diff options
| author | Toshi Kikuchi <toshik@google.com> | 2021-04-09 21:09:47 -0700 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2021-04-09 21:11:26 -0700 |
| commit | d1edabdca016b9d80295855a3ce6d2816486d65c (patch) | |
| tree | 9e9827ed0ff58ada2beab7605366d5c881404861 /test/iptables/iptables_test.go | |
| parent | ea7faa50579d3d76c6cbb1f7ffba4e16eebf1885 (diff) | |
iptables: support postrouting hook and SNAT target
The current SNAT implementation has several limitations:
- SNAT source port has to be specified. It is not optional.
- SNAT source port range is not supported.
- SNAT for UDP is a one-way translation. No response packets
are handled (because conntrack doesn't support UDP currently).
- SNAT and REDIRECT can't work on the same connection.
Fixes #5489
PiperOrigin-RevId: 367750325
Diffstat (limited to 'test/iptables/iptables_test.go')
| -rw-r--r-- | test/iptables/iptables_test.go | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/test/iptables/iptables_test.go b/test/iptables/iptables_test.go index d6c69a319..04d112134 100644 --- a/test/iptables/iptables_test.go +++ b/test/iptables/iptables_test.go @@ -456,3 +456,11 @@ func TestNATPreRECVORIGDSTADDR(t *testing.T) { func TestNATOutRECVORIGDSTADDR(t *testing.T) { singleTest(t, &NATOutRECVORIGDSTADDR{}) } + +func TestNATPostSNATUDP(t *testing.T) { + singleTest(t, &NATPostSNATUDP{}) +} + +func TestNATPostSNATTCP(t *testing.T) { + singleTest(t, &NATPostSNATTCP{}) +} |