Hi Patrick, On Thu, Jul 03, 2014 at 02:23:20PM +0200, Patrick McHardy wrote: > On 1. Juli 2014 18:30:54 MESZ, Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx> wrote: > >Let's refactor the code so we can reach the masquerade functionality > >from > >outside the xt context (ie, nftables). > > > >The patch includes adding an atomic counter to the masquerade notifier: > >the > >stuff to be done by the notifier is the same in any case, and agnostic > >about who called it. Only one notification handler is needed. > > > >This factorization only involves IPv4; a similar patch will follow to > >handle > >IPv6. > > Just a suggestion, the NAT support is parameterizable at runtime. > An alternative would be an expression to load the local address. That seems quite natural way to make it without requiring kernel changes, I like it. The only problem that I see is that I don't come up with a way to handle the conntrack cleanup case that needs to happen if the interface is brought down with this approach. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
