ydahhrk
commented
9 years ago This issue was started in #177. This is the text I removed there:
However, one thing that's missing is multiple instances of the same Jool flavor,
Rats. They removed support for modprobe's "-o" option. I was planning to use this to allow multiple Jool instances (I'm reading really old documentation, it seems).
Actually, multiple Jools is still possible, but appalling.
cd Jool/mod/stateless make sudo insmod jool_siit.ko vi Kbuild Edits: Line 5: "jool_siit.o" -> "jool_siit2.o" Line 41 (the last one): "jool_siit-objs" -> "jool_siit2-objs" make sudo insmod jool_siit2.ko
(I'm not suggesting anyone should do this.)
Note to myself:
register_pernet_subsys()can probably improve this in the current framework. It's what iptables uses.
The Netlink socket (the thing we use to communicate kernel module and userspace application) is also one hell of an obstacle.
$ sudo insmod jool_siit.ko $ sudo insmod jool_siit2.ko $ dmesg [19368.315312] SIIT Jool v3.3.2.12 module inserted. [19372.442178] SIIT Jool ERROR (nlhandler_init): Creation of netlink socket failed. [19372.442178] This usually happens because you already have a Jool instance running. [19372.442178] I will ignore this error. However, you will not be able to configure Jool via the userspace application. [19372.442184] SIIT Jool v3.3.2.12 module inserted.
I actually don't know how to fix this. Linux forces all kernelspace Netlink sockets to use pid (port) zero. I suppose I can change the protocol family, but there's only room for 32 of them and more than half are already taken...
Well, at least we got HBET (and also filtering!) out of the way.
Thankfully, we already figured out how to work around Netlink's 32 socket maximum.
Because it's a flat Netfilter module, only one Jool instance of each flavor (SIIT/NAT64) can be modprobed in each machine at a time. The current namespace code is very young, and all it achieves is allowing to enclose the Jool instance in a single namespace (which was enough to address Node-Based Translation and Filtering).
For maximum versatility, it should be possible to enclose different Jools in different namespaces.
This will probably be automatically fixed by becoming a device driver, but I'm getting the impression that we will probably continue supporting the Netfilter paradigm too even during and after 4.0.