Final version of newnat API
Jozsef Kadlecsik
kadlec@blackhole.kfki.hu
Mon, 11 Feb 2002 13:23:37 +0100 (CET)
Hello,
The final version (:-) of the newnat API and the corresponding H.323/talk
helper patches are in cvs now.
The modifications compared to the previous version are the following:
- Because of structural reasons exp_matches_pkt functions are moved
from NAT to conntrack.
- Conntrack and NAT helpers are *not* set for expected connections.
In consequence, the original behaviour of setting the conntrack/NAT
helpers (for master connections) on the NATed port could be restored.
If helpers must be set for expected connections, it can be done using
the conntrack and NAT expect functions (see both H.323 and talk).
- A flag member to ip_conntrack_helper and ip_nat_helper structures is
added, with the following possible values (and functionality in
ip_conntrack_core.c, ip_nat_core.c and ip_nat_helper.c):
/* Reuse expectation when max_expected reached */
#define IP_CT_REUSE_EXPECT 0x01
/* NAT helper must be called on every packet (for TCP) */
#define IP_NAT_ALWAYS 0x01
/* Standalone NAT helper, without a conntrack part */
#define IP_NAT_STANDALONE 0x02
- The function hack to trigger the autoloading of the conntrack helper
module when the nat helper module is loaded is replaced by a more
elegant way in the ip_nat_helper_register function. It required adding
a struct module * member to the ip_conntrack_helper and ip_nat_helper
structures.
- Timeout for expectations added. (Therefore the output of
/proc/net/ip_conntrack for expected connections slightly changed.)
Please note, the really new functionality is the timeout for expectations.
I hope, before the weekend I can add an updated newnat-summary.txt to
userspace/patch-o-matic/newat as well.
Regards,
Jozsef
-
E-mail : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
WWW-Home: http://www.kfki.hu/~kadlec
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary