19 Jul, 2019

1 commit

• b4f1483cb   netfilter: nf_tables: Support auto-loading for inet nat ... Browse Code »

  Trying to create an inet family nat chain would not cause
  nft_chain_nat.ko module to auto-load due to missing module alias. Add a
  proper one with hard-coded family value 1 for the pseudo-family
  NFPROTO_INET.

  Fixes: d164385ec572 ("netfilter: nat: add inet family nat support")
  Signed-off-by: Phil Sutter
  Signed-off-by: Pablo Neira Ayuso

  Phil Sutter

  2019-07-19 02:19:02 +0800  

09 Apr, 2019

1 commit

• d164385ec   netfilter: nat: add inet family nat support ... Browse Code »

  We need minimal support from the nat core for this, as we do not
  want to register additional base hooks.

  When an inet hook is registered, interally register ipv4 and ipv6
  hooks for them and unregister those when inet hooks are removed.

  Signed-off-by: Florian Westphal
  Signed-off-by: Pablo Neira Ayuso

  Florian Westphal

  2019-04-09 05:01:39 +0800  

01 Mar, 2019

1 commit

• db8ab3888   netfilter: nf_tables: merge ipv4 and ipv6 nat chain types ... Browse Code »

  Merge the ipv4 and ipv6 nat chain type. This is the last
  missing piece which allows to provide inet family support
  for nat in a follow patch.

  The kconfig knobs for ipv4/ipv6 nat chain are removed, the
  nat chain type will be built unconditionally if NFT_NAT
  expression is enabled.

  Before:
  text data bss dec hex filename
  1576 896 0 2472 9a8 nft_chain_nat_ipv4.ko
  1697 896 0 2593 a21 nft_chain_nat_ipv6.ko

  After:
  text data bss dec hex filename
  1832 896 0 2728 aa8 nft_chain_nat.ko

  Signed-off-by: Florian Westphal
  Signed-off-by: Pablo Neira Ayuso

  Florian Westphal

  2019-03-01 21:36:59 +0800