[linux PATCH v2 0/5] NAT updates for nf_tables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The following series implements some updates for NAT in nf_tables.

First of all, I add a new flag attribute to allow clients of nft_nat to
specify additional config flags. This enables implementing port randomization
and persistence to be set from nft.

Two patches split the masquerade code from ip[6]t_MASQUERADE.c to generic
modules, so we can use this NAT type from nft_nat.

Then, the nft_nat code is splitted in AF specific parts, so we avoid potential
dependencies regarding AF specific symbols in the last patch.

The last patch finally implements masquerade for nft_nat.

This v2 series includes some fixes and additionals checks, as requested
by Florian Westphal.

Comments are welcomed.
---

Arturo Borrero Gonzalez (5):
      netfilter: nft_nat: include a flag attribute
      netfilter: nf_nat_masquerade_ipv4: code factorization
      netfilter: nf_nat_masquerade_ipv6: code factorization
      netfilter: nft_nat: split code in AF parts
      netfilter: nft_nat: add masquerade support


 .../net/netfilter/ipv4/nf_nat_masquerade_ipv4.h    |   14 ++
 .../net/netfilter/ipv6/nf_nat_masquerade_ipv6.h    |   10 +
 include/net/netfilter/nft_nat.h                    |   20 ++
 include/uapi/linux/netfilter/nf_nat.h              |    5 +
 include/uapi/linux/netfilter/nf_tables.h           |   10 +
 net/ipv4/netfilter/Kconfig                         |   14 ++
 net/ipv4/netfilter/Makefile                        |    2 
 net/ipv4/netfilter/ipt_MASQUERADE.c                |  108 +------------
 net/ipv4/netfilter/nf_nat_masquerade_ipv4.c        |  155 ++++++++++++++++++
 net/ipv4/netfilter/nft_nat_ipv4.c                  |  165 ++++++++++++++++++++
 net/ipv6/netfilter/Kconfig                         |   14 ++
 net/ipv6/netfilter/Makefile                        |    2 
 net/ipv6/netfilter/ip6t_MASQUERADE.c               |   76 +--------
 net/ipv6/netfilter/nf_nat_masquerade_ipv6.c        |  121 ++++++++++++++
 net/ipv6/netfilter/nft_nat_ipv6.c                  |  164 ++++++++++++++++++++
 net/netfilter/nft_nat.c                            |  168 +++-----------------
 16 files changed, 735 insertions(+), 313 deletions(-)
 create mode 100644 include/net/netfilter/ipv4/nf_nat_masquerade_ipv4.h
 create mode 100644 include/net/netfilter/ipv6/nf_nat_masquerade_ipv6.h
 create mode 100644 include/net/netfilter/nft_nat.h
 create mode 100644 net/ipv4/netfilter/nf_nat_masquerade_ipv4.c
 create mode 100644 net/ipv4/netfilter/nft_nat_ipv4.c
 create mode 100644 net/ipv6/netfilter/nf_nat_masquerade_ipv6.c
 create mode 100644 net/ipv6/netfilter/nft_nat_ipv6.c

-- 
Arturo Borrero Gonzalez
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux