[iptables] SNAT/DNAT: add support for persistent multi-range NAT mappings
Patrick McHardy
netfilter-cvslog-bounces at lists.netfilter.org
Fri Apr 17 18:12:20 CEST 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=467fa9fe70f08342a50b859ddd431c848a956679
commit 467fa9fe70f08342a50b859ddd431c848a956679
Author: Patrick McHardy <kaber at trash.net>
AuthorDate: Fri Apr 17 18:11:09 2009 +0200
Commit: Patrick McHardy <kaber at trash.net>
CommitDate: Fri Apr 17 18:11:09 2009 +0200
SNAT/DNAT: add support for persistent multi-range NAT mappings
Add support for persistent mappings (2.6.29-rc2+) as replacement for the
removed SAME target.
Signed-off-by: Patrick McHardy <kaber at trash.net>
via 467fa9fe70f08342a50b859ddd431c848a956679 (commit)
from b5508d20e6d1bea01d398b74103ee85630b05f58 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 467fa9fe70f08342a50b859ddd431c848a956679
Author: Patrick McHardy <kaber at trash.net>
Date: Fri Apr 17 18:11:09 2009 +0200
SNAT/DNAT: add support for persistent multi-range NAT mappings
Add support for persistent mappings (2.6.29-rc2+) as replacement for the
removed SAME target.
Signed-off-by: Patrick McHardy <kaber at trash.net>
-----------------------------------------------------------------------
extensions/libipt_DNAT.c | 12 +++++++++++-
extensions/libipt_SNAT.c | 11 ++++++++++-
include/net/netfilter/nf_nat.h | 1 +
3 files changed, 22 insertions(+), 2 deletions(-)
Add support for persistent mappings (2.6.29-rc2+) as replacement for the
removed SAME target.
Signed-off-by: Patrick McHardy <kaber at trash.net>
diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c
index b5f8028..dc79b44 100644
--- a/extensions/libipt_DNAT.c
+++ b/extensions/libipt_DNAT.c
@@ -27,12 +27,13 @@ static void DNAT_help(void)
"DNAT target options:\n"
" --to-destination <ipaddr>[-<ipaddr>][:port-port]\n"
" Address to map destination to.\n"
-"[--random]\n");
+"[--random] [--persistent]\n");
}
static const struct option DNAT_opts[] = {
{ "to-destination", 1, NULL, '1' },
{ "random", 0, NULL, '2' },
+ { "persistent", 0, NULL, '3' },
{ .name = NULL }
};
@@ -178,6 +179,11 @@ static int DNAT_parse(int c, char **argv, int invert, unsigned int *flags,
} else
*flags |= IPT_DNAT_OPT_RANDOM;
return 1;
+
+ case '3':
+ info->mr.range[0].flags |= IP_NAT_RANGE_PERSISTENT;
+ return 1;
+
default:
return 0;
}
@@ -222,6 +228,8 @@ static void DNAT_print(const void *ip, const struct xt_entry_target *target,
printf(" ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
printf("random ");
+ if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
+ printf("persistent ");
}
}
@@ -236,6 +244,8 @@ static void DNAT_save(const void *ip, const struct xt_entry_target *target)
printf(" ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
printf("--random ");
+ if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
+ printf("--persistent ");
}
}
diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c
index 944fe67..9609ad9 100644
--- a/extensions/libipt_SNAT.c
+++ b/extensions/libipt_SNAT.c
@@ -27,12 +27,13 @@ static void SNAT_help(void)
"SNAT target options:\n"
" --to-source <ipaddr>[-<ipaddr>][:port-port]\n"
" Address to map source to.\n"
-"[--random]\n");
+"[--random] [--persistent]\n");
}
static const struct option SNAT_opts[] = {
{ "to-source", 1, NULL, '1' },
{ "random", 0, NULL, '2' },
+ { "persistent", 0, NULL, '3' },
{ .name = NULL }
};
@@ -179,6 +180,10 @@ static int SNAT_parse(int c, char **argv, int invert, unsigned int *flags,
*flags |= IPT_SNAT_OPT_RANDOM;
return 1;
+ case '3':
+ info->mr.range[0].flags |= IP_NAT_RANGE_PERSISTENT;
+ return 1;
+
default:
return 0;
}
@@ -223,6 +228,8 @@ static void SNAT_print(const void *ip, const struct xt_entry_target *target,
printf(" ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
printf("random ");
+ if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
+ printf("persistent ");
}
}
@@ -237,6 +244,8 @@ static void SNAT_save(const void *ip, const struct xt_entry_target *target)
printf(" ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
printf("--random ");
+ if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
+ printf("--persistent ");
}
}
diff --git a/include/net/netfilter/nf_nat.h b/include/net/netfilter/nf_nat.h
index 094473e..c3e2060 100644
--- a/include/net/netfilter/nf_nat.h
+++ b/include/net/netfilter/nf_nat.h
@@ -18,6 +18,7 @@ enum nf_nat_manip_type
#define IP_NAT_RANGE_MAP_IPS 1
#define IP_NAT_RANGE_PROTO_SPECIFIED 2
#define IP_NAT_RANGE_PROTO_RANDOM 4
+#define IP_NAT_RANGE_PERSISTENT 8
/* NAT sequence number modifications */
struct nf_nat_seq {
More information about the netfilter-cvslog
mailing list