From: Patrick McHardy <kaber@trash.net>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: Martin Josefsson <gandalf@mjufs.se>,
Andrew Morton <akpm@linux-foundation.org>,
netdev@vger.kernel.org, bugme-daemon@bugzilla.kernel.org,
berni@birkenwald.de, netfilter-devel@vger.kernel.org
Subject: Re: [Bugme-new] [Bug 12954] New: SAMEIP --nodst functionality gone missing
Date: Wed, 15 Apr 2009 14:35:58 +0200 [thread overview]
Message-ID: <49E5D4AE.3040203@trash.net> (raw)
In-Reply-To: <alpine.LSU.2.00.0904151421070.11961@fbirervta.pbzchgretzou.qr>
[-- Attachment #1: Type: text/plain, Size: 559 bytes --]
Jan Engelhardt wrote:
> On Wednesday 2009-04-15 14:13, Patrick McHardy wrote:
>> Jan Engelhardt wrote:
>>> On Wednesday 2009-04-15 13:53, Patrick McHardy wrote:
>>>
>>>> How about this patch? If the IP_NAT_RANGE_PERSISTENT flag is set
>>>> on a NAT range, we ignore the destination address in the selection.
>>> But where do you set IP_NAT_RANGE_PERSISTENT? (It seems like a dead
>>> feature right now.)
>> In userspace of course :)
>
> Ah I hear the crisp sound of an upcoming iptables 1.4.4.
In a while :)
This is the corresponding userspace patch:
[-- Attachment #2: nat.diff --]
[-- Type: text/x-patch, Size: 3211 bytes --]
diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c
index b5f8028..dc79b44 100644
--- a/extensions/libipt_DNAT.c
+++ b/extensions/libipt_DNAT.c
@@ -27,12 +27,13 @@ static void DNAT_help(void)
"DNAT target options:\n"
" --to-destination <ipaddr>[-<ipaddr>][:port-port]\n"
" Address to map destination to.\n"
-"[--random]\n");
+"[--random] [--persistent]\n");
}
static const struct option DNAT_opts[] = {
{ "to-destination", 1, NULL, '1' },
{ "random", 0, NULL, '2' },
+ { "persistent", 0, NULL, '3' },
{ .name = NULL }
};
@@ -178,6 +179,11 @@ static int DNAT_parse(int c, char **argv, int invert, unsigned int *flags,
} else
*flags |= IPT_DNAT_OPT_RANDOM;
return 1;
+
+ case '3':
+ info->mr.range[0].flags |= IP_NAT_RANGE_PERSISTENT;
+ return 1;
+
default:
return 0;
}
@@ -222,6 +228,8 @@ static void DNAT_print(const void *ip, const struct xt_entry_target *target,
printf(" ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
printf("random ");
+ if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
+ printf("persistent ");
}
}
@@ -236,6 +244,8 @@ static void DNAT_save(const void *ip, const struct xt_entry_target *target)
printf(" ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
printf("--random ");
+ if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
+ printf("--persistent ");
}
}
diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c
index 944fe67..762d8d0 100644
--- a/extensions/libipt_SNAT.c
+++ b/extensions/libipt_SNAT.c
@@ -27,12 +27,13 @@ static void SNAT_help(void)
"SNAT target options:\n"
" --to-source <ipaddr>[-<ipaddr>][:port-port]\n"
" Address to map source to.\n"
-"[--random]\n");
+"[--random] [ --persistent]\n");
}
static const struct option SNAT_opts[] = {
{ "to-source", 1, NULL, '1' },
{ "random", 0, NULL, '2' },
+ { "perstistent", 0, NULL, '3' },
{ .name = NULL }
};
@@ -179,6 +180,10 @@ static int SNAT_parse(int c, char **argv, int invert, unsigned int *flags,
*flags |= IPT_SNAT_OPT_RANDOM;
return 1;
+ case '3':
+ info->mr.range[0].flags |= IP_NAT_RANGE_PERSISTENT;
+ return 1;
+
default:
return 0;
}
@@ -223,6 +228,8 @@ static void SNAT_print(const void *ip, const struct xt_entry_target *target,
printf(" ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
printf("random ");
+ if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
+ printf("persistent ");
}
}
@@ -237,6 +244,8 @@ static void SNAT_save(const void *ip, const struct xt_entry_target *target)
printf(" ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
printf("--random ");
+ if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
+ printf("--persistent ");
}
}
diff --git a/include/net/netfilter/nf_nat.h b/include/net/netfilter/nf_nat.h
index 094473e..c3e2060 100644
--- a/include/net/netfilter/nf_nat.h
+++ b/include/net/netfilter/nf_nat.h
@@ -18,6 +18,7 @@ enum nf_nat_manip_type
#define IP_NAT_RANGE_MAP_IPS 1
#define IP_NAT_RANGE_PROTO_SPECIFIED 2
#define IP_NAT_RANGE_PROTO_RANDOM 4
+#define IP_NAT_RANGE_PERSISTENT 8
/* NAT sequence number modifications */
struct nf_nat_seq {
next prev parent reply other threads:[~2009-04-15 12:35 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <bug-12954-10286@http.bugzilla.kernel.org/>
2009-04-07 21:35 ` [Bugme-new] [Bug 12954] New: SAMEIP --nodst functionality gone missing Andrew Morton
2009-04-08 8:03 ` Martin Josefsson
2009-04-08 15:32 ` Patrick McHardy
2009-04-15 11:53 ` Patrick McHardy
2009-04-15 12:10 ` Jan Engelhardt
2009-04-15 12:13 ` Patrick McHardy
2009-04-15 12:21 ` Jan Engelhardt
2009-04-15 12:35 ` Patrick McHardy [this message]
2009-04-17 16:16 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49E5D4AE.3040203@trash.net \
--to=kaber@trash.net \
--cc=akpm@linux-foundation.org \
--cc=berni@birkenwald.de \
--cc=bugme-daemon@bugzilla.kernel.org \
--cc=gandalf@mjufs.se \
--cc=jengelh@medozas.de \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.