On 09.11, Florian Westphal wrote: > Patrick McHardy <kaber@xxxxxxxxx> wrote: > > On 09.11, Florian Westphal wrote: > > > Patrick McHardy <kaber@xxxxxxxxx> wrote: > > > > So the main questions is basically, do we want to support stateless NAT? > > > > The downside is that we have to add protocol specific checksumming functions. > > > > > > For now i'm only be interested in mangling MAC addresses for nft bridge > > > to provide ebtables snat/dnat/redirect equivalents. > > > > I have not tested that, it probably needs some minor adjustments to skip > > checksum updates for NFT_PAYLOAD_LL_HEADER, but other than that, this will > > obviously work. > > For redirect we also need to alter skb->pkttype to PACKET_HOST. > > I can take care of this later if needed, I'd just need advice on > how to add this (meta statement?). Good point. I guess that would be the proper solution, I don't think we want to try to figure out whether an address is local in the payload module. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
