The following patch adds support for payload mangling. It supports updating all fields except those included in pseudo headers since it only supports a single checksum update operation. So it can not be used for stateless NAT. Checksum updates currently only support internet checksums and assume the mangled data is actually covered by the checksum. Userspace only allows use for these protocols. So the main questions is basically, do we want to support stateless NAT? The downside is that we have to add protocol specific checksumming functions. Patrick McHardy (1): netfilter: nft_payload: add packet mangling support include/net/netfilter/nf_tables_core.h | 1 + include/uapi/linux/netfilter/nf_tables.h | 4 ++ net/netfilter/nft_payload.c | 116 +++++++++++++++++++++++++++++-- 3 files changed, 115 insertions(+), 6 deletions(-) -- 2.5.0 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
