As an appendix to this patch, let me add a couple of points:
1) In the union,
> +union nf_conntrack_man_proto {
> + __be16 all;
> + __be16 port;
> + __be16 icmp_idnt;
> + __be16 gre_key;
> +};
I named the one member icmp_idnt to avoid a name collision with "#define
icmp_id ..." in <netinet/ip_icmp.h>. This causes problems in both
iptables and miniupnpd.
2) Pushing this down to iptables would require constructions like
range.min.tcp.port
to be replaced by
range.min.port
and similarly for range.max.tcp.port, in
extentions/libipt_{DNAT,MASQUERADE,NETMAP,REDIRECT,SAME,SNAT}.c
Of course, you would also replace
#include <net/netfilter/nf_nat.h>
with
#include <linux/netfilter/nf_nat.h>
and no longer need to ship
include/net/netfilter/{nf_nat.h,nf_conntrack_tuple.h}
with iptables.
I've tested both iptables and miniupnpd with these changes and no
problems. I'll provide a patch when the time comes.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
