gvisor

Commit Graph

Author	SHA1	Message	Date
Toshi Kikuchi	d1edabdca0	iptables: support postrouting hook and SNAT target The current SNAT implementation has several limitations: - SNAT source port has to be specified. It is not optional. - SNAT source port range is not supported. - SNAT for UDP is a one-way translation. No response packets are handled (because conntrack doesn't support UDP currently). - SNAT and REDIRECT can't work on the same connection. Fixes #5489 PiperOrigin-RevId: 367750325	2021-04-09 21:11:26 -07:00

Author

SHA1

Message

Date

Toshi Kikuchi

d1edabdca0

iptables: support postrouting hook and SNAT target

The current SNAT implementation has several limitations:
- SNAT source port has to be specified. It is not optional.
- SNAT source port range is not supported.
- SNAT for UDP is a one-way translation. No response packets
  are handled (because conntrack doesn't support UDP currently).
- SNAT and REDIRECT can't work on the same connection.

Fixes #5489

PiperOrigin-RevId: 367750325

2021-04-09 21:11:26 -07:00

1 Commits