iptables: add random option to SNAT (Eric Leblond)

1 files changed, 22 insertions, 1 deletions

diff --git a/extensions/libipt_MASQUERADE.c b/extensions/libipt_MASQUERADE.c
index 7eddcc0..e06333a 100644
--- a/extensions/libipt_MASQUERADE.c
+++ b/extensions/libipt_MASQUERADE.c
@@ -15,12 +15,21 @@ help(void)
 	printf(
 "MASQUERADE v%s options:\n"
 " --to-ports <port>[-<port>]\n"
-"				Port (range) to map to.\n\n",
+"				Port (range) to map to.\n"
+#ifdef IP_NAT_RANGE_PROTO_RANDOM
+" --random\n"
+"				Randomize source port.\n"
+#endif
+"\n"
+,
 IPTABLES_VERSION);
 }
 
 static struct option opts[] = {
 	{ "to-ports", 1, 0, '1' },
+#ifdef IP_NAT_RANGE_PROTO_RANDOM
+	{ "random", 0, 0, '2' },
+#endif
 	{ 0 }
 };
 
@@ -100,6 +109,12 @@ parse(int c, char **argv, int invert, unsigned int *flags,
 		parse_ports(optarg, mr);
 		return 1;
 
+#ifdef IP_NAT_RANGE_PROTO_RANDOM
+	case '2':
+		mr->range[0].flags |=  IP_NAT_RANGE_PROTO_RANDOM;
+		return 1;
+#endif
+
 	default:
 		return 0;
 	}
@@ -127,6 +142,12 @@ print(const struct ipt_ip *ip,
 			printf("-%hu", ntohs(r->max.tcp.port));
 		printf(" ");
 	}
+
+#ifdef IP_NAT_RANGE_PROTO_RANDOM
+	if (r->flags & IP_NAT_RANGE_PROTO_RANDOM) {
+		printf("random");
+	}
+#endif
 }
 
 /* Saves the union ipt_targinfo in parsable form to stdout. */