On 30 October 2014 17:25, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > On Thu, Oct 16, 2014 at 12:41:19PM +0200, Arturo Borrero Gonzalez wrote: >> This patch adds redirect support for nft. >> >> The syntax is: >> >> % nft add rule nat prerouting redirect [port|nat_flags] > > I prefer if you add a couple of valid examples to the patch > description. This won't work as the protocol is not specified. > > There's also some minor issues with this patch: > > % nft add rule nat prerouting redirect > Memory allocation failure > > Please, address and resubmit, thanks Arturo. Hi Pablo, I've take further look at this patch. I don't see any issue. As masquerade, I think redirect without protocol should work. I just tested again the patch with ICMP packets and the redirection simply works. I used tcpdump for the checks. The rule I used is the same as in the patch description. Regarding the memory allocation failure, I'm unable to find the issue. Do you think is related to this patch? I just added thousands of redirect rules in both IPv4 and IPv6 with no failures nor leakages reported by valgrind. I would request you a bit more info, please. regards. -- Arturo Borrero González -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
