Jan Engelhardt wrote:
On Jan 14 2008 07:04, Patrick McHardy wrote:
Jan Engelhardt wrote:
the following series implements xt_RAWNAT, a target to do network
address translation not depending on conntrack. I still have an issue
though, if you have an idea what could be wrong, please let me know.
Whats the advantage over using the TC NAT action?
Let me put it this way... “what is tc?”
- tc is a real black-box to most users;
lack of documentation (despite lartc.org efforts)
That should be fixed by writing documentation, not code :)
- act_nat only works like NETMAP, i.e.
on outgoing packets, you can only change the source addr
I guess it could be changed to support DNAT on outgoing packets
quite easily.
At which point I would be asking: why is tc trying to do the same
as netfilter mangling targets?
Well, true, it would be nice to be able to do this within
netfilter without TC actions. But adding a new chain to the
raw table is a high price, every new netfilter hooks costs
quite a bit of performance. Why not simply do this in the
mangle table? That will also make rerouting in OUTPUT work
as a side effect.
Another issue is IPv6 support. Everyone agrees that we don't
want to support IPv6 NAT. So this would have to be removed.
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
