On Thu, Sep 04, 2014 at 01:21:51PM +0100, Patrick McHardy wrote: > On Thu, Sep 04, 2014 at 02:07:21PM +0200, Arturo Borrero Gonzalez wrote: > > This patch adds masquerade support to nft_nat. > > > > Note that enum nf_nat_manip_type is replaced by enum nft_nat_types in order > > to support masquerade. > > Is it really worth combining them? We have lots of code churn to move > them into a single module, and static NAT and masquerading have some > fundamental differences in the data they need, so now we're adding > new code to validate all of this, we're adding a new NAT type which > is actually not a new NAT type but simply a special case of SNAT etc. > > Why not simply create a new masquerade expression? Indeed. We're going to have four unused fields in the nft_nat expression: + enum nft_registers sreg_addr_min:8; + enum nft_registers sreg_addr_max:8; + enum nft_registers sreg_proto_min:8; + enum nft_registers sreg_proto_max:8; And we can skip the nft_nat per family split that happens in patch 4/5. I like the idea of the masquerade expression. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
