NAT pool

NAT pool

[Miguel Alejandro González]

Hello

I was wondering how the pool of ipv4 addresses works in netfilter. I
know you can configure a range or subnet from iptables when you are
configuring NAT.I was reading some NAT code from the kernel, but I
think it just checks if the packet's address is in the range
specified.

I guess my main question is, if there is a ipv4 pool implementation in
netfilter. If so, can it be used by other modules?

Regards

Re: NAT pool

[Jan Engelhardt]

On Tuesday 2012-12-18 23:32, Miguel Alejandro González wrote:

>I was wondering how the pool of ipv4 addresses works in netfilter. I
>know you can configure a range or subnet from iptables when you are
>configuring NAT.I was reading some NAT code from the kernel, but I
>think it just checks if the packet's address is in the range
>specified.

get_unique_tuple() makes sure they don't overlap.

>I guess my main question is, if there is a ipv4 pool implementation in
>netfilter. If so, can it be used by other modules?

As much as other modules are already using it.
The question should not be whether it can be used, but whether it can be 
used for what.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: NAT pool

[Miguel Alejandro González]

Cool, well I want to use it for a NAT64 module where are developing...
right now we have a pool developed from scratch. It would have to
handle a ip range and protocol range... but I think the implementation
you guys have already does this.

I guess the file I have to include is:

Linux/include/uapi/linux/netfilter/nf_nat.h

Would you care to explain how can I use it or what codes should I read
to see how it works...

Regards!

On Tue, Dec 18, 2012 at 4:58 PM, Jan Engelhardt <jengelh@inai.de> wrote:
> On Tuesday 2012-12-18 23:32, Miguel Alejandro González wrote:
>
>>I was wondering how the pool of ipv4 addresses works in netfilter. I
>>know you can configure a range or subnet from iptables when you are
>>configuring NAT.I was reading some NAT code from the kernel, but I
>>think it just checks if the packet's address is in the range
>>specified.
>
> get_unique_tuple() makes sure they don't overlap.
>
>>I guess my main question is, if there is a ipv4 pool implementation in
>>netfilter. If so, can it be used by other modules?
>
> As much as other modules are already using it.
> The question should not be whether it can be used, but whether it can be
> used for what.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: NAT pool

[Pablo Neira Ayuso]

On Tue, Dec 18, 2012 at 07:53:46PM -0600, Miguel Alejandro González wrote:
> Cool, well I want to use it for a NAT64 module where are developing...
> right now we have a pool developed from scratch. It would have to
> handle a ip range and protocol range... but I think the implementation
> you guys have already does this.

Yes, you should use the conntrack and nat subsystems for that.

I discussed this with Patrick recently. The main problem is that
you're going to find code that uses ct->hashtuple[ORIG].l3num. You
should start by changing that is an initial patch, then the follow-up
patch to add the NAT64 feature.

Regards.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html