Add nat table support for iptables.

Add nat table support for Prerouting hook with Redirect option. Add tests to check redirect of ports.
author: Nayana Bidari <nybidari@google.com> 2020-02-18 11:30:42 -0800
committer: Nayana Bidari <nybidari@google.com> 2020-02-18 11:30:42 -0800
commit: b30b7f3422202232ad1c385a7ac0d775151fee2f (patch)
tree: 3b8de1ccfc8e6abbe7ccb5e35b3fc5832acad0ca /pkg/abi/linux
parent: fae3de21af7f50266565643c6283912b087b0f5a (diff)
1 files changed, 27 insertions, 0 deletions
diff --git a/pkg/abi/linux/netfilter.go b/pkg/abi/linux/netfilter.go
index bbc4df74c..ba4d84962 100644
--- a/pkg/abi/linux/netfilter.go
+++ b/pkg/abi/linux/netfilter.go
@@ -250,6 +250,33 @@ type XTErrorTarget struct {
 // SizeOfXTErrorTarget is the size of an XTErrorTarget.
 const SizeOfXTErrorTarget = 64
 
+// NfNATIPV4Range. It corresponds to struct nf_nat_ipv4_range
+// in include/uapi/linux/netfilter/nf_nat.h.
+type NfNATIPV4Range struct {
+	Flags   uint32
+	MinIP   [4]byte
+	MaxIP   [4]byte
+	MinPort uint16
+	MaxPort uint16
+}
+
+// NfNATIPV4MultiRangeCompat. It corresponds to struct
+// nf_nat_ipv4_multi_range_compat in include/uapi/linux/netfilter/nf_nat.h.
+type NfNATIPV4MultiRangeCompat struct {
+	Rangesize uint32
+	RangeIPV4 [1]NfNATIPV4Range
+}
+
+// XTRedirectTarget triggers a redirect when reached.
+type XTRedirectTarget struct {
+	Target  XTEntryTarget
+	NfRange NfNATIPV4MultiRangeCompat
+	_       [4]byte
+}
+
+// SizeOfXTRedirectTarget is the size of an XTRedirectTarget.
+const SizeOfXTRedirectTarget = 56
+
 // IPTGetinfo is the argument for the IPT_SO_GET_INFO sockopt. It corresponds
 // to struct ipt_getinfo in include/uapi/linux/netfilter_ipv4/ip_tables.h.
 type IPTGetinfo struct {
author	Nayana Bidari <nybidari@google.com>	2020-02-18 11:30:42 -0800
committer	Nayana Bidari <nybidari@google.com>	2020-02-18 11:30:42 -0800
commit	b30b7f3422202232ad1c385a7ac0d775151fee2f (patch)
tree	3b8de1ccfc8e6abbe7ccb5e35b3fc5832acad0ca /pkg/abi/linux
parent	fae3de21af7f50266565643c6283912b087b0f5a (diff)