diff options
author | Arturo Borrero <arturo.borrero.glez@gmail.com> | 2014-10-03 14:46:41 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-10-09 14:09:28 +0200 |
commit | fc53d1b6b93d9ca194334c43931753e19bcb127b (patch) | |
tree | 170218b0e392d7e123748d15396739ca05bb74e6 /include/linux/netfilter/nf_conntrack_tuple_common.h | |
parent | 5fdd0b6a0600e66f9ff6d9a1d6b749aa68a3ba99 (diff) |
src: add nat persistent and random options
This patch adds more configuration options to the nat expression.
The syntax is as follow:
% nft add rule nat postrouting <snat|dnat> <nat_arguments> [flags]
Flags are: random, persistent, random-fully.
Example:
% nft add rule nat postrouting dnat 1.1.1.1 random,persistent
A requirement is to cache some [recent] copies of kernel headers.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/linux/netfilter/nf_conntrack_tuple_common.h')
-rw-r--r-- | include/linux/netfilter/nf_conntrack_tuple_common.h | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/include/linux/netfilter/nf_conntrack_tuple_common.h b/include/linux/netfilter/nf_conntrack_tuple_common.h index 8e145f0d..8ab31184 100644 --- a/include/linux/netfilter/nf_conntrack_tuple_common.h +++ b/include/linux/netfilter/nf_conntrack_tuple_common.h @@ -1,13 +1,41 @@ #ifndef _NF_CONNTRACK_TUPLE_COMMON_H #define _NF_CONNTRACK_TUPLE_COMMON_H -enum ip_conntrack_dir -{ +#include <linux/types.h> + +enum ip_conntrack_dir { IP_CT_DIR_ORIGINAL, IP_CT_DIR_REPLY, IP_CT_DIR_MAX }; +/* The protocol-specific manipulable parts of the tuple: always in + * network order + */ +union nf_conntrack_man_proto { + /* Add other protocols here. */ + __be16 all; + + struct { + __be16 port; + } tcp; + struct { + __be16 port; + } udp; + struct { + __be16 id; + } icmp; + struct { + __be16 port; + } dccp; + struct { + __be16 port; + } sctp; + struct { + __be16 key; /* GRE key is 32bit, PPtP only uses 16bit */ + } gre; +}; + #define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL) #endif /* _NF_CONNTRACK_TUPLE_COMMON_H */ |