Hi Jan, Am Mittwoch, 6. Oktober 2010, um 20:01:11 schrieb Jan Engelhardt: [...snip...] > And.. I take it you want a review? No - I'm only interested in a working solution. Of course, I take what I can get to make it better if required. > - NAT, even if NAT66, still interferes with ETE connectivity. Think > FTP-SSL connections. That may not be your problem, but it's the Working > Group's and the Draft's. Yes - there are protocols that rely on addresses such as SIP, active FTP etc. I don't plan to add NAT helpers for them, thats pointless somehow. > - I would recommend using Xtables-addons to unclutter the source code > from the #ifdef hackery. Most if it can be removed, since it does not > look like you tested with Linux kernels earlier than 2.6.22 anyway. > > - Conntrack will be confused because you change the packets' addresses > while packets are in conntrack's domain. (In essence it will lead to > state matching being nonfunctional if I am not mistaken because it sees > two different tuples.) Aha. Thanks for the tips. I'll try to dive in. This is my first netfilter addon and I don't think I'll write another in this live. > - There are pointless casts from/to void* That's for kernel-2.4: The target firmware uses that old kernel for Flash space reasons. Only 1.75 Mb Flash and 8 Mb RAM. > - You should document what MAP66_lock is protecting. OK. They lock printk()s on SMP. Unnecessary without #DEBUG Again, thank you very much, // Sven-Ola -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
