mbox series

[nft,0/4] revisit NAT redirect support

Message ID 20230404143437.133493-1-pablo@netfilter.org
Headers show
Series revisit NAT redirect support | expand

Message

Pablo Neira Ayuso April 4, 2023, 2:34 p.m. UTC 
Hi,

This is a batch to revisit NAT redirect support:

Patch #1 add a few assert() to src/optimize.c related to NAT support.

Patch #2 relax check for explicit transport protocol match if NAT
	 expression implicitly refers to transport protocol match.

Patch #3 remove workaround required before patch #2

Patch #4 add -o/--optimize support for NAT redirect (and masquerade).

Pablo Neira Ayuso (4):
  optimize: assert nat type on nat statement helper
  evaluate: bogus missing transport protocol
  netlink_delinearize: do not reset protocol context for nat protocol expression
  optimize: support for redirect and masquerade

 src/evaluate.c                                |  11 +-
 src/netlink_delinearize.c                     |   4 +-
 src/optimize.c                                | 140 +++++++++++++-----
 .../optimizations/dumps/merge_nat.nft         |   4 +
 tests/shell/testcases/optimizations/merge_nat |   7 +
 5 files changed, 127 insertions(+), 39 deletions(-)