From 0463fd19afce932c0e9127ca4afc7c001c912e07 Mon Sep 17 00:00:00 2001
From: "bingshen.wbs" <bingshen.wbs@alibaba-inc.com>
Date: Fri, 16 Sep 2022 16:39:44 +0800
Subject: [PATCH] support masquerade all config

Signed-off-by: bingshen.wbs <bingshen.wbs@alibaba-inc.com>
---
 plugins/meta/portmap/main.go    |  1 +
 plugins/meta/portmap/portmap.go | 13 +++++++++++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/plugins/meta/portmap/main.go b/plugins/meta/portmap/main.go
index 003d4d60..1e6bdd11 100644
--- a/plugins/meta/portmap/main.go
+++ b/plugins/meta/portmap/main.go
@@ -54,6 +54,7 @@ type PortMapConf struct {
 	SNAT                 *bool     `json:"snat,omitempty"`
 	ConditionsV4         *[]string `json:"conditionsV4"`
 	ConditionsV6         *[]string `json:"conditionsV6"`
+	MasqAll              bool      `json:"masqAll,omitempty"`
 	MarkMasqBit          *int      `json:"markMasqBit"`
 	ExternalSetMarkChain *string   `json:"externalSetMarkChain"`
 	RuntimeConfig        struct {
diff --git a/plugins/meta/portmap/portmap.go b/plugins/meta/portmap/portmap.go
index 480431be..d0fb0bf4 100644
--- a/plugins/meta/portmap/portmap.go
+++ b/plugins/meta/portmap/portmap.go
@@ -259,13 +259,22 @@ func fillDnatRules(c *chain, config *PortMapConf, containerNet net.IPNet) {
 			hpRule := make([]string, len(ruleBase), len(ruleBase)+4)
 			copy(hpRule, ruleBase)
 
+			masqCIDR := containerNet.String()
+			if config.MasqAll {
+				if isV6 {
+					masqCIDR = "::/0"
+				} else {
+					masqCIDR = "0.0.0.0/0"
+				}
+			}
+
 			hpRule = append(hpRule,
-				"-s", containerNet.String(),
+				"-s", masqCIDR,
 				"-j", setMarkChainName,
 			)
 			c.rules = append(c.rules, hpRule)
 
-			if !isV6 {
+			if !isV6 && !config.MasqAll {
 				// localhost
 				localRule := make([]string, len(ruleBase), len(ruleBase)+4)
 				copy(localRule, ruleBase)