diff options
author | Arturo Borrero <arturo.borrero.glez@gmail.com> | 2014-10-03 14:46:41 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-10-09 14:09:28 +0200 |
commit | fc53d1b6b93d9ca194334c43931753e19bcb127b (patch) | |
tree | 170218b0e392d7e123748d15396739ca05bb74e6 /src/statement.c | |
parent | 5fdd0b6a0600e66f9ff6d9a1d6b749aa68a3ba99 (diff) |
src: add nat persistent and random options
This patch adds more configuration options to the nat expression.
The syntax is as follow:
% nft add rule nat postrouting <snat|dnat> <nat_arguments> [flags]
Flags are: random, persistent, random-fully.
Example:
% nft add rule nat postrouting dnat 1.1.1.1 random,persistent
A requirement is to cache some [recent] copies of kernel headers.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/statement.c')
-rw-r--r-- | src/statement.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/src/statement.c b/src/statement.c index 357f0948..f1d83fcb 100644 --- a/src/statement.c +++ b/src/statement.c @@ -24,6 +24,9 @@ #include <utils.h> #include <list.h> +#include <netinet/in.h> +#include <linux/netfilter/nf_nat.h> + struct stmt *stmt_alloc(const struct location *loc, const struct stmt_ops *ops) { @@ -271,6 +274,27 @@ struct stmt *reject_stmt_alloc(const struct location *loc) return stmt_alloc(loc, &reject_stmt_ops); } +static void print_nf_nat_flags(uint32_t flags) +{ + const char *delim = " "; + + if (flags == 0) + return; + + if (flags & NF_NAT_RANGE_PROTO_RANDOM) { + printf("%srandom", delim); + delim = ","; + } + + if (flags & NF_NAT_RANGE_PROTO_RANDOM_FULLY) { + printf("%srandom-fully", delim); + delim = ","; + } + + if (flags & NF_NAT_RANGE_PERSISTENT) + printf("%spersistent", delim); +} + static void nat_stmt_print(const struct stmt *stmt) { static const char *nat_types[] = { @@ -285,6 +309,8 @@ static void nat_stmt_print(const struct stmt *stmt) printf(":"); expr_print(stmt->nat.proto); } + + print_nf_nat_flags(stmt->nat.flags); } static void nat_stmt_destroy(struct stmt *stmt) |