[Cialug] Netfilter kernel differences

[Tom Pohl]

Thanks for the response!  Sounds like it is for features I don't have a great desire to play with yet (IPv6) :)

The biggest reason I have the old ip_conntrack is because RHEL still uses it and being a CentOS user, we won't get the new nf_conntrack stuff until Redhat switches.  I know that the Fedora branch has had it for some time though.

Thanks!
-Tom


On Apr 21, 2010, at 2:31 PM, Zachary Kotlarek wrote:

> 
> On Apr 21, 2010, at 1:25 PM, Tom Pohl wrote:
> 
>> I'm really late to take notice, but is anyone familiar with netfilter switch between using ip_conntrack and nf_conntrack in its kernel modules?
>> 
>> I'm more curious than anything as to what the major differences might be between the two mechanisms.  I run centos servers for the most part, so I'm still on the old skool ip_conntrack, but wonder what netfilter goodness I might be missing out on :)
> 
> 
> The structural difference in that netfilter is family-independent, so you can get IPv4 and IPv6 (and in theory other families too, though I don't know if anyone has tried) support on the same mechanism, and can write application-level modules (nf_conntrack_ftp) that support both families.
> 
> Otherwise they're mostly the same. /proc/net/ip_conntrack becomes /proc/net/nf_conntrack. The module names change. But the actual capabilities of the dependent modules is nearly (if not exactly) the same between versions. I haven't come across any reason to run the old version unless you need a module that depends on ip_conntrack and hasn't been ported to nf_conntrack.
> 
> 	Zach
> 
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug