lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140904072051.GA3533@salvia>
Date:	Thu, 4 Sep 2014 09:20:51 +0200
From:	Pablo Neira Ayuso <pablo@...filter.org>
To:	Paul Bolle <pebolle@...cali.nl>
Cc:	Matteo Croce <technoboy85@...il.com>,
	Patrick McHardy <kaber@...sh.net>,
	Jozsef Kadlecsik <kadlec@...ckhole.kfki.hu>,
	"David S. Miller" <davem@...emloft.net>,
	netfilter-devel@...r.kernel.org, coreteam@...filter.org,
	netdev@...r.kernel.org
Subject: Re: netfilter: NETFILTER_XT_NAT?

Hi,

On Wed, Sep 03, 2014 at 10:17:24PM +0200, Paul Bolle wrote:
> Hi Pablo,
> 
> Your commit 8993cf8edf42 ("netfilter: move NAT Kconfig switches out of
> the iptables scope") just landed in linux-next (ie, in next-20140903).
> It claims to add NETFILTER_XT_NAT.
> 
> That commit does add two select statements for NETFILTER_XT_NAT, and a
> Makefile line checking for NETFILTER_XT_NAT. But it does not add the
> actual Kconfig symbol NETFILTER_XT_NAT. This is a bit confusing. Do you
> know what may have happened here?

We never had so far a way to enable/disable the xt_nat targets from
Kconfig, before this patch that was controled by CONFIG_NF_NAT which
is a global switch to enable/disable NAT.

With that patch, the idea is that users still get the {S,D}NAT target
if the IPv4/IPv6 iptables NAT tables are enabled (thus the two select
statements) when jumping from old kernel config to new ones.

I can introduce a new explicit switch for NETFILTER_XT_NAT in Kconfig
for this if you consider that less confusing, it's something we didn't
have so far though. Please, let me know if I'm overlooking something
incorrect, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ