From cf8c90ea9985c9019b002037629ee362b5c50343 Mon Sep 17 00:00:00 2001
From: Arturo Borrero <arturo.borrero.glez@gmail.com>
Date: Mon, 6 Oct 2014 21:51:24 +0200
Subject: src: add masquerade support

This patch adds masquerade support for nft.

The syntax is:

 % nft add rule nat postrouting masquerade [flags]

Currently, flags are:
 random, random-fully, persistent

Example:
 % nft add rule nat postrouting masquerade random,persistent

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/netlink_delinearize.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'src/netlink_delinearize.c')

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 4bb4697c..38618ee8 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -568,6 +568,21 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx,
 	list_add_tail(&stmt->list, &ctx->rule->stmts);
 }
 
+static void netlink_parse_masq(struct netlink_parse_ctx *ctx,
+			       const struct location *loc,
+			       const struct nft_rule_expr *nle)
+{
+	struct stmt *stmt;
+
+	stmt = masq_stmt_alloc(loc);
+
+	if (nft_rule_expr_is_set(nle, NFT_EXPR_MASQ_FLAGS))
+		stmt->masq.flags = nft_rule_expr_get_u32(nle,
+							 NFT_EXPR_MASQ_FLAGS);
+
+	list_add_tail(&stmt->list, &ctx->rule->stmts);
+}
+
 static void netlink_parse_queue(struct netlink_parse_ctx *ctx,
 			      const struct location *loc,
 			      const struct nft_rule_expr *nle)
@@ -614,6 +629,7 @@ static const struct {
 	{ .name = "limit",	.parse = netlink_parse_limit },
 	{ .name = "reject",	.parse = netlink_parse_reject },
 	{ .name = "nat",	.parse = netlink_parse_nat },
+	{ .name = "masq",	.parse = netlink_parse_masq },
 	{ .name = "queue",	.parse = netlink_parse_queue },
 };
 
-- 
cgit v1.2.3