[PATCH] support for ipnatctl -F (flush)

Marc Boucher marc@mbsi.ca
Sun, 31 Oct 1999 22:13:48 -0500

Hi Rusty,

> In message <199910291622.MAA01021@opium.mbsi.ca> you write:
> > 1999-10-29  Marc Boucher <marc@mbsi.ca>
> > 
> > 	* NAT/userspace/ipnatctl.c: Added -F option to flush all rules.
> > 
> >         * NAT/userspace/ipnatctl.8: Added documentation for -F option.
> > 
> >         * NAT/ip_nat_rule.c: Added delete_rules() function, called upon
> > 	IP_NAT_SO_SET_DELETE with len == 0.
> Hi Mark,
> 	Sorry for the slow response: travelling, writing Linux Mag
> article and recovering.  Should be faster now.

No problem. I know what it's like :-)

> 	Actually, how about introducing a new IP_NAT_SO_GET_RULES
> ioctl, which gets the rule table (-ENOSPC if they don't provide enough
> room, and in userspace doubles size every time).  That would finally
> replace the crappy `ipnatctl -L' with something proper as well as
> allowing a `flush' option.
> What do you think?
> Rusty.

IMHO we shouldn't invest more energy into the current incarnation of
ipnatctl before its structure is thoroughly debated (my -F
implementation was a quick solution for module unloading problems).

ipnatctl has a *lot* in common with iptables in terms of rule
management, and packet selection needs. Maybe both should use a common
framework that would eliminate the current redundancy/duplication of

Perhaps this could be done with the generic packet selection /
mangling infrastructure ?

(not Mark ;-)