Create null entry connection on first IPTables hook

...all connections should be tracked by ConnTrack, so create a no-op
connection entry on the first hook into IPTables (Prerouting or
Output) and let NAT targets modify the connection entry if they
need to instead of letting the NAT target create their own connection
entry.

This also prepares for "twice-NAT" where a packet may have both DNAT and
SNAT performed on it (which requires the ability to update ConnTrack
entries).

Updates #5696.

PiperOrigin-RevId: 401360377

0 files changed, 0 insertions, 0 deletions