In the Linux 4.X kernels I see the concept of RANDOM_FULLY masquerading, as in https://github.com/torvalds/linux/blob/8fe28cb58bcb235034b64cbbb7550a8a43fd88be/net/netfilter/nf_nat_proto_common.c#L84-L85 . But in the 5.X kernels I do not see the nf_nat code testing ` range->flags & NF_NAT_RANGE_PROTO_RANDOM_FULLY`. Is that the default behavior now, used unless `range->flags & NF_NAT_RANGE_PROTO_OFFSET` ? What sets `range->flags & NF_NAT_RANGE_PROTO_OFFSET` ? Does the `iptables` command still accept `-j MASQUERADE --random-fully`? If not, what version of iptables dropped that? I see the conntrack code still propagating this bit into some OVS flags; what's that about? Is there any documentation of this stuff? Thanks, Mike
