View previous topic :: View next topic |
Author |
Message |
GurliGebis
Joined: 16 Apr 2009 Posts: 35
|
Posted: Sun Aug 31, 2014 7:33 pm Post subject: Support for nftables |
|
|
Hey,
Since nftables seems to moving along nicely, would it be an idea to start looking at integrating with it, along with iptables?
From what I can read, the API shouldn't be that difficult to use. |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1593
|
Posted: Tue Sep 09, 2014 3:30 pm Post subject: |
|
|
yes I'm thinking about it but have no time to do it... anybody motivated ? _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
s1061123
Joined: 09 Mar 2015 Posts: 5 Location: Tokyo/Japan
|
Posted: Wed Mar 11, 2015 2:30 pm Post subject: |
|
|
miniupnp wrote: | yes I'm thinking about it but have no time to do it... anybody motivated ? |
Hi Folks,
I've just started to support nftables in my github repository.
Currently it is 'very alpha' version, so please keep in touch and let you know when it is ready to merge.
thanks,
Tomofumi[/url] |
|
Back to top |
|
|
s1061123
Joined: 09 Mar 2015 Posts: 5 Location: Tokyo/Japan
|
Posted: Wed Mar 11, 2015 2:31 pm Post subject: |
|
|
s1061123 wrote: | miniupnp wrote: | yes I'm thinking about it but have no time to do it... anybody motivated ? |
Hi Folks,
I've just started to support nftables in my github repository.
Currently it is 'very alpha' version, so please keep in touch and let you know when it is ready to merge.
thanks,
Tomofumi[/url] |
Here's pointer.
https://github.com/s1061123/miniupnp |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1593
|
|
Back to top |
|
|
s1061123
Joined: 09 Mar 2015 Posts: 5 Location: Tokyo/Japan
|
Posted: Tue Mar 24, 2015 7:32 am Post subject: |
|
|
Hi Folks,
Let me update current status on it.
Currently SNAT and DNAT are worked.
Currently my code is under github.
https://github.com/s1061123/miniupnp
To compile miniupnpd for nftables, just make with Makefiles.linux_nft instead of Makefile.linux.
Comments and some experiment reports are welcome!
Thanks,
Tomofumi |
|
Back to top |
|
|
s1061123
Joined: 09 Mar 2015 Posts: 5 Location: Tokyo/Japan
|
Posted: Thu Apr 09, 2015 7:45 am Post subject: |
|
|
miniupnp wrote: | it looks promising ! |
Hi miniupnp author,
After several tests, I would like to submit pull request as 'alpha support of nftables'.
To submit pull request for feature enhancement, is there any requirements for merge?
Thanks,
Tomofumi |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1593
|
Posted: Fri Apr 10, 2015 3:16 pm Post subject: |
|
|
make the pull request on github, I will look at it and merge if possible _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
s1061123
Joined: 09 Mar 2015 Posts: 5 Location: Tokyo/Japan
|
Posted: Wed Apr 15, 2015 4:23 am Post subject: |
|
|
miniupnp wrote: | make the pull request on github, I will look at it and merge if possible |
I got it.
Now I'm a little bit busy, so after that I'll post it |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1593
|
|
Back to top |
|
|
Paul.Chambers
Joined: 14 Sep 2019 Posts: 1 Location: San Jose, California
|
Posted: Sun Sep 15, 2019 5:12 am Post subject: |
|
|
I'd be willing to put some effort into this, too.
I'm still learning nftables, and the approach miniupnpd currently takes to support it.
One thing I'm curious about is that the front end (UPnP IGD server) and backends (network rule manipulation on the machine itself) aren't quite as cleanly separated as my OCD tendencies would like. Perhaps something that evolved over time? nothing wrong with that, I'm just a little wary of muddying the waters further.
Is that something people agree could be improved? is there an appetite for refining the separation between frontend and backends?
The reason I ask is that I'd rather help converge the various derivatives than diverge one of them further. However, I'd hate to dig into that without some confidence that the resulting pull requests are going to be looked on favorably.
Your thoughts?
Best regards,
- Paul |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1593
|
Posted: Tue Sep 24, 2019 10:35 am Post subject: |
|
|
I won't spend time on any reorganisation of the code before the nftables code really works. _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1593
|
Posted: Wed Oct 02, 2019 10:10 pm Post subject: |
|
|
you should also consider that miniupnpd is designed to run on small home routers. So consuming more memory is a big deal.
that's also why I think we should first implement privilege dropping before full privilege separation _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
|