| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aPoi0Sozs3C9Ohlc@strlen.de>
Date: Thu, 23 Oct 2025 14:42:57 +0200
From: Florian Westphal <fw@...len.de>
To: Andrii Melnychenko <a.melnychenko@...s.io>
Cc: Pablo Neira Ayuso <pablo@...filter.org>, kadlec@...filter.org,
phil@....cc, davem@...emloft.net, edumazet@...gle.com,
kuba@...nel.org, pabeni@...hat.com, horms@...nel.org,
netfilter-devel@...r.kernel.org, coreteam@...filter.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 1/1] nft_ct: Added nfct_seqadj_ext_add() for NAT'ed
conntrack.
Andrii Melnychenko <a.melnychenko@...s.io> wrote:
> I've taken a look at the `nat_ftp` test from nftables. It actually
> passes fine, I've tried to modify the test, add IPv4 and force
> PASV/PORT mode - everything works.
> Currently, I'm studying the difference between NFT rulesets.
> Primarily, I'm testing on 2 kernels: 6.6.108 and 6.14.0-33.
I think its this:
chain POST-srcnat {
type nat hook postrouting priority srcnat; policy accept;
ip6 daddr ${ip_sr} ip6 nexthdr tcp tcp dport 21 counter snat ip6 to [${ip_rs}]:16500
}
This sets up snat which calls nf_nat_setup_info which adds the
seqadj extension.
Powered by blists - more mailing lists