From: Patrick McHardy <kaber@trash.net>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: Martin Josefsson <gandalf@mjufs.se>,
Andrew Morton <akpm@linux-foundation.org>,
netdev@vger.kernel.org, bugme-daemon@bugzilla.kernel.org,
berni@birkenwald.de, netfilter-devel@vger.kernel.org
Subject: Re: [Bugme-new] [Bug 12954] New: SAMEIP --nodst functionality gone missing
Date: Wed, 15 Apr 2009 14:35:58 +0200 [thread overview]
Message-ID: <49E5D4AE.3040203@trash.net> (raw)
In-Reply-To: <alpine.LSU.2.00.0904151421070.11961@fbirervta.pbzchgretzou.qr>
[-- Attachment #1: Type: text/plain, Size: 559 bytes --]
Jan Engelhardt wrote:
> On Wednesday 2009-04-15 14:13, Patrick McHardy wrote:
>> Jan Engelhardt wrote:
>>> On Wednesday 2009-04-15 13:53, Patrick McHardy wrote:
>>>
>>>> How about this patch? If the IP_NAT_RANGE_PERSISTENT flag is set
>>>> on a NAT range, we ignore the destination address in the selection.
>>> But where do you set IP_NAT_RANGE_PERSISTENT? (It seems like a dead
>>> feature right now.)
>> In userspace of course :)
>
> Ah I hear the crisp sound of an upcoming iptables 1.4.4.
In a while :)
This is the corresponding userspace patch:
[-- Attachment #2: nat.diff --]
[-- Type: text/x-patch, Size: 3211 bytes --]
diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c
index b5f8028..dc79b44 100644
--- a/extensions/libipt_DNAT.c
+++ b/extensions/libipt_DNAT.c
@@ -27,12 +27,13 @@ static void DNAT_help(void)
"DNAT target options:\n"
" --to-destination <ipaddr>[-<ipaddr>][:port-port]\n"
" Address to map destination to.\n"
-"[--random]\n");
+"[--random] [--persistent]\n");
}
static const struct option DNAT_opts[] = {
{ "to-destination", 1, NULL, '1' },
{ "random", 0, NULL, '2' },
+ { "persistent", 0, NULL, '3' },
{ .name = NULL }
};
@@ -178,6 +179,11 @@ static int DNAT_parse(int c, char **argv, int invert, unsigned int *flags,
} else
*flags |= IPT_DNAT_OPT_RANDOM;
return 1;
+
+ case '3':
+ info->mr.range[0].flags |= IP_NAT_RANGE_PERSISTENT;
+ return 1;
+
default:
return 0;
}
@@ -222,6 +228,8 @@ static void DNAT_print(const void *ip, const struct xt_entry_target *target,
printf(" ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
printf("random ");
+ if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
+ printf("persistent ");
}
}
@@ -236,6 +244,8 @@ static void DNAT_save(const void *ip, const struct xt_entry_target *target)
printf(" ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
printf("--random ");
+ if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
+ printf("--persistent ");
}
}
diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c
index 944fe67..762d8d0 100644
--- a/extensions/libipt_SNAT.c
+++ b/extensions/libipt_SNAT.c
@@ -27,12 +27,13 @@ static void SNAT_help(void)
"SNAT target options:\n"
" --to-source <ipaddr>[-<ipaddr>][:port-port]\n"
" Address to map source to.\n"
-"[--random]\n");
+"[--random] [ --persistent]\n");
}
static const struct option SNAT_opts[] = {
{ "to-source", 1, NULL, '1' },
{ "random", 0, NULL, '2' },
+ { "perstistent", 0, NULL, '3' },
{ .name = NULL }
};
@@ -179,6 +180,10 @@ static int SNAT_parse(int c, char **argv, int invert, unsigned int *flags,
*flags |= IPT_SNAT_OPT_RANDOM;
return 1;
+ case '3':
+ info->mr.range[0].flags |= IP_NAT_RANGE_PERSISTENT;
+ return 1;
+
default:
return 0;
}
@@ -223,6 +228,8 @@ static void SNAT_print(const void *ip, const struct xt_entry_target *target,
printf(" ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
printf("random ");
+ if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
+ printf("persistent ");
}
}
@@ -237,6 +244,8 @@ static void SNAT_save(const void *ip, const struct xt_entry_target *target)
printf(" ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
printf("--random ");
+ if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
+ printf("--persistent ");
}
}
diff --git a/include/net/netfilter/nf_nat.h b/include/net/netfilter/nf_nat.h
index 094473e..c3e2060 100644
--- a/include/net/netfilter/nf_nat.h
+++ b/include/net/netfilter/nf_nat.h
@@ -18,6 +18,7 @@ enum nf_nat_manip_type
#define IP_NAT_RANGE_MAP_IPS 1
#define IP_NAT_RANGE_PROTO_SPECIFIED 2
#define IP_NAT_RANGE_PROTO_RANDOM 4
+#define IP_NAT_RANGE_PERSISTENT 8
/* NAT sequence number modifications */
struct nf_nat_seq {
next prev parent reply other threads:[~2009-04-15 12:36 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <bug-12954-10286@http.bugzilla.kernel.org/>
2009-04-07 21:35 ` [Bugme-new] [Bug 12954] New: SAMEIP --nodst functionality gone missing Andrew Morton
2009-04-08 8:03 ` Martin Josefsson
2009-04-08 15:32 ` Patrick McHardy
2009-04-15 11:53 ` Patrick McHardy
2009-04-15 12:10 ` Jan Engelhardt
2009-04-15 12:13 ` Patrick McHardy
2009-04-15 12:21 ` Jan Engelhardt
2009-04-15 12:35 ` Patrick McHardy [this message]
2009-04-17 16:16 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49E5D4AE.3040203@trash.net \
--to=kaber@trash.net \
--cc=akpm@linux-foundation.org \
--cc=berni@birkenwald.de \
--cc=bugme-daemon@bugzilla.kernel.org \
--cc=gandalf@mjufs.se \
--cc=jengelh@medozas.de \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).