<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd”>
"The netfilter simulator provides a means to run netfilter code in userspace; this allows significantly easier debugging and testing of what would otherwise be kernel-bound code." - README
nfsim is a valuable tool for netfilter module developers. This page collects my nfsim patches which were not yet accepted by the netfilter team.
I ported nfsim to Linux 2.6.14-rc3 See my patchset below.
Initially, nfsim was designed to support text based protocols like FTP and IRC. It loosely matches whitespace characters, and had no support for matching non-printable characters, until Rusty applied my binary quoting patch.
My idea to solve the "binary protocol" issue features backticks, known from the shell and perl. When you write an nfsim test for, say, H.225, you ship a tiny program which prints an H.225 packet to stdout. This program can then be called from within the nfsim test:
This is much simpler than writing huge rows of escaped non-printables into the nfsim test.
This idea was not accepted; I had a talk with Rusty about this: he prefers to hard-code protocol support into the nfsim core, instead of using external packet generator programs. Until the Netfilter people come up with an implementation which is better than my patch, I will use my backticks.
My nfsim modifications are available as a single patch: nfsim-mk-20051005.patch (applying to nfsim revision 4316). The discrete patches are also free for download.
Then check out the nfsim subversion repository: