From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Patrick McHardy <kaber@trash.net>
Cc: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>,
netfilter-devel@vger.kernel.org
Subject: Re: [linux PATCH v3 2/5] netfilter: nf_nat_masquerade_ipv4: code factorization
Date: Fri, 4 Jul 2014 12:41:44 +0200 [thread overview]
Message-ID: <20140704104144.GA6296@localhost> (raw)
In-Reply-To: <698ea380-0754-47de-a4a1-9023ebf8388c@email.android.com>
Hi Patrick,
On Thu, Jul 03, 2014 at 02:23:20PM +0200, Patrick McHardy wrote:
> On 1. Juli 2014 18:30:54 MESZ, Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> wrote:
> >Let's refactor the code so we can reach the masquerade functionality
> >from
> >outside the xt context (ie, nftables).
> >
> >The patch includes adding an atomic counter to the masquerade notifier:
> >the
> >stuff to be done by the notifier is the same in any case, and agnostic
> >about who called it. Only one notification handler is needed.
> >
> >This factorization only involves IPv4; a similar patch will follow to
> >handle
> >IPv6.
>
> Just a suggestion, the NAT support is parameterizable at runtime.
> An alternative would be an expression to load the local address.
That seems quite natural way to make it without requiring kernel
changes, I like it. The only problem that I see is that I don't come
up with a way to handle the conntrack cleanup case that needs to
happen if the interface is brought down with this approach.
next prev parent reply other threads:[~2014-07-04 10:41 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-01 16:29 [linux PATCH v3 0/5] NAT updates for nf_tables Arturo Borrero Gonzalez
2014-07-01 16:30 ` [linux PATCH v3 1/5] netfilter: nft_nat: include a flag attribute Arturo Borrero Gonzalez
2014-07-01 16:30 ` [linux PATCH v3 2/5] netfilter: nf_nat_masquerade_ipv4: code factorization Arturo Borrero Gonzalez
2014-07-03 12:23 ` Patrick McHardy
2014-07-04 10:41 ` Pablo Neira Ayuso [this message]
2014-07-01 16:31 ` [linux PATCH v3 3/5] netfilter: nf_nat_masquerade_ipv6: " Arturo Borrero Gonzalez
2014-07-01 16:32 ` [linux PATCH v3 4/5] netfilter: nft_nat: split code in AF parts Arturo Borrero Gonzalez
2014-07-01 16:33 ` [linux PATCH v3 5/5] netfilter: nft_nat: add masquerade support Arturo Borrero Gonzalez
2014-07-25 16:48 ` [linux PATCH v3 0/5] NAT updates for nf_tables Pablo Neira Ayuso
2014-07-25 16:54 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140704104144.GA6296@localhost \
--to=pablo@netfilter.org \
--cc=arturo.borrero.glez@gmail.com \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.