This series adds support for the nat chain type in the inet family.
Example:
table inet nat {
chain postrouting {
type nat hook output priority 0; policy accept;
ip6 daddr dead:1::99 snat ip6 to dead:2::99
meta oifname "ppp+" masquerade
}
}
This avoids the need to create both ip and ip6 nat tables for
the masquerade rule.
Florian Westphal (6):
netfilter: nat: add inet family nat support
netfilter: nf_tables: merge route type into core
netfilter: replace NF_NAT_NEEDED with IS_ENABLED(CONFIG_NF_NAT)
netfilter: nft_masq: add inet support
netfilter: nft_redir: add inet support
kselftests: extend nft_nat with inet family based nat hooks
include/linux/netfilter.h | 2
include/linux/netfilter_ipv6.h | 15 ++
include/net/netfilter/nf_conntrack_expect.h | 2
include/net/netfilter/nf_nat.h | 7 -
include/net/netfilter/nf_tables.h | 2
net/ipv4/netfilter/Kconfig | 8 -
net/ipv4/netfilter/Makefile | 1
net/ipv6/netfilter/Kconfig | 8 -
net/ipv6/netfilter/Makefile | 1
net/netfilter/Kconfig | 5
net/netfilter/Makefile | 3
net/netfilter/nf_conntrack_expect.c | 2
net/netfilter/nf_conntrack_netlink.c | 16 +-
net/netfilter/nf_conntrack_sip.c | 2
net/netfilter/nf_nat_core.c | 16 +-
net/netfilter/nf_nat_proto.c | 59 +++++---
net/netfilter/nf_tables_api.c | 2
net/netfilter/nft_chain_nat.c | 36 +++++
net/netfilter/nft_chain_route.c | 169 +++++++++++++++++++++++++
net/netfilter/nft_masq.c | 64 +++++++++
net/netfilter/nft_nat.c | 58 ++++++++
net/netfilter/nft_redir.c | 61 +++++++++
net/openvswitch/conntrack.c | 18 +-
tools/testing/selftests/netfilter/nft_nat.sh | 130 +++++++++++++------
net/ipv4/netfilter/nft_chain_route_ipv4.c | 89 -------------
net/ipv6/netfilter/nft_chain_route_ipv6.c | 91 -------------
26 files changed, 572 insertions(+), 295 deletions(-)
