Today's status:
~~~~~~~~~~~~~~
* IP_MASQ
- same engine
there will be a major move when we have minisocks implemented (andi
kleen's), so we'll be able to truly SHARE proto-addr-port space
with socks and use SAME hashing engine
- MASQ_ICMP (from 2.0)
- some cleanup:
o locking (among other things, to delete those UGLYs cli()'s when
reading procinfo)
o others
. only ONE ip_masq_new (so moving to ak's "minisocks" will
not hurt)
. control connections handled with atomic_t counts (to avoid whole
list parsing)
o debugging
. consistent, compile-time-enabled IP_MASQ_DEBUG(lev, ...) macro
controlled by /proc/sys/net/ip_masq_debug
- newS
o rule loadable modules
Allow adding quite arbitrary rules to "normal" masq entry creation
This is the generic stuff to support:
. ip_masq_AUTOFW *module*
almost same as 2.0, with some oops fixes
. ip_masq_PORTFW *module*
2.0's + locking (some cli() removing) + LOAD BALANCING
* Masq config tool: ipmasqadm
- runtime ld loader for /usr/lib/ipmasqadm/*.so modules:
Made for allowing clean masq growing:
o only ONE config tool
o only ONE set of setsockopt() optnames (IP_FW_MASQ_[ADD|INS|DEL|FLUSH|CTL)
IP_FW_AUTOFWxxx and IP_FW_PORTFWxxx have been wrapped with these "generic"
calls
Implemented:
o autofw.so
Almost same as ipautofw utility
o portfw.so
Almost ipportfw + load balancing control
[patch available for .62 and "almost" for .61-VGER)
About to come (IFF makes sense :)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* ip_masq_proto modules (for IPPROTOs other than TCP,UDP):
- ip_masq_proto_icmp (ICMP "forwarding" stuff, control stuff kept [of course])
- ip_masq_proto_gre (from pptp-patch)
* ip_masq WHOLE module
Best regards ...
-- Juanjo
Yo don't need an hologram to know...
Nor you need to sell your brain to anyone.
Yo can feel it. It's Linux.