Proposed netmap patch

Proposed netmap patch

[Gary W. Smith]

 
Hello, 
 
I'm not sure how to get this reviewed/applied so I'll just toss it to the list.  I had a need to use NETMAP but found it lacking the OUTPUT chain of the nat filter.  So I added it.  I have been running it for some time and it seems to work great.  Anyways, here is the patch that I used.  I found it useful.
 
If you would like to review this and possibly commit it to CVS then by all means...
 
Gary
 
 
--- linux-2.6.9.orig/net/ipv4/netfilter/ipt_NETMAP.c    2004-10-18 14:54:20.000000000 -0700
+++ linux-2.6.9/net/ipv4/netfilter/ipt_NETMAP.c 2005-04-15 10:31:44.719492104 -0700
@@ -46,7 +46,7 @@
                DEBUGP(MODULENAME":check: size %u.\n", targinfosize);
                return 0;
        }
-       if (hook_mask & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_POST_ROUTING))) {
+       if (hook_mask & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_POST_ROUTING) | (1 << NF_IP_LOCAL_OUT))) {
                DEBUGP(MODULENAME":check: bad hooks %x.\n", hook_mask);
                return 0;
        }
@@ -81,7 +81,7 @@
 
        netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip);
 
-       if (hooknum == NF_IP_PRE_ROUTING)
+       if (hooknum == NF_IP_PRE_ROUTING || hooknum == NF_IP_LOCAL_OUT)
                new_ip = (*pskb)->nh.iph->daddr & ~netmask;
        else
                new_ip = (*pskb)->nh.iph->saddr & ~netmask;
 

Re: Proposed netmap patch

[Jan Engelhardt]

>I had a need to use NETMAP but found it lacking the OUTPUT chain of the nat 
>filter.  So I added it.  I have been running it for some time and it seems to 
>work great.  Anyways, here is the patch that I used.  I found it useful.

There must have been a reason why it was originally not allowed in the OUTPUT 
chain, but I am not sure.

Re: Proposed netmap patch

[Herve Eychenne]

On Wed, Jul 13, 2005 at 12:32:51PM +0200, Jan Engelhardt wrote:

> >I had a need to use NETMAP but found it lacking the OUTPUT chain of the nat 
> >filter.  So I added it.  I have been running it for some time and it seems to 
> >work great.  Anyways, here is the patch that I used.  I found it useful.

> There must have been a reason why it was originally not allowed in the OUTPUT 
> chain, but I am not sure.

This has been discussed before:
http://lists.netfilter.org/pipermail/netfilter-devel/2005-April/019321.html

Conclusion: adding OUTPUT should be ok, but there seem to have been no
action so far.

 Herve

-- 
 _
(°=  Hervé Eychenne
//)
v_/_ WallFire project:  http://www.wallfire.org/

RE: Proposed netmap patch

[Gary W. Smith]

It seems to work.  I have been using it with 2.6.9 for some time now (a couple months anyway).



> -----Original Message-----
> From: Herve Eychenne [mailto:rv@wallfire.org]
> Sent: Wednesday, July 13, 2005 3:50 AM
> To: Jan Engelhardt
> Cc: Gary W. Smith; netfilter-devel@lists.netfilter.org
> Subject: Re: Proposed netmap patch
> 
> On Wed, Jul 13, 2005 at 12:32:51PM +0200, Jan Engelhardt wrote:
> 
> > >I had a need to use NETMAP but found it lacking the OUTPUT chain of the
> nat
> > >filter.  So I added it.  I have been running it for some time and it
> seems to
> > >work great.  Anyways, here is the patch that I used.  I found it
> useful.
> 
> > There must have been a reason why it was originally not allowed in the
> OUTPUT
> > chain, but I am not sure.
> 
> This has been discussed before:
> http://lists.netfilter.org/pipermail/netfilter-devel/2005-
> April/019321.html
> 
> Conclusion: adding OUTPUT should be ok, but there seem to have been no
> action so far.
> 
>  Herve
> 
> --
>  _
> (°=  Hervé Eychenne
> //)
> v_/_ WallFire project:  http://www.wallfire.org/

Re: Proposed netmap patch

[Patrick McHardy]

Gary W. Smith schrieb:
> I'm not sure how to get this reviewed/applied so I'll just toss it to the list.  I had a need to use NETMAP but found it lacking the OUTPUT chain of the nat filter.  So I added it.  I have been running it for some time and it seems to work great.  Anyways, here is the patch that I used.  I found it useful.
>  
> If you would like to review this and possibly commit it to CVS then by all means...

Thanks. If you give me a Signed-off-by: line I'll apply it.

Regards
Patrick

RE: Proposed netmap patch

[Gary W. Smith]

Signed-off-by: Gary Wayne Smith <gary.w.smith@primeexalia.com>

> -----Original Message-----
> From: Patrick McHardy [mailto:kaber@trash.net]
> Sent: Saturday, July 16, 2005 9:16 AM
> To: Gary W. Smith
> Cc: netfilter-devel@lists.netfilter.org
> Subject: Re: Proposed netmap patch
> 
> Gary W. Smith schrieb:
> > I'm not sure how to get this reviewed/applied so I'll just toss it
to
> the list.  I had a need to use NETMAP but found it lacking the OUTPUT
> chain of the nat filter.  So I added it.  I have been running it for
some
> time and it seems to work great.  Anyways, here is the patch that I
used.
> I found it useful.
> >
> > If you would like to review this and possibly commit it to CVS then
by
> all means...
> 
> Thanks. If you give me a Signed-off-by: line I'll apply it.
> 
> Regards
> Patrick
> 

Re: Proposed netmap patch

[Patrick McHardy]

[-- Attachment #1: Type: text/plain, Size: 247 bytes --]

Gary W. Smith schrieb:
> Signed-off-by: Gary Wayne Smith <gary.w.smith@primeexalia.com>

Applied, thanks. I've slightly modified it to break lines at 80
characters and changed the assertion to expect packets in LOCAL_OUT
as well.

Regards
Patrick

[-- Attachment #2: x --]
[-- Type: text/plain, Size: 1670 bytes --]

[NETFILTER]: Make NETMAP target usable in OUTPUT

Signed-off-by: Gary Wayne Smith <gary.w.smith@primeexalia.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit 420d86533d641723c1224eb6aed796fb5ea6c0d3
tree 4d03301180389c82220aba920703f68276f00d61
parent 01f7dc836da6aa4434d293671442bbc6d115d02f
author Patrick McHardy <kaber@trash.net> Sat, 16 Jul 2005 20:17:13
committer Gary Wayne Smith <gary.w.smith@primeexalia.com> Sat, 16 Jul 2005 20:17:13

 net/ipv4/netfilter/ipt_NETMAP.c |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c
--- a/net/ipv4/netfilter/ipt_NETMAP.c
+++ b/net/ipv4/netfilter/ipt_NETMAP.c
@@ -46,7 +46,8 @@ check(const char *tablename,
 		DEBUGP(MODULENAME":check: size %u.\n", targinfosize);
 		return 0;
 	}
-	if (hook_mask & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_POST_ROUTING))) {
+	if (hook_mask & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_POST_ROUTING) |
+	                  (1 << NF_IP_LOCAL_OUT))) {
 		DEBUGP(MODULENAME":check: bad hooks %x.\n", hook_mask);
 		return 0;
 	}
@@ -76,12 +77,13 @@ target(struct sk_buff **pskb,
 	struct ip_nat_range newrange;
 
 	IP_NF_ASSERT(hooknum == NF_IP_PRE_ROUTING
-		     || hooknum == NF_IP_POST_ROUTING);
+		     || hooknum == NF_IP_POST_ROUTING
+		     || hooknum == NF_IP_LOCAL_OUT);
 	ct = ip_conntrack_get(*pskb, &ctinfo);
 
 	netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip);
 
-	if (hooknum == NF_IP_PRE_ROUTING)
+	if (hooknum == NF_IP_PRE_ROUTING || hooknum == NF_IP_LOCAL_OUT)
 		new_ip = (*pskb)->nh.iph->daddr & ~netmask;
 	else
 		new_ip = (*pskb)->nh.iph->saddr & ~netmask;

Re: Proposed netmap patch

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 819 bytes --]

On Sat, Jul 16, 2005 at 08:18:48PM +0200, Patrick McHardy wrote:
> Gary W. Smith schrieb:
> >Signed-off-by: Gary Wayne Smith <gary.w.smith@primeexalia.com>
> 
> Applied, thanks. I've slightly modified it to break lines at 80
> characters and changed the assertion to expect packets in LOCAL_OUT
> as well.

Applied to where?  I couldn't find this patch in current net-2.6.14.

Was it rejectet or did it get lost?

> Regards
> Patrick
-- 
- Harald Welte <laforge@netfilter.org>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: Proposed netmap patch

[Patrick McHardy]

Harald Welte wrote:
> Applied to where?  I couldn't find this patch in current net-2.6.14.
> 
> Was it rejectet or did it get lost?

No, I have it in a local tree with a couple of other unimportant
patches. I'll push it this weekend.

Re: Proposed netmap patch

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 716 bytes --]

On Fri, Aug 12, 2005 at 04:23:23PM +0200, Patrick McHardy wrote:
> Harald Welte wrote:
> > Applied to where?  I couldn't find this patch in current net-2.6.14.
> > 
> > Was it rejectet or did it get lost?
> 
> No, I have it in a local tree with a couple of other unimportant
> patches. I'll push it this weekend.

Ok, great. Thanks.

-- 
- Harald Welte <laforge@netfilter.org>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]