diff options
author | Arturo Borrero <arturo.borrero.glez@gmail.com> | 2014-10-03 14:46:41 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-10-09 14:09:28 +0200 |
commit | fc53d1b6b93d9ca194334c43931753e19bcb127b (patch) | |
tree | 170218b0e392d7e123748d15396739ca05bb74e6 /src/parser.y | |
parent | 5fdd0b6a0600e66f9ff6d9a1d6b749aa68a3ba99 (diff) |
src: add nat persistent and random options
This patch adds more configuration options to the nat expression.
The syntax is as follow:
% nft add rule nat postrouting <snat|dnat> <nat_arguments> [flags]
Flags are: random, persistent, random-fully.
Example:
% nft add rule nat postrouting dnat 1.1.1.1 random,persistent
A requirement is to cache some [recent] copies of kernel headers.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/parser.y')
-rw-r--r-- | src/parser.y | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/src/parser.y b/src/parser.y index 03d6d138..aac25679 100644 --- a/src/parser.y +++ b/src/parser.y @@ -19,6 +19,7 @@ #include <linux/netfilter.h> #include <linux/netfilter/nf_tables.h> #include <linux/netfilter/nf_conntrack_tuple_common.h> +#include <linux/netfilter/nf_nat.h> #include <netinet/ip_icmp.h> #include <netinet/icmp6.h> #include <libnftnl/common.h> @@ -376,6 +377,9 @@ static void location_update(struct location *loc, struct location *rhs, int n) %token SNAT "snat" %token DNAT "dnat" +%token RANDOM "random" +%token RANDOM_FULLY "random-fully" +%token PERSISTENT "persistent" %token QUEUE "queue" %token QUEUENUM "num" @@ -440,6 +444,7 @@ static void location_update(struct location *loc, struct location *rhs, int n) %destructor { stmt_free($$); } reject_stmt reject_stmt_alloc %type <stmt> nat_stmt nat_stmt_alloc %destructor { stmt_free($$); } nat_stmt nat_stmt_alloc +%type <val> nf_nat_flags nf_nat_flag %type <stmt> queue_stmt queue_stmt_alloc %destructor { stmt_free($$); } queue_stmt queue_stmt_alloc %type <val> queue_stmt_flags queue_stmt_flag @@ -1456,6 +1461,22 @@ nat_stmt_args : expr { $<stmt>0->nat.proto = $2; } + | nat_stmt_args nf_nat_flags + { + $<stmt>0->nat.flags = $2; + } + ; + +nf_nat_flags : nf_nat_flag + | nf_nat_flags COMMA nf_nat_flag + { + $$ = $1 | $3; + } + ; + +nf_nat_flag : RANDOM { $$ = NF_NAT_RANGE_PROTO_RANDOM; } + | RANDOM_FULLY { $$ = NF_NAT_RANGE_PROTO_RANDOM_FULLY; } + | PERSISTENT { $$ = NF_NAT_RANGE_PERSISTENT; } ; queue_stmt : queue_stmt_alloc |