]> git.baikalelectronics.ru Git - kernel.git/commit
netfilter: nft_nat: include a flag attribute
authorArturo Borrero <arturo.borrero.glez@gmail.com>
Thu, 4 Sep 2014 12:06:14 +0000 (14:06 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 9 Sep 2014 14:31:27 +0000 (16:31 +0200)
commit072411f48a84ba0f10aa960635cd6bbb70500658
tree39ca3eca0d99acea8c49fc73e79244c63e191af5
parent1300e6763e81051d0061439c43f20ccf3101b11a
netfilter: nft_nat: include a flag attribute

Both SNAT and DNAT (and the upcoming masquerade) can have additional
configuration parameters, such as port randomization and NAT addressing
persistence. We can cover these scenarios by simply adding a flag
attribute for userspace to fill when needed.

The flags to use are defined in include/uapi/linux/netfilter/nf_nat.h:

 NF_NAT_RANGE_MAP_IPS
 NF_NAT_RANGE_PROTO_SPECIFIED
 NF_NAT_RANGE_PROTO_RANDOM
 NF_NAT_RANGE_PERSISTENT
 NF_NAT_RANGE_PROTO_RANDOM_FULLY
 NF_NAT_RANGE_PROTO_RANDOM_ALL

The caller must take care of not messing up with the flags, as they are
added unconditionally to the final resulting nf_nat_range.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/uapi/linux/netfilter/nf_nat.h
include/uapi/linux/netfilter/nf_tables.h
net/netfilter/nft_nat.c