12 Apr, 2019
2 commits
-
Only reason for having two different register functions was because of
ipt_MASQUERADE and ip6t_MASQUERADE being two different modules.Previous patch merged those into xt_MASQUERADE, so we can merge this too.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso -
Both are now implemented by nf_nat_masquerade.c, so no need to keep
different headers.Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
08 Mar, 2019
1 commit
-
Otherwise, we get notifier list corruption.
This is the most simple fix: remove the device notifier call chain
from the ipv6 masquerade register function and handle it only
in the ipv4 version.The better fix is merge
nf_nat_masquerade_ipv4/6_(un)register_notifier
into a single
nf_nat_masquerade_(un)register_notifiersbut to do this its needed to first merge the two masquerade modules
into a single xt_MASQUERADE.Furthermore, we need to use different refcounts for ipv4/ipv6
until we can merge MASQUERADE.Fixes: d1aca8ab3104a ("netfilter: nat: merge ipv4 and ipv6 masquerade functionality")
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
27 Feb, 2019
1 commit
-
Before:
text data bss dec hex filename
13916 1412 4128 19456 4c00 nf_nat.ko
4510 968 4 5482 156a nf_nat_ipv4.ko
5146 944 8 6098 17d2 nf_nat_ipv6.koAfter:
text data bss dec hex filename
16566 1576 4136 22278 5706 nf_nat.ko
3187 844 0 4031 fbf nf_nat_ipv4.ko
3598 844 0 4442 115a nf_nat_ipv6.ko... so no drastic changes in combined size.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso