As soon as we've removed the SAME target, I got some complaints
from users that not only need persistent IPs when talking to the
same destination, but for all destinations, which NAT currently
doesn't provide.
I don't want to resurrect the SAME target because of the 32/64bit
compat problems it had, it would be better to handle this in the
NAT core. The IP is currently determined by hashing the source and
destinations IPs and mapping the hash to the NAT range:
minip = ntohl(range->min_ip);
maxip = ntohl(range->max_ip);
j = jhash_2words((__force u32)tuple->src.u3.ip,
(__force u32)tuple->dst.u3.ip, 0);
j = ((u64)j * (maxip - minip + 1)) >> 32;
*var_ipp = htonl(minip + j);
We have two options:
- add a flag to the NAT range to ignore the destination
IP for SNAT
- always ignore the destination IP for SNAT
I personally prefer the second option since it results in more
consistency and avoids adding new a option. I'm can't think
of a reason why we would need to include the destination for
SNAT, using jhash should result in good distribution anyway,
but I might be missing something.
Any opinions?
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
