summaryrefslogtreecommitdiffhomepage
path: root/pkg/abi/linux
diff options
context:
space:
mode:
authorNayana Bidari <nybidari@google.com>2020-02-25 15:03:51 -0800
committerNayana Bidari <nybidari@google.com>2020-02-25 15:03:51 -0800
commitacc405ba60834f5dce9ce04cd762d5cda02224cb (patch)
tree6571786bd38f1a5755a09dc717e9b0012d5c7d7a /pkg/abi/linux
parentb30b7f3422202232ad1c385a7ac0d775151fee2f (diff)
Add nat table support for iptables.
- commit the changes for the comments.
Diffstat (limited to 'pkg/abi/linux')
-rw-r--r--pkg/abi/linux/netfilter.go23
1 files changed, 20 insertions, 3 deletions
diff --git a/pkg/abi/linux/netfilter.go b/pkg/abi/linux/netfilter.go
index ba4d84962..2179ac995 100644
--- a/pkg/abi/linux/netfilter.go
+++ b/pkg/abi/linux/netfilter.go
@@ -250,8 +250,24 @@ type XTErrorTarget struct {
// SizeOfXTErrorTarget is the size of an XTErrorTarget.
const SizeOfXTErrorTarget = 64
+// Flag values for NfNATIPV4Range. The values indicate whether to map
+// protocol specific part(ports) or IPs. It corresponds to values in
+// include/uapi/linux/netfilter/nf_nat.h.
+const (
+ NF_NAT_RANGE_MAP_IPS = 1 << 0
+ NF_NAT_RANGE_PROTO_SPECIFIED = 1 << 1
+ NF_NAT_RANGE_PROTO_RANDOM = 1 << 2
+ NF_NAT_RANGE_PERSISTENT = 1 << 3
+ NF_NAT_RANGE_PROTO_RANDOM_FULLY = 1 << 4
+ NF_NAT_RANGE_PROTO_RANDOM_ALL = (NF_NAT_RANGE_PROTO_RANDOM | NF_NAT_RANGE_PROTO_RANDOM_FULLY)
+ NF_NAT_RANGE_MASK = (NF_NAT_RANGE_MAP_IPS |
+ NF_NAT_RANGE_PROTO_SPECIFIED | NF_NAT_RANGE_PROTO_RANDOM |
+ NF_NAT_RANGE_PERSISTENT | NF_NAT_RANGE_PROTO_RANDOM_FULLY)
+)
+
// NfNATIPV4Range. It corresponds to struct nf_nat_ipv4_range
-// in include/uapi/linux/netfilter/nf_nat.h.
+// in include/uapi/linux/netfilter/nf_nat.h. The fields are in
+// network byte order.
type NfNATIPV4Range struct {
Flags uint32
MinIP [4]byte
@@ -263,11 +279,12 @@ type NfNATIPV4Range struct {
// NfNATIPV4MultiRangeCompat. It corresponds to struct
// nf_nat_ipv4_multi_range_compat in include/uapi/linux/netfilter/nf_nat.h.
type NfNATIPV4MultiRangeCompat struct {
- Rangesize uint32
- RangeIPV4 [1]NfNATIPV4Range
+ RangeSize uint32
+ RangeIPV4 NfNATIPV4Range
}
// XTRedirectTarget triggers a redirect when reached.
+// Adding 4 bytes of padding to make the struct 8 byte aligned.
type XTRedirectTarget struct {
Target XTEntryTarget
NfRange NfNATIPV4MultiRangeCompat