From: Stephen Clark <sclark46@earthlink.net>
To: kaber@trash.net
Cc: netfilter-devel@vger.kernel.org, netdev@vger.kernel.org,
ulrich.weber@sophos.com
Subject: Re: [RFC PATCH 00/18] netfilter: IPv6 NAT
Date: Mon, 28 Nov 2011 12:14:28 -0500 [thread overview]
Message-ID: <4ED3C174.9030302@earthlink.net> (raw)
In-Reply-To: <1322153850-10533-1-git-send-email-kaber@trash.net>
On 11/24/2011 11:57 AM, kaber@trash.net wrote:
> The following patches contain the updated IPv6 NAT patchset forward ported
> to 3.2-rc3. Changes since last posting:
>
> - Layer 4 protocol registration has been fixed to work properly with modular
> layer 4 protocol modules
>
> - an inverted condition in the ip6t_NETMAP checkentry function causing
> rule addition to always fail has been fixed
>
> - use of HH_DATA_ALIGN in IPv6 headroom reallocation after rerouting to fix
> unaligned data access on Tile, as suggested by Eric
>
> - nla_policy fix has been moved to a separate patch
>
> The patchset is also available at:
>
> git://github.com/kaber/nf-nat-ipv6.git master
>
> Last open point is IPv6 fragmentation handling, I'll implement my suggested
> method of storing the biggest fragment size seen during reassembly in the CB
> and using that as a hard limit during refragmentation over the weekend.
>
>
> Patrick McHardy (18):
> netfilter: nf_nat: export NAT definitions to userspace
> netfilter: nf_nat: use hash random for bysource hash
> netfilter: nf_nat: add missing nla_policy entry for CTA_NAT_PROTO attribute
> netfilter: nat: remove module reference counting from NAT protocols
> netfilter: nf_nat: remove obsolete code from nf_nat_icmp_reply_translation()
> netfilter: nf_nat: remove obsolete check in nf_nat_mangle_udp_packet()
> netfilter: ctnetlink: remove dead NAT code
> netfilter: conntrack: restrict NAT helper invocation to IPv4
> netfilter: nf_nat: add protoff argument to packet mangling functions
> netfilter: add protocol independant NAT core
> netfilter: ipv6: expand skb head in ip6_route_me_harder after oif change
> net: core: add function for incremental IPv6 pseudo header checksum updates
> netfilter: ipv6: add IPv6 NAT support
> netfilter: ip6tables: add MASQUERADE target
> netfilter: ip6tables: add REDIRECT target
> netfilter: ip6tables: add NETMAP target
> netfilter: nf_nat: support IPv6 in FTP NAT helper
> netfilter: nf_nat: support IPv6 in amanda NAT helper
>
> include/linux/netfilter.h | 14 +-
> include/linux/netfilter/Kbuild | 1 +
> include/linux/netfilter/nf_conntrack_amanda.h | 1 +
> include/linux/netfilter/nf_conntrack_ftp.h | 1 +
> include/linux/netfilter/nf_conntrack_h323.h | 15 +-
> include/linux/netfilter/nf_conntrack_irc.h | 1 +
> include/linux/netfilter/nf_conntrack_pptp.h | 2 +
> include/linux/netfilter/nf_conntrack_sip.h | 12 +-
> .../linux/netfilter/nf_conntrack_tuple_common.h | 27 +
> include/linux/netfilter/nf_nat.h | 33 +
> include/linux/netfilter/nfnetlink_conntrack.h | 8 +-
> include/linux/netfilter_ipv4.h | 1 -
> include/linux/netfilter_ipv4/Kbuild | 1 -
> include/linux/netfilter_ipv4/nf_nat.h | 58 --
> include/net/addrconf.h | 2 +-
> include/net/checksum.h | 3 +
> include/net/netfilter/nf_conntrack_expect.h | 2 +-
> include/net/netfilter/nf_conntrack_tuple.h | 1 -
> include/net/netfilter/nf_nat.h | 8 +-
> include/net/netfilter/nf_nat_core.h | 7 +-
> include/net/netfilter/nf_nat_helper.h | 11 +-
> include/net/netfilter/nf_nat_l3proto.h | 52 ++
> include/net/netfilter/nf_nat_l4proto.h | 72 +++
> include/net/netfilter/nf_nat_protocol.h | 74 ---
> include/net/netfilter/nf_nat_rule.h | 15 -
> include/net/netns/conntrack.h | 4 +
> include/net/netns/ipv4.h | 2 -
> include/net/netns/ipv6.h | 1 +
> net/core/secure_seq.c | 1 +
> net/core/utils.c | 20 +
> net/ipv4/netfilter.c | 37 --
> net/ipv4/netfilter/Kconfig | 67 +--
> net/ipv4/netfilter/Makefile | 13 +-
> net/ipv4/netfilter/ipt_MASQUERADE.c | 26 +-
> net/ipv4/netfilter/ipt_NETMAP.c | 21 +-
> net/ipv4/netfilter/ipt_REDIRECT.c | 23 +-
> .../{nf_nat_standalone.c => iptable_nat.c} | 266 ++++-----
> net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 8 +-
> net/ipv4/netfilter/nf_nat_h323.c | 83 ++--
> net/ipv4/netfilter/nf_nat_irc.c | 4 +-
> net/ipv4/netfilter/nf_nat_l3proto_ipv4.c | 281 +++++++++
> net/ipv4/netfilter/nf_nat_pptp.c | 31 +-
> net/ipv4/netfilter/nf_nat_proto_common.c | 126 ----
> net/ipv4/netfilter/nf_nat_proto_gre.c | 36 +-
> net/ipv4/netfilter/nf_nat_proto_icmp.c | 26 +-
> net/ipv4/netfilter/nf_nat_rule.c | 214 -------
> net/ipv4/netfilter/nf_nat_sip.c | 121 ++--
> net/ipv4/netfilter/nf_nat_tftp.c | 1 -
> net/ipv6/addrconf.c | 2 +-
> net/ipv6/netfilter.c | 8 +
> net/ipv6/netfilter/Kconfig | 48 ++
> net/ipv6/netfilter/Makefile | 7 +
> net/ipv6/netfilter/ip6t_MASQUERADE.c | 135 +++++
> net/ipv6/netfilter/ip6t_NETMAP.c | 94 +++
> net/ipv6/netfilter/ip6t_REDIRECT.c | 98 +++
> net/ipv6/netfilter/ip6table_nat.c | 319 ++++++++++
> net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 14 +
> net/ipv6/netfilter/nf_nat_l3proto_ipv6.c | 285 +++++++++
> net/ipv6/netfilter/nf_nat_proto_icmpv6.c | 87 +++
> net/netfilter/Kconfig | 34 ++
> net/netfilter/Makefile | 15 +
> net/netfilter/core.c | 5 +
> net/netfilter/ipvs/ip_vs_ftp.c | 1 +
> net/netfilter/nf_conntrack_amanda.c | 5 +-
> net/netfilter/nf_conntrack_core.c | 7 +
> net/netfilter/nf_conntrack_ftp.c | 3 +-
> net/netfilter/nf_conntrack_h323_main.c | 232 +++++---
> net/netfilter/nf_conntrack_irc.c | 6 +-
> net/netfilter/nf_conntrack_netlink.c | 30 +-
> net/netfilter/nf_conntrack_pptp.c | 18 +-
> net/netfilter/nf_conntrack_proto_tcp.c | 8 +-
> net/netfilter/nf_conntrack_sip.c | 119 +++--
> net/netfilter/nf_conntrack_tftp.c | 3 +-
> net/{ipv4 => }/netfilter/nf_nat_amanda.c | 4 +-
> net/{ipv4 => }/netfilter/nf_nat_core.c | 621 ++++++++++----------
> net/{ipv4 => }/netfilter/nf_nat_ftp.c | 33 +-
> net/{ipv4 => }/netfilter/nf_nat_helper.c | 121 ++---
> net/netfilter/nf_nat_proto_common.c | 112 ++++
> net/{ipv4 => }/netfilter/nf_nat_proto_dccp.c | 58 +-
> net/{ipv4 => }/netfilter/nf_nat_proto_sctp.c | 55 +-
> net/{ipv4 => }/netfilter/nf_nat_proto_tcp.c | 42 +-
> net/{ipv4 => }/netfilter/nf_nat_proto_udp.c | 44 +-
> net/{ipv4 => }/netfilter/nf_nat_proto_udplite.c | 60 +-
> net/{ipv4 => }/netfilter/nf_nat_proto_unknown.c | 15 +-
> net/netfilter/xt_nat.c | 185 ++++++
> 85 files changed, 3132 insertions(+), 1635 deletions(-)
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
Probabably a dumb question but are these patches for natting ipv6 to
ipv6 or ipv4 to ipv6?
--
"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety." (Ben Franklin)
"The course of history shows that as a government grows, liberty
decreases." (Thomas Jefferson)
next prev parent reply other threads:[~2011-11-28 17:14 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-24 16:57 [RFC PATCH 00/18] netfilter: IPv6 NAT kaber
2011-11-24 16:57 ` [PATCH 01/18] netfilter: nf_nat: export NAT definitions to userspace kaber
2011-11-24 16:57 ` [PATCH 02/18] netfilter: nf_nat: use hash random for bysource hash kaber
2011-11-24 16:57 ` [PATCH 03/18] netfilter: nf_nat: add missing nla_policy entry for CTA_NAT_PROTO attribute kaber
2011-11-24 16:57 ` [PATCH 04/18] netfilter: nat: remove module reference counting from NAT protocols kaber
2011-11-24 16:57 ` [PATCH 05/18] netfilter: nf_nat: remove obsolete code from nf_nat_icmp_reply_translation() kaber
2011-11-24 16:57 ` [PATCH 06/18] netfilter: nf_nat: remove obsolete check in nf_nat_mangle_udp_packet() kaber
2011-11-24 16:57 ` [PATCH 07/18] netfilter: ctnetlink: remove dead NAT code kaber
2011-11-24 16:57 ` [PATCH 08/18] netfilter: conntrack: restrict NAT helper invocation to IPv4 kaber
2011-11-24 16:57 ` [PATCH 09/18] netfilter: nf_nat: add protoff argument to packet mangling functions kaber
2011-11-24 16:57 ` [PATCH 10/18] netfilter: add protocol independant NAT core kaber
2011-11-24 16:57 ` [PATCH 11/18] netfilter: ipv6: expand skb head in ip6_route_me_harder after oif change kaber
2011-11-24 16:57 ` [PATCH 12/18] net: core: add function for incremental IPv6 pseudo header checksum updates kaber
2011-11-24 16:57 ` [PATCH 13/18] netfilter: ipv6: add IPv6 NAT support kaber
2011-11-24 16:57 ` [PATCH 14/18] netfilter: ip6tables: add MASQUERADE target kaber
2011-11-24 16:57 ` [PATCH 15/18] netfilter: ip6tables: add REDIRECT target kaber
2011-11-24 16:57 ` [PATCH 16/18] netfilter: ip6tables: add NETMAP target kaber
2011-11-24 16:57 ` [PATCH 17/18] netfilter: nf_nat: support IPv6 in FTP NAT helper kaber
2011-11-24 16:57 ` [PATCH 18/18] netfilter: nf_nat: support IPv6 in amanda " kaber
2011-11-28 17:14 ` Stephen Clark [this message]
2011-11-28 20:25 ` [RFC PATCH 00/18] netfilter: IPv6 NAT Ulrich Weber
2011-11-28 20:55 ` richard -rw- weinberger
2011-11-28 22:03 ` Amos Jeffries
2011-11-29 9:19 ` Ulrich Weber
2011-11-29 12:23 ` Jan Engelhardt
2011-11-29 13:24 ` Amos Jeffries
2011-11-29 21:38 ` Krzysztof Olędzki
2011-11-29 22:15 ` Eric Dumazet
2011-11-29 23:59 ` Krzysztof Olędzki
2011-11-29 22:21 ` Jan Engelhardt
2011-11-30 0:21 ` Krzysztof Olędzki
2011-11-30 10:07 ` Jan Engelhardt
2011-12-01 7:01 ` Krzysztof Olędzki
2011-11-30 0:05 ` Ben Hutchings
2011-11-30 0:30 ` Krzysztof Olędzki
2011-11-29 12:32 ` Patrick McHardy
2011-12-23 13:08 ` Pablo Neira Ayuso
-- strict thread matches above, loose matches on Subject: below --
2011-11-29 12:50 Re[2]: " Hans Schillstrom
2011-11-29 14:05 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4ED3C174.9030302@earthlink.net \
--to=sclark46@earthlink.net \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=ulrich.weber@sophos.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.