[NETFILTER 00/05]: updated nf_nat patch

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: kadlec@blackhole.kfki.hu
Cc: netfilter-devel@lists.netfilter.org, Patrick McHardy <kaber@trash.net>
Subject: [NETFILTER 00/05]: updated nf_nat patch
Date: Fri,  3 Nov 2006 17:46:24 +0100 (MET)	[thread overview]
Message-ID: <20061103164836.15103.46291.sendpatchset@localhost.localdomain> (raw)

I've updated your nf_nat patch to apply on top of Martin's patches
(on top of the current git tree) and merged the changes we had in
IPv4 NAT since then.

I've also reviewed the patch a bit, the main problem I found so
far is the nf_conntrack allocation scheme, which requires all
features to be known at creation time, so it doesn't allow
nf_conntrack_alter_reply to assign a helper to a connection
that previously didn't have one (same problem for helpers
like H.323 which manually assign helpers in their expectfns).

Other than that it seems (and works) fine so far, if we find
a good solution for the helper problem I would like to merge
this as fast as possible if you don't have any objections.


 include/linux/netfilter/nf_conntrack_ftp.h     |    6 
 include/net/netfilter/ipv4/nf_conntrack_ipv4.h |   20 
 include/net/netfilter/nf_conntrack.h           |   28 
 include/net/netfilter/nf_conntrack_core.h      |    3 
 include/net/netfilter/nf_conntrack_expect.h    |    2 
 include/net/netfilter/nf_nat.h                 |   88 ++-
 include/net/netfilter/nf_nat_core.h            |   34 +
 include/net/netfilter/nf_nat_helper.h          |   33 +
 include/net/netfilter/nf_nat_protocol.h        |   74 ++
 include/net/netfilter/nf_nat_rule.h            |   38 +
 net/ipv4/netfilter/Kconfig                     |   73 +-
 net/ipv4/netfilter/Makefile                    |   12 
 net/ipv4/netfilter/ipt_MASQUERADE.c            |   29 -
 net/ipv4/netfilter/ipt_NETMAP.c                |    4 
 net/ipv4/netfilter/ipt_REDIRECT.c              |    6 
 net/ipv4/netfilter/ipt_SAME.c                  |   12 
 net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c |    7 
 net/ipv4/netfilter/nf_nat_core.c               |  725 +++++++++++++++++++++++--
 net/ipv4/netfilter/nf_nat_ftp.c                |  192 ++++++
 net/ipv4/netfilter/nf_nat_helper.c             |  531 +++++++++++++++++-
 net/ipv4/netfilter/nf_nat_proto_icmp.c         |   99 +++
 net/ipv4/netfilter/nf_nat_proto_tcp.c          |  168 +++++
 net/ipv4/netfilter/nf_nat_proto_udp.c          |  159 +++++
 net/ipv4/netfilter/nf_nat_proto_unknown.c      |   55 +
 net/ipv4/netfilter/nf_nat_rule.c               |  349 +++++++++++-
 net/ipv4/netfilter/nf_nat_standalone.c         |  428 ++++++++++++++
 net/netfilter/Kconfig                          |   47 +
 net/netfilter/nf_conntrack_core.c              |   20 
 net/netfilter/nf_conntrack_netlink.c           |   48 -
 net/netfilter/nf_conntrack_proto_tcp.c         |    2 
 net/netfilter/nf_conntrack_standalone.c        |    5 
 31 files changed, 3096 insertions(+), 201 deletions(-)

Patrick McHardy:
      [NETFILTER]: The IPv4 NAT ported to nf_conntrack
      [NETFILTER]: nf_nat: get rid of HW checksum invalidation
      [NETFILTER]: nf_nat: use tcp_sack_block_wire
      [NETFILTER]: nf_nat: NAT annotations
      [NETFILTER]: nf_nat: work around crash in nf_conntrack_alter_reply

next             reply	other threads:[~2006-11-03 16:46 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-11-03 16:46 Patrick McHardy [this message]
2006-11-03 16:46 ` [NETFILTER 02/05]: nf_nat: get rid of HW checksum invalidation Patrick McHardy
2006-11-03 16:46 ` [NETFILTER 03/05]: nf_nat: use tcp_sack_block_wire Patrick McHardy
2006-11-03 16:46 ` [NETFILTER 04/05]: nf_nat: NAT annotations Patrick McHardy
2006-11-03 16:46 ` [NETFILTER 05/05]: nf_nat: work around crash in nf_conntrack_alter_reply Patrick McHardy
     [not found] ` <20061103164838.15103.49138.sendpatchset@localhost.localdomain>
2006-11-03 16:49   ` [NETFILTER 01/05]: The IPv4 NAT ported to nf_conntrack Patrick McHardy
2006-11-03 17:34 ` [NETFILTER 00/05]: updated nf_nat patch Yasuyuki KOZAKAI
2006-11-03 20:46 ` Jozsef Kadlecsik
     [not found] ` <200611031734.kA3HYkG6010739@toshiba.co.jp>
2006-11-03 21:03   ` Jozsef Kadlecsik
2006-11-04  3:30     ` Yasuyuki KOZAKAI

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20061103164836.15103.46291.sendpatchset@localhost.localdomain \
    --to=kaber@trash.net \
    --cc=kadlec@blackhole.kfki.hu \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.