[PATCH] support for ipnatctl -F (flush)
Marc Boucher
marc@mbsi.ca
Sun, 31 Oct 1999 22:13:48 -0500
Hi Rusty,
> In message <199910291622.MAA01021@opium.mbsi.ca> you write:
> > 1999-10-29 Marc Boucher <marc@mbsi.ca>
> >
> > * NAT/userspace/ipnatctl.c: Added -F option to flush all rules.
> >
> > * NAT/userspace/ipnatctl.8: Added documentation for -F option.
> >
> > * NAT/ip_nat_rule.c: Added delete_rules() function, called upon
> > IP_NAT_SO_SET_DELETE with len == 0.
>
> Hi Mark,
>
> Sorry for the slow response: travelling, writing Linux Mag
> article and recovering. Should be faster now.
No problem. I know what it's like :-)
> Actually, how about introducing a new IP_NAT_SO_GET_RULES
> ioctl, which gets the rule table (-ENOSPC if they don't provide enough
> room, and in userspace doubles size every time). That would finally
> replace the crappy `ipnatctl -L' with something proper as well as
> allowing a `flush' option.
>
> What do you think?
> Rusty.
IMHO we shouldn't invest more energy into the current incarnation of
ipnatctl before its structure is thoroughly debated (my -F
implementation was a quick solution for module unloading problems).
ipnatctl has a *lot* in common with iptables in terms of rule
management, and packet selection needs. Maybe both should use a common
framework that would eliminate the current redundancy/duplication of
effort.
Perhaps this could be done with the generic packet selection /
mangling infrastructure ?
Marc
(not Mark ;-)