From 1905e3521e8401ad2ef912263265596d43e06a3c Mon Sep 17 00:00:00 2001 From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org" Date: Sat, 24 Feb 2007 15:11:33 +0000 Subject: iptables: add random option to SNAT (Eric Leblond) --- extensions/libipt_SNAT.c | 39 +++++++++++++++++++++++++++++++++++---- 1 file changed, 35 insertions(+), 4 deletions(-) (limited to 'extensions/libipt_SNAT.c') diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c index 867c9d0..3614739 100644 --- a/extensions/libipt_SNAT.c +++ b/extensions/libipt_SNAT.c @@ -8,6 +8,11 @@ #include #include +#define IPT_SNAT_OPT_SOURCE 0x01 +#ifdef IP_NAT_RANGE_PROTO_RANDOM +# define IPT_SNAT_OPT_RANDOM 0x02 +#endif + /* Source NAT data consists of a multi-range, indicating where to map to. */ struct ipt_natinfo @@ -22,7 +27,11 @@ help(void) { printf( "SNAT v%s options:\n" -" --to-source [-][:port-port]\n" +" --to-source [-][:port-port]" +#ifdef IP_NAT_RANGE_PROTO_RANDOM +"[--random]" +#endif +"\n" " Address to map source to.\n" " (You can use this more than once)\n\n", IPTABLES_VERSION); @@ -30,6 +39,9 @@ IPTABLES_VERSION); static struct option opts[] = { { "to-source", 1, 0, '1' }, +#ifdef IP_NAT_RANGE_PROTO_RANDOM + { "random", 0, 0, '2' }, +#endif { 0 } }; @@ -155,7 +167,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --to-source"); - if (*flags) { + if (*flags & IPT_SNAT_OPT_SOURCE) { if (!kernel_version) get_kernel_version(); if (kernel_version > LINUX_VERSION(2, 6, 10)) @@ -163,8 +175,22 @@ parse(int c, char **argv, int invert, unsigned int *flags, "Multiple --to-source not supported"); } *target = parse_to(optarg, portok, info); - *flags = 1; +#ifdef IP_NAT_RANGE_PROTO_RANDOM + if (*flags & IPT_SNAT_OPT_RANDOM) + info->mr.range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM; +#endif + *flags = IPT_SNAT_OPT_SOURCE; + return 1; + +#ifdef IP_NAT_RANGE_PROTO_RANDOM + case '2': + if (*flags & IPT_SNAT_OPT_SOURCE) { + info->mr.range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM; + *flags |= IPT_SNAT_OPT_RANDOM; + } else + *flags |= IPT_SNAT_OPT_RANDOM; return 1; +#endif default: return 0; @@ -174,7 +200,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, /* Final check; must have specfied --to-source. */ static void final_check(unsigned int flags) { - if (!flags) + if (!(flags & IPT_SNAT_OPT_SOURCE)) exit_error(PARAMETER_PROBLEM, "You must specify --to-source"); } @@ -197,6 +223,11 @@ static void print_range(const struct ip_nat_range *r) if (r->max.tcp.port != r->min.tcp.port) printf("-%hu", ntohs(r->max.tcp.port)); } +#ifdef IP_NAT_RANGE_PROTO_RANDOM + if (r->flags & IP_NAT_RANGE_PROTO_RANDOM) { + printf(" random"); + } +#endif } /* Prints out the targinfo. */ -- cgit v1.2.3