summaryrefslogtreecommitdiffstats
path: root/extensions/libip6t_SNAT.c
Commit message (Collapse)AuthorAgeFilesLines
* src: introduce struct xt_xlate_{mt,tg}_paramsPablo Neira Ayuso2016-07-251-3/+3
| | | | | | | | This structure is an extensible containers of parameters, so we don't need to propagate interface updates in every extension file in case we need to add new parameters in the future. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* iptables-translate: pass ipt_entry and ip6t_entry to ->xlate()Pablo Neira Ayuso2016-03-091-1/+1
| | | | | | | The multiport match needs it, this basically leaves ->xlate() indirection with almost the same interface as ->print(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: rename xt_buf to xt_xlatePablo Neira Ayuso2016-02-161-11/+11
| | | | | | | Use a more generic name for this object to prepare the introduction of other translation specific fields. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: libip6t_SNAT: Add translation to nftShivani Bhardwaj2016-02-161-0/+50
| | | | | | | | | | | | | | | | | | | | | Add translation for SNAT target to nftables. Examples: $ sudo ip6tables-translate -t nat -A postrouting -o eth0 -p tcp -j SNAT --to [fec0::1234]:80 nft add rule ip6 nat postrouting oifname eth0 ip6 nexthdr tcp counter snat fec0::1234 :80 $ sudo ip6tables-translate -t nat -A postrouting -o eth0 -p tcp -j SNAT --to [fec0::1234]:1-20 nft add rule ip6 nat postrouting oifname eth0 ip6 nexthdr tcp counter snat fec0::1234 :1-20 $ sudo ip6tables-translate -t nat -A postrouting -o eth0 -p tcp -j SNAT --to [fec0::1234]:123 --random nft add rule ip6 nat postrouting oifname eth0 ip6 nexthdr tcp counter snat fec0::1234 :123 random $ sudo ip6tables-translate -t nat -A postrouting -o eth0 -p tcp -j SNAT --to [fec0::1234]:123 --random-fully --persistent nft add rule ip6 nat postrouting oifname eth0 ip6 nexthdr tcp counter snat fec0::1234 :123 fully-random,persistent Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* iptables: snat: add randomize-full supportDaniel Borkmann2014-01-041-4/+14
| | | | | | | | | | | | | | | | This patch provides the userspace part for snat in order to make randomize-full support available in {ip,nf}tables. It allows for enabling full port randomization that was motivated in [1] and introduced to the kernel in [2]. Joint work between Hannes Frederic Sowa and Daniel Borkmann. [1] https://sites.google.com/site/hayashulman/files/NIC-derandomisation.pdf [2] http://patchwork.ozlabs.org/patch/304306/ Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extension: libip6t_DNAT: allow port DNAT without addressUlrich Weber2013-01-041-3/+8
| | | | | | | | | | | | | | | | | | | | | | | correct parsing of IPv6 port NAT without address NAT, assume one colon as port information. Allows: * address only: -j DNAT --to affe::1 -j DNAT --to [affe::1] * port only -j DNAT --to :80 -j DNAT --to :80-110 -j DNAT --to []:80 -j DNAT --to []:80-110 * address and port -j DNAT --to [affe::1]:80 -j DNAT --to [affe::1]:80-110 Signed-off-by: Ulrich Weber <ulrich.weber@sophos.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: add IPv6 SNAT extensionPatrick McHardy2012-09-101-0/+247
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>