Feature #2240
Find interface subnets and static routes without the routing table in outbound NAT rule generation for reflection
| Status: | Resolved | Start date: | 02/28/2012 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | NAT Reflection | |||
| Target version: | 2.1 | |||
| Affected version: | 2.0 | Affected Architecture: |
Description
While it is only done once during filter reload, I've been told that on systems with a large IPv4 routing table, getting a copy of the routing table can take some number of minutes. Instead of using the routing table, the various places where this info resides in the config should be aggregated and used instead for finding the information that is needed for generating the outbound NAT rules for reflection.
Associated revisions
Modify filter_get_direct_networks_list to optionally return an array instead, which includes subnet, friendly interface, and gateway (if applicable), for ticket #2240
Use filter_get_direct_networks_list instead of dumping a copy of the routing table. Ticket #2240
Clean up filter_generate_reflection_nat, remove obsolete checks, and add new checks that are now needed. Ticket #2240
History
#1
Updated by Erik Fonnesbeck about 1 year ago
- Tracker changed from Todo to Feature
- Status changed from New to Feedback
- Target version set to 2.1
I can't change the status of "todo" type tickets for some reason, so I'm changing this one to "feature"
With these 3 commits it is working now without dumping a copy of the routing table. It doesn't support VPNs yet without manually creating outbound NAT rules, but then I don't think it ever really did in the first place even before these changes.
#2
Updated by Chris Buechler 6 months ago
- Status changed from Feedback to Resolved