support masquerade all config

Signed-off-by: bingshen.wbs <[email protected]>
containernetworking · Sep 16, 2022 · 271041e · 271041e
1 parent f1f128e
commit 271041e
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/plugins/meta/portmap/main.go b/plugins/meta/portmap/main.go
@@ -54,6 +54,7 @@ type PortMapConf struct {
 	SNAT                 *bool     `json:"snat,omitempty"`
 	ConditionsV4         *[]string `json:"conditionsV4"`
 	ConditionsV6         *[]string `json:"conditionsV6"`
+	MasqAll              bool      `json:"masqAll,omitempty"`
 	MarkMasqBit          *int      `json:"markMasqBit"`
 	ExternalSetMarkChain *string   `json:"externalSetMarkChain"`
 	RuntimeConfig        struct {

diff --git a/plugins/meta/portmap/portmap.go b/plugins/meta/portmap/portmap.go
@@ -259,13 +259,18 @@ func fillDnatRules(c *chain, config *PortMapConf, containerNet net.IPNet) {
 			hpRule := make([]string, len(ruleBase), len(ruleBase)+4)
 			copy(hpRule, ruleBase)
 
+			masqCIDR := containerNet.String()
+			if config.MasqAll {
+				masqCIDR = "0.0.0.0/0"
+			}
+
 			hpRule = append(hpRule,
-				"-s", containerNet.String(),
+				"-s", masqCIDR,
 				"-j", setMarkChainName,
 			)
 			c.rules = append(c.rules, hpRule)
 
-			if !isV6 {
+			if !isV6 && !config.MasqAll {
 				// localhost
 				localRule := make([]string, len(ruleBase), len(ruleBase)+4)
 				copy(localRule, ruleBase)