On Monday 2009-03-16 17:44, Patrick McHardy wrote: > Jan Engelhardt wrote: >> On Monday 2009-03-16 14:42, Patrick McHardy wrote: >> >>> Jan Engelhardt wrote: >>>> On Monday 2009-03-16 14:39, Patrick McHardy wrote: >>>> >>>>> We used to have ip_nat_range(_compat) for compatibility for that reason >>>>> IIRC. The kernel doesn't need anymore, so I think userspace should carry >>>>> a copy as long as ipt_SAME is still supported. >>>>> >>>> But that only makes it harder to keep files in sync :-/ >>> There is nothing to keep in sync, ipt_SAME doesn't exist in the kernel >>> anymore. And a structure kept purely to maintain compatibility with old >>> kernels will obviously never change. >>> >> All NAT modules -- libipt_DNAT, SNAT, MASQUERADE, NETMAP, REDIRECT -- >> use struct nf_nat_multi_range, which is also only in nf_nat.h. > > Indeed, that one should be exported. But in order to that is should > be moved to include/linux/netfilter instead of using include/net > includes in userspace. > I agree. If however it does not make it into 2.6.29 I would suggest going with the proposed iptables tree with a manually-copied nf_nat.h, though. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
