26 Apr, 2017

1 commit

• ff459018d   netfilter: masquerade: attach nat extension if not present ... Browse Code »

  Currently the nat extension is always attached as soon as nat module is
  loaded. However, most NAT uses do not need the nat extension anymore.

  Prepare to remove the add-nat-by-default by making those places that need
  it attach it if its not present yet.

  Signed-off-by: Florian Westphal
  Signed-off-by: Pablo Neira Ayuso

  Florian Westphal

  2017-04-26 15:30:22 +0800  

14 Mar, 2016

1 commit

• fbd40ea01   ipv4: Don't do expensive useless work during inetdev destroy. ... Browse Code »

  When an inetdev is destroyed, every address assigned to the interface
  is removed. And in this scenerio we do two pointless things which can
  be very expensive if the number of assigned interfaces is large:

  1) Address promotion. We are deleting all addresses, so there is no
  point in doing this.

  2) A full nf conntrack table purge for every address. We only need to
  do this once, as is already caught by the existing
  masq_dev_notifier so masq_inet_event() can skip this.

  Reported-by: Solar Designer
  Signed-off-by: David S. Miller
  Tested-by: Cyrill Gorcunov

  David S. Miller

  2016-03-14 11:28:35 +0800  

09 Sep, 2014

1 commit

• 8dd33cc93   netfilter: nf_nat: generalize IPv4 masquerading support for nf_tables ... Browse Code »

  Let's refactor the code so we can reach the masquerade functionality
  from outside the xt context (ie. nftables).

  The patch includes the addition of an atomic counter to the masquerade
  notifier: the stuff to be done by the notifier is the same for xt and
  nftables. Therefore, only one notification handler is needed.

  This factorization only involves IPv4; a similar patch follows to
  handle IPv6.

  Signed-off-by: Arturo Borrero Gonzalez
  Signed-off-by: Pablo Neira Ayuso

  Arturo Borrero

  2014-09-09 22:31:29 +0800