Hi, This is a batch to revisit NAT redirect support: Patch #1 add a few assert() to src/optimize.c related to NAT support. Patch #2 relax check for explicit transport protocol match if NAT expression implicitly refers to transport protocol match. Patch #3 remove workaround required before patch #2 Patch #4 add -o/--optimize support for NAT redirect (and masquerade). Pablo Neira Ayuso (4): optimize: assert nat type on nat statement helper evaluate: bogus missing transport protocol netlink_delinearize: do not reset protocol context for nat protocol expression optimize: support for redirect and masquerade src/evaluate.c | 11 +- src/netlink_delinearize.c | 4 +- src/optimize.c | 140 +++++++++++++----- .../optimizations/dumps/merge_nat.nft | 4 + tests/shell/testcases/optimizations/merge_nat | 7 + 5 files changed, 127 insertions(+), 39 deletions(-) -- 2.30.2
