Anyone know why this feature was removed from the kernel
Jamon Camisso
jamon.camisso-H217xnMUJC0sA/PxXw9srA at public.gmane.org
Tue Jul 24 17:54:42 UTC 2012
On 12-07-24 01:43 PM, William Muriithi wrote:
> Afternoon,
>
> I just came across this statement from the iptables man page and for
> no immediate practical reason, got curious why the kernel developers
> decided to remove this feature.
>
> Quote:
> In Kernels up to 2.6.10, you can add several
> --to-source options. For those kernels, if you specify more than one
> source
> address, either via an address range or multiple
> --to-source options, a simple round-robin (one after another in
> cycle)
> takes place between these addresses. Later Kernels (>=
> 2.6.11-rc1) don’t have the ability to NAT to multiple ranges any-
> more.
> End Quote
>
> Unfortunately, I can't think of a single reason. I am suspecting
> security reasons, but I frankly can't see how that would be the case.
> Any one privy of what happened?
Quoting from changelog:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11
<rusty-8n+1lVoiYb80n/F98K4Iww at public.gmane.org>
[PATCH] Remove NAT to multiple ranges
The NAT code has the concept of multiple ranges: you can say "map this
connection onto IP 192.168.1.2 - 192.168.1.4, 192.168.1.7 ports
1024-65535, and 192.168.1.10". I implemented this because we could.
But it's not actually *used* by many (any?) people, and you can
approximate this by a random match (from patch-o-matic) if you really
want to. It adds complexity to the code.
Signed-off-by: Rusty Russell <rusty-8n+1lVoiYb80n/F98K4Iww at public.gmane.org>
Signed-off-by: Linus Torvalds <torvalds-3NddpPZAyC0 at public.gmane.org>
Jamon
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list