From 9599d9d25a6b383b72b119c709af33f6f6031786 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 24 Apr 2020 21:56:46 +0200
Subject: src: NAT support for intervals in maps

This patch allows you to specify an interval of IP address in maps.

 table ip x {
        chain y {
                type nat hook postrouting priority srcnat; policy accept;
                snat ip interval to ip saddr map { 10.141.11.4 : 192.168.2.2-192.168.2.4 }
        }
 }

The example above performs SNAT to packets that comes from 10.141.11.4
to an interval of IP addresses from 192.168.2.2 to 192.168.2.4 (both
included).

You can also combine this with dynamic maps:

 table ip x {
        map y {
                type ipv4_addr : interval ipv4_addr
                flags interval
                elements = { 10.141.10.0/24 : 192.168.2.2-192.168.2.4 }
        }

        chain y {
                type nat hook postrouting priority srcnat; policy accept;
                snat ip interval to ip saddr map @y
        }
 }

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/expression.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'include/expression.h')

diff --git a/include/expression.h b/include/expression.h
index 87c39e5d..35934827 100644
--- a/include/expression.h
+++ b/include/expression.h
@@ -184,6 +184,7 @@ const struct expr_ops *expr_ops_by_type(enum expr_types etype);
  * @EXPR_F_PROTOCOL:		expressions describes upper layer protocol
  * @EXPR_F_INTERVAL_END:	set member ends an open interval
  * @EXPR_F_BOOLEAN:		expression is boolean (set by relational expr on LHS)
+ * @EXPR_F_INTERVAL:		expression describes a interval
  */
 enum expr_flags {
 	EXPR_F_CONSTANT		= 0x1,
@@ -191,6 +192,7 @@ enum expr_flags {
 	EXPR_F_PROTOCOL		= 0x4,
 	EXPR_F_INTERVAL_END	= 0x8,
 	EXPR_F_BOOLEAN		= 0x10,
+	EXPR_F_INTERVAL		= 0x20,
 };
 
 #include <payload.h>
-- 
cgit v1.2.3