Hello, developers of Netfilter,
I wanted to tell you some things, and ask you a few questions :
For a student project, I wrote a Netfilter module (both a Match, and a Target)
that allows you to play with the GRE Header reserved flags. (Why on earth would
you do that? Well, it could be used to pass additional routing information
along, within the packet itself). I think it could benefit the whole community,
that's why I wanted to contribute my code.
The Target allows you to write something like :
iptables -t mangle -A OUTPUT -p gre -j GRE --set-gre-flags 0x15
The match would allow you to match some flags value :
iptables -t mangle -I OUTPUT -p gre -m gre --gre-flags 0x05/0x07
Both match and target support masking, the match also supports inversion, and
(hopefully) the input sanitization is done right. I restricted the table to
"mangle" (no restriction on the hook, so far). I also developed both an ipv4
and ipv6 version.
1) FIRST QUESTION:
Would you be interested in such a contribution? Nothing was previously done on
GRE, specifically, I suppose. I wonder why there is no target module out there
that let you set any arbitrary data within the raw packet, at a certain offset?
(like quite the opposite of the "u32" match)
2) SECOND QUESTION:
Should I respect a specific coding style, and also put some particular
"MODULE_*" within the code (other than MODULE_AUTHOR, MODULE_DESCRIPTION, and
MODULE_LICENSE("GPL"))?
3) THIRD QUESTION:
Well... How do I upload my code, where is it reviewed, etc...?
Thank you very much for your time and your answers,
I wish you all a very peaceful day,
~AC
-
