[NETFILTER 04/05]: nf_nat: always select same SNAT source for same host

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: Patrick McHardy <kaber@trash.net>, netfilter-devel@vger.kernel.org
Subject: [NETFILTER 04/05]: nf_nat: always select same SNAT source for same host
Date: Wed, 27 Feb 2008 14:14:24 +0100 (MET)	[thread overview]
Message-ID: <20080227131432.26831.2125.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20080227131427.26831.51195.sendpatchset@localhost.localdomain>

[NETFILTER]: nf_nat: always select same SNAT source for same host

We've removed the SAME target in 2.6.25-rc since it had 32/64 bit compat
problems and the NAT core provides the same behaviour regarding IP
selection. This turned out to be not entirely correct though, the
NAT core only selects the same IP from a range for the same src,dst
combination. Some people need the same IP for all destinations however.

The easiest way to do this is to ignore the destination IP when
doing SNAT. Since we're using jhash, we still get good distribution
for multiple source IPs.

Tested-by: David Lau <mintypickle@gmail.com>

Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit c31b70def66807822dc973e66757507a5fd4c3b6
tree c0a635a5e75bbce4e234ca53d3f12e9af963e741
parent 54b4910d81a787d932d0a3237a8a15879f8eb8b8
author Patrick McHardy <kaber@trash.net> Wed, 27 Feb 2008 13:23:57 +0100
committer Patrick McHardy <kaber@trash.net> Wed, 27 Feb 2008 13:23:57 +0100

 net/ipv4/netfilter/nf_nat_core.c |   11 +++++++----
 1 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index 0d5fa3a..8e1cae2 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -188,15 +188,19 @@ find_best_ips_proto(struct nf_conntrack_tuple *tuple,
 	__be32 *var_ipp;
 	/* Host order */
 	u_int32_t minip, maxip, j;
+	__be32 dst;
 
 	/* No IP mapping?  Do nothing. */
 	if (!(range->flags & IP_NAT_RANGE_MAP_IPS))
 		return;
 
-	if (maniptype == IP_NAT_MANIP_SRC)
+	if (maniptype == IP_NAT_MANIP_SRC) {
 		var_ipp = &tuple->src.u3.ip;
-	else
+		dst = 0;
+	} else {
 		var_ipp = &tuple->dst.u3.ip;
+		dst = tuple->dst.u3.ip;
+	}
 
 	/* Fast path: only one choice. */
 	if (range->min_ip == range->max_ip) {
@@ -212,8 +216,7 @@ find_best_ips_proto(struct nf_conntrack_tuple *tuple,
 	 * like this), even across reboots. */
 	minip = ntohl(range->min_ip);
 	maxip = ntohl(range->max_ip);
-	j = jhash_2words((__force u32)tuple->src.u3.ip,
-			 (__force u32)tuple->dst.u3.ip, 0);
+	j = jhash_2words((__force u32)tuple->src.u3.ip, (__force u32)dst, 0);
 	j = ((u64)j * (maxip - minip + 1)) >> 32;
 	*var_ipp = htonl(minip + j);
 }

next prev parent reply	other threads:[~2008-02-27 13:14 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-02-27 13:14 [NETFILTER 00/05]: Netfilter fixes Patrick McHardy
2008-02-27 13:14 ` [NETFILTER 01/05]: nf_conntrack: fix smp_processor_id() in preemptible code warning Patrick McHardy
2008-02-27 20:09   ` David Miller
2008-02-27 13:14 ` [NETFILTER 02/05]: xt_conntrack: fix missing boolean clamping Patrick McHardy
2008-02-27 20:10   ` David Miller
2008-02-27 13:14 ` [NETFILTER 03/05]: xt_conntrack: fix IPv4 address comparison Patrick McHardy
2008-02-27 20:20   ` David Miller
2008-02-27 13:14 ` Patrick McHardy [this message]
2008-02-27 16:31   ` [NETFILTER 04/05]: nf_nat: always select same SNAT source for same host Patrick McHardy
2008-02-27 20:07     ` David Miller
2009-01-13 14:24     ` Bernhard Schmidt
2008-02-27 13:14 ` [NETFILTER 05/05]: Fix NF_QUEUE_NR() parenthesis Patrick McHardy
2008-02-27 20:21   ` David Miller

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:0d5fa3a dfblob:8e1cae2 )
 OR (
bs:"[NETFILTER 04/05]: nf_nat: always select same SNAT source for same host" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080227131432.26831.2125.sendpatchset@localhost.localdomain \
    --to=kaber@trash.net \
    --cc=davem@davemloft.net \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).