git.baikalelectronics.ru Git - kernel.git/commit

author	Arturo Borrero <arturo.borrero.glez@gmail.com>
	Thu, 4 Sep 2014 12:06:14 +0000 (14:06 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 9 Sep 2014 14:31:27 +0000 (16:31 +0200)
commit	971c03d2e001eca72040893d8ad550e797b6bcc6
tree	39ca3eca0d99acea8c49fc73e79244c63e191af5	tree \| snapshot
parent	a49eb7ff6607fe2e0b87bc25b21ce9a5e92e1179	commit \| diff

netfilter: nft_nat: include a flag attribute

Both SNAT and DNAT (and the upcoming masquerade) can have additional
configuration parameters, such as port randomization and NAT addressing
persistence. We can cover these scenarios by simply adding a flag
attribute for userspace to fill when needed.

The flags to use are defined in include/uapi/linux/netfilter/nf_nat.h:

NF_NAT_RANGE_MAP_IPS
NF_NAT_RANGE_PROTO_SPECIFIED
NF_NAT_RANGE_PROTO_RANDOM
NF_NAT_RANGE_PERSISTENT
NF_NAT_RANGE_PROTO_RANDOM_FULLY
NF_NAT_RANGE_PROTO_RANDOM_ALL

The caller must take care of not messing up with the flags, as they are
added unconditionally to the final resulting nf_nat_range.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/uapi/linux/netfilter/nf_nat.h		diff \| blob \| history
include/uapi/linux/netfilter/nf_tables.h		diff \| blob \| history
net/netfilter/nft_nat.c		diff \| blob \| history