On Wednesday 2010-10-06 18:42, Sven-Ola Tuecke wrote: > >Re: Announcement: MAP66 extension for ip6tables For a moment that read like a Doom2 extension... ;-) >Hey, > >FYI: just finished the readme for a netfilter IPv6-to-IPv6 address mapping >target - time to say hello. Netfilter extension should compile from >iptables-1.3.3++ and the kernel module with kernel-2.4.30 until kernel-2.6.32. >Extension module status is beta, that is: a first test installation works fine. >License is GPL2. Project and Readme are here: > >http://map66.sf.net >http://map66.svn.sourceforge.net/viewvc/map66/README.html And.. I take it you want a review? - NAT, even if NAT66, still interferes with ETE connectivity. Think FTP-SSL connections. That may not be your problem, but it's the Working Group's and the Draft's. - I would recommend using Xtables-addons to unclutter the source code from the #ifdef hackery. Most if it can be removed, since it does not look like you tested with Linux kernels earlier than 2.6.22 anyway. - Conntrack will be confused because you change the packets' addresses while packets are in conntrack's domain. (In essence it will lead to state matching being nonfunctional if I am not mistaken because it sees two different tuples.) - There are pointless casts from/to void* - You should document what MAP66_lock is protecting. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
