Hi,
The following patchset adds netmap support for nftables.
Patch #1 Remove the 128-bit limitation on the set element data area.
Rise it up to 64 bytes maximum.
Patch #2 Return EOPNOTSUPP in case NAT type or flags are not supported.
Patch #3 Initialize NAT flags from control plane.
Patch #4 Add helper functions to set up NAT address and protocol
Patch #5 Add netmap support.
The following example enables source netmap using the 192.168.3.0/24
network address:
table ip x {
chain y {
type nat hook postrouting priority srcnat; policy accept;
snat ip prefix to 192.168.3.0/24
}
}
You can also combine it with maps:
table ip x {
chain y {
type nat hook postrouting priority srcnat; policy accept;
snat ip prefix to ip saddr map { 192.168.2.0/24 : 192.168.3.0/24 }
}
}
Comments welcome.
Thanks.
Pablo Neira Ayuso (5):
netfilter: nf_tables: allow up to 64 bytes in the set element data area
netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported
netfilter: nft_nat: set flags from initialization path
netfilter: nft_nat: add helper function to set up NAT address and protocol
netfilter: nft_nat: add netmap support
include/net/netfilter/nf_tables.h | 4 +
include/uapi/linux/netfilter/nf_nat.h | 4 +-
net/netfilter/nf_tables_api.c | 38 ++++++---
net/netfilter/nft_nat.c | 110 ++++++++++++++++++++------
4 files changed, 117 insertions(+), 39 deletions(-)
--
2.20.1
