Re: [PATCH] 2.2.10: 2-dir masquerading for single-interface port forwarding

Rolf Braun (masq@helixsystems.com)
Wed, 30 Jun 1999 15:26:59 -0400

>On Tue, Jun 29, 1999 at 12:52:01PM -0400, Rolf Braun wrote:
>> This patch adds a 2-dir (bidirectional) masquerading feature to the
>kernel
>> so that connections can be set up directly through the kernel in
>which
>> neither side sees the real IP of the other side. The intention of
>this
>> patch is to provide a way to cleanly forward connections over a
>single
>> interface using the accompanying masq_mbfw module, which is mfw
>modified
>> to use the new code.
>I'm currently digging your code, some remarks:
> * The idea is good and doable.

Wow, thanks.

> * We should impact ip_masq input path very low, because IS the
> common path taken by every input packet.
> * Please #ifdef CONFIG_IP_MASQ_BIDI (or similar) for easier inclusion
> (there are MANY core changes)

The next diff will have this (I'll just have diff take care of it, diff against
that diff, and if it isn't quite this way I'll sed it out)

> * Could you adapt your changes to patch below?
>
>BTW I'm attaching a patch that provides
> * double linked lists => fast deletion, neater code
> Currently it depends on list "load" and MUST be fast
> because it's called from timer.
> * dest+source hashing by Julian Anastasov, improves port forwarding
> Currently portfw a-like hashing uses just masq port: same hash=> long
>list.
> * additional daddr-only hash (used by eg. John Hardin's masq VPN
>module)

Yes. Definitely. I was looking into this myself before, but I'm really glad to
see this because it should give better performance under heavy load. I'll
integrate as fast as possible.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/