'childlevel' match and submit it seperately. We > could even submit it to the kernel soon. > - I can't see any locking in your code, and I don't think it's SMP safe > > One additional question: > > - Did you consider basing your work on top of libqsearch? > (http://www.cartel-securite.fr/pbiondi/libqsearch.html) > > libqsearch is IMHO the preferred (and already existing and widely > deployed, even in commercial products) way of doing pattern matching > inside the kernel. > > -- > - Harald Welte <[EMAIL PROTECTED]> http://www.netfilter.org/ > ============================================================================ > "Fragmentation is like classful addressing -- an interesting early > architectural error that shows how much experimentation was going > on while IP was being designed." -- Paul Vixie > > ATTACHMENT part 2 application/pgp-signature name=signature.asc __________________________________ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html
