From: Pablo Neira Ayuso <pablo@netfilter.org>
To: "Anthony G. Basile" <basile@opensource.dyc.edu>
Cc: davem@davemloft.net, kaber@trash.net, blueness@gentoo.org,
gurligebis@gentoo.org, base-system@gentoo.org, kernel@gentoo.org,
toolchain@gentoo.org, mchehab@redhat.com, hverkuil@xs4all.nl,
laurent.pinchart@ideasonboard.com, arnd@arndb.de,
eparis@redhat.com, netfilter-devel@vger.kernel.org
Subject: Re: [PATCH] netfilter: install nf_nat.h and nf_conntrack_tuple.h to INSTALL_HDR_PATH
Date: Mon, 12 Sep 2011 10:38:39 +0200 [thread overview]
Message-ID: <20110912083839.GA2017@1984> (raw)
In-Reply-To: <1315527377-28528-1-git-send-email-basile@opensource.dyc.edu>
Hi Anthony,
Thanks for taking the time to fix this. Some comments:
On Thu, Sep 08, 2011 at 08:16:17PM -0400, Anthony G. Basile wrote:
> diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild
> index a1b410c..e9ee3eb 100644
> --- a/include/linux/netfilter/Kbuild
> +++ b/include/linux/netfilter/Kbuild
> @@ -5,6 +5,8 @@ header-y += nf_conntrack_ftp.h
> header-y += nf_conntrack_sctp.h
> header-y += nf_conntrack_tcp.h
> header-y += nf_conntrack_tuple_common.h
> +header-y += nf_conntrack_tuple.h
I think exporting nf_conntrack_tuple.h is too much, let me suggest
some alternative.
> +header-y += nf_nat.h
> header-y += nfnetlink.h
> header-y += nfnetlink_compat.h
> header-y += nfnetlink_conntrack.h
> diff --git a/include/linux/netfilter/nf_nat.h b/include/linux/netfilter/nf_nat.h
> new file mode 100644
> index 0000000..73c1946
> --- /dev/null
> +++ b/include/linux/netfilter/nf_nat.h
> @@ -0,0 +1,52 @@
> +#ifndef _NF_NAT_H
> +#define _NF_NAT_H
> +#include <linux/netfilter_ipv4.h>
> +#include <linux/netfilter/nf_conntrack_tuple.h>
> +
> +#define NF_NAT_MAPPING_TYPE_MAX_NAMELEN 16
> +
> +enum nf_nat_manip_type {
> + IP_NAT_MANIP_SRC,
> + IP_NAT_MANIP_DST
> +};
> +
> +/* SRC manip occurs POST_ROUTING or LOCAL_IN */
> +#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \
> + (hooknum) != NF_INET_LOCAL_IN)
> +
> +#define IP_NAT_RANGE_MAP_IPS 1
> +#define IP_NAT_RANGE_PROTO_SPECIFIED 2
> +#define IP_NAT_RANGE_PROTO_RANDOM 4
> +#define IP_NAT_RANGE_PERSISTENT 8
> +
> +/* NAT sequence number modifications */
> +struct nf_nat_seq {
> + /* position of the last TCP sequence number modification (if any) */
> + u_int32_t correction_pos;
> +
> + /* sequence number offset before and after last modification */
> + int16_t offset_before, offset_after;
> +};
> +
> +/* Single range specification. */
> +struct nf_nat_range {
> + /* Set to OR of flags above. */
> + unsigned int flags;
> +
> + /* Inclusive: network order. */
> + __be32 min_ip, max_ip;
> +
> + /* Inclusive: network order */
> + union nf_conntrack_man_proto min, max;
Better replace union nf_conntrack_man_proto by __be16, we don't break
binary compatibility and we don't need to export the whole tuple
definitions.
next prev parent reply other threads:[~2011-09-12 8:38 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-09 0:16 [PATCH] netfilter: install nf_nat.h and nf_conntrack_tuple.h to INSTALL_HDR_PATH Anthony G. Basile
2011-09-12 8:38 ` Pablo Neira Ayuso [this message]
2011-09-12 9:19 ` Pablo Neira Ayuso
2011-09-20 15:33 ` Anthony G. Basile
2011-09-28 21:37 ` Pablo Neira Ayuso
2011-09-29 21:03 ` Anthony G. Basile
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110912083839.GA2017@1984 \
--to=pablo@netfilter.org \
--cc=arnd@arndb.de \
--cc=base-system@gentoo.org \
--cc=basile@opensource.dyc.edu \
--cc=blueness@gentoo.org \
--cc=davem@davemloft.net \
--cc=eparis@redhat.com \
--cc=gurligebis@gentoo.org \
--cc=hverkuil@xs4all.nl \
--cc=kaber@trash.net \
--cc=kernel@gentoo.org \
--cc=laurent.pinchart@ideasonboard.com \
--cc=mchehab@redhat.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=toolchain@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.