Problem:

We would like to specify specific IP ranges to masquerade using ip masq agent. Currently, ip masq agent only allows us to specify what IP ranges not to masquerade. While we can add ranges to exclude such that only one ip is actually masqueraded, this is not scalable and will likely lead to performance issues.

Proposal:

Specify a new key masqueradeCIDRs []string in the ipmasq agent conflist
If masqueradeCIDRs has any CIDR in its list, there should be no CIDRs in nonMasqueradeCIDRs, and vice versa
Other options like masqing link local could be ignored/not compatible with this field for simplicity, or specifying true for those could add an explicit rule to masq that CIDR range.
Existing behavior if masqueradeCIDRs is not specified remains the same

Wondering how feasible implementing this would be/if this would be beyond the scope of this project? If reasonable, thoughts on how this setting would interact with the existing options?

@bowei as this was first mentioned in the context of cilium ip masq agent