Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/netinet/ip_nat.h
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* $NetBSD: ip_nat.h,v 1.31.2.2 2004/08/13 03:55:44 jmc Exp $ */ 2 3 /* 4 * Copyright (C) 1995-2001, 2003 by Darren Reed. 5 * 6 * See the IPFILTER.LICENCE file for details on licencing. 7 * 8 * @(#)ip_nat.h 1.5 2/4/96 9 * Id: ip_nat.h,v 2.90.2.4 2004/06/20 10:25:28 darrenr Exp 10 */ 11 12 #ifndef __IP_NAT_H__ 13 #define __IP_NAT_H__ 14 15 #ifndef SOLARIS 16 #define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4))) 17 #endif 18 19 #if defined(__STDC__) || defined(__GNUC__) 20 #define SIOCADNAT _IOW('r', 60, struct ipfobj) 21 #define SIOCRMNAT _IOW('r', 61, struct ipfobj) 22 #define SIOCGNATS _IOWR('r', 62, struct ipfobj) 23 #define SIOCGNATL _IOWR('r', 63, struct ipfobj) 24 #define SIOCPROXY _IOWR('r', 64, struct ap_control) 25 #else 26 #define SIOCADNAT _IOW(r, 60, struct ipfobj) 27 #define SIOCRMNAT _IOW(r, 61, struct ipfobj) 28 #define SIOCGNATS _IOWR(r, 62, struct ipfobj) 29 #define SIOCGNATL _IOWR(r, 63, struct ipfobj) 30 #define SIOCPROXY _IOWR(r, 64, struct ap_control) 31 #endif 32 33 #undef LARGE_NAT /* define this if you're setting up a system to NAT 34 * LARGE numbers of networks/hosts - i.e. in the 35 * hundreds or thousands. In such a case, you should 36 * also change the RDR_SIZE and NAT_SIZE below to more 37 * appropriate sizes. The figures below were used for 38 * a setup with 1000-2000 networks to NAT. 39 */ 40 #ifndef NAT_SIZE 41 # ifdef LARGE_NAT 42 # define NAT_SIZE 2047 43 # else 44 # define NAT_SIZE 127 45 # endif 46 #endif 47 #ifndef RDR_SIZE 48 # ifdef LARGE_NAT 49 # define RDR_SIZE 2047 50 # else 51 # define RDR_SIZE 127 52 # endif 53 #endif 54 #ifndef HOSTMAP_SIZE 55 # ifdef LARGE_NAT 56 # define HOSTMAP_SIZE 8191 57 # else 58 # define HOSTMAP_SIZE 2047 59 # endif 60 #endif 61 #ifndef NAT_TABLE_MAX 62 /* 63 * This is newly introduced and for the sake of "least surprise", the numbers 64 * present aren't what we'd normally use for creating a proper hash table. 65 */ 66 # ifdef LARGE_NAT 67 # define NAT_TABLE_MAX 180000 68 # else 69 # define NAT_TABLE_MAX 30000 70 # endif 71 #endif 72 #ifndef NAT_TABLE_SZ 73 # ifdef LARGE_NAT 74 # define NAT_TABLE_SZ 16383 75 # else 76 # define NAT_TABLE_SZ 2047 77 # endif 78 #endif 79 #ifndef APR_LABELLEN 80 #define APR_LABELLEN 16 81 #endif 82 #define NAT_HW_CKSUM 0x80000000 83 84 #define DEF_NAT_AGE 1200 /* 10 minutes (600 seconds) */ 85 86 struct ipstate; 87 struct ap_session; 88 89 typedef struct nat { 90 ipfmutex_t nat_lock; 91 struct nat *nat_next; 92 struct nat **nat_pnext; 93 struct nat *nat_hnext[2]; 94 struct nat **nat_phnext[2]; 95 struct hostmap *nat_hm; 96 void *nat_data; 97 struct nat **nat_me; 98 struct ipstate *nat_state; 99 struct ap_session *nat_aps; /* proxy session */ 100 frentry_t *nat_fr; /* filter rule ptr if appropriate */ 101 struct ipnat *nat_ptr; /* pointer back to the rule */ 102 void *nat_ifps[2]; 103 void *nat_sync; 104 ipftqent_t nat_tqe; 105 u_32_t nat_flags; 106 u_32_t nat_sumd[2]; /* ip checksum delta for data segment*/ 107 u_32_t nat_ipsumd; /* ip checksum delta for ip header */ 108 u_32_t nat_mssclamp; /* if != zero clamp MSS to this */ 109 i6addr_t nat_inip6; 110 i6addr_t nat_outip6; 111 i6addr_t nat_oip6; /* other ip */ 112 U_QUAD_T nat_pkts[2]; 113 U_QUAD_T nat_bytes[2]; 114 union { 115 udpinfo_t nat_unu; 116 tcpinfo_t nat_unt; 117 icmpinfo_t nat_uni; 118 greinfo_t nat_ugre; 119 } nat_un; 120 u_short nat_oport; /* other port */ 121 u_short nat_use; 122 u_char nat_p; /* protocol for NAT */ 123 int nat_dir; 124 int nat_ref; /* reference count */ 125 int nat_hv[2]; 126 char nat_ifnames[2][LIFNAMSIZ]; 127 int nat_rev; /* 0 = forward, 1 = reverse */ 128 } nat_t; 129 130 #define nat_inip nat_inip6.in4 131 #define nat_outip nat_outip6.in4 132 #define nat_oip nat_oip6.in4 133 #define nat_age nat_tqe.tqe_die 134 #define nat_inport nat_un.nat_unt.ts_sport 135 #define nat_outport nat_un.nat_unt.ts_dport 136 #define nat_type nat_un.nat_uni.ici_type 137 #define nat_seq nat_un.nat_uni.ici_seq 138 #define nat_id nat_un.nat_uni.ici_id 139 #define nat_tcpstate nat_tqe.tqe_state 140 #define nat_gre nat_un.nat_ugre 141 142 /* 143 * Values for nat_dir 144 */ 145 #define NAT_INBOUND 0 146 #define NAT_OUTBOUND 1 147 148 /* 149 * Definitions for nat_flags 150 */ 151 #define NAT_TCP 0x0001 /* IPN_TCP */ 152 #define NAT_UDP 0x0002 /* IPN_UDP */ 153 #define NAT_ICMPERR 0x0004 /* IPN_ICMPERR */ 154 #define NAT_ICMPQUERY 0x0008 /* IPN_ICMPQUERY */ 155 #define NAT_SEARCH 0x0010 156 #define NAT_SLAVE 0x0020 /* Slave connection for a proxy */ 157 #define NAT_NOTRULEPORT 0x0040 158 159 #define NAT_TCPUDP (NAT_TCP|NAT_UDP) 160 #define NAT_TCPUDPICMP (NAT_TCP|NAT_UDP|NAT_ICMPERR) 161 #define NAT_TCPUDPICMPQ (NAT_TCP|NAT_UDP|NAT_ICMPQUERY) 162 #define NAT_FROMRULE (NAT_TCP|NAT_UDP) 163 164 /* 0x0100 reserved for FI_W_SPORT */ 165 /* 0x0200 reserved for FI_W_DPORT */ 166 /* 0x0400 reserved for FI_W_SADDR */ 167 /* 0x0800 reserved for FI_W_DADDR */ 168 /* 0x1000 reserved for FI_W_NEWFR */ 169 /* 0x2000 reserved for SI_CLONE */ 170 /* 0x4000 reserved for SI_CLONED */ 171 /* 0x8000 reserved for SI_IGNOREPKT */ 172 173 #define NAT_DEBUG 0x800000 174 175 typedef struct ipnat { 176 struct ipnat *in_next; /* NAT rule list next */ 177 struct ipnat *in_rnext; /* rdr rule hash next */ 178 struct ipnat **in_prnext; /* prior rdr next ptr */ 179 struct ipnat *in_mnext; /* map rule hash next */ 180 struct ipnat **in_pmnext; /* prior map next ptr */ 181 struct ipftq *in_tqehead[2]; 182 void *in_ifps[2]; 183 void *in_apr; 184 char *in_comment; 185 i6addr_t in_next6; 186 u_long in_space; 187 u_long in_hits; 188 u_int in_use; 189 u_int in_hv; 190 int in_flineno; /* conf. file line number */ 191 u_short in_pnext; 192 u_char in_xxx1[2]; 193 /* From here to the end is covered by IPN_CMPSIZ */ 194 u_32_t in_flags; 195 u_32_t in_mssclamp; /* if != 0 clamp MSS to this */ 196 u_int in_age[2]; 197 int in_redir; /* see below for values */ 198 int in_p; /* protocol. */ 199 i6addr_t in_in[2]; 200 i6addr_t in_out[2]; 201 i6addr_t in_src[2]; 202 frtuc_t in_tuc; 203 u_short in_port[2]; 204 u_short in_ppip; /* ports per IP. */ 205 u_short in_ippip; /* IP #'s per IP# */ 206 char in_ifnames[2][LIFNAMSIZ]; 207 char in_plabel[APR_LABELLEN]; /* proxy label. */ 208 ipftag_t in_tag; 209 } ipnat_t; 210 211 #define in_pmin in_port[0] /* Also holds static redir port */ 212 #define in_pmax in_port[1] 213 #define in_nextip in_next6.in4 214 #define in_nip in_next6.in4.s_addr 215 #define in_inip in_in[0].in4.s_addr 216 #define in_inmsk in_in[1].in4.s_addr 217 #define in_outip in_out[0].in4.s_addr 218 #define in_outmsk in_out[1].in4.s_addr 219 #define in_srcip in_src[0].in4.s_addr 220 #define in_srcmsk in_src[1].in4.s_addr 221 #define in_scmp in_tuc.ftu_scmp 222 #define in_dcmp in_tuc.ftu_dcmp 223 #define in_stop in_tuc.ftu_stop 224 #define in_dtop in_tuc.ftu_dtop 225 #define in_sport in_tuc.ftu_sport 226 #define in_dport in_tuc.ftu_dport 227 228 /* 229 * Bit definitions for in_flags 230 */ 231 #define IPN_ANY 0x00000 232 #define IPN_TCP 0x00001 233 #define IPN_UDP 0x00002 234 #define IPN_TCPUDP (IPN_TCP|IPN_UDP) 235 #define IPN_ICMPERR 0x00004 236 #define IPN_TCPUDPICMP (IPN_TCP|IPN_UDP|IPN_ICMPERR) 237 #define IPN_ICMPQUERY 0x00008 238 #define IPN_TCPUDPICMPQ (IPN_TCP|IPN_UDP|IPN_ICMPQUERY) 239 #define IPN_RF (IPN_TCPUDP|IPN_DELETE|IPN_ICMPERR) 240 #define IPN_AUTOPORTMAP 0x00010 241 #define IPN_IPRANGE 0x00020 242 #define IPN_FILTER 0x00040 243 #define IPN_SPLIT 0x00080 244 #define IPN_ROUNDR 0x00100 245 #define IPN_NOTSRC 0x04000 246 #define IPN_NOTDST 0x08000 247 #define IPN_DYNSRCIP 0x10000 /* dynamic src IP# */ 248 #define IPN_DYNDSTIP 0x20000 /* dynamic dst IP# */ 249 #define IPN_DELETE 0x40000 250 #define IPN_STICKY 0x80000 251 #define IPN_FRAG 0x100000 252 #define IPN_FIXEDDPORT 0x200000 253 #define IPN_USERFLAGS (IPN_TCPUDP|IPN_AUTOPORTMAP|IPN_IPRANGE|IPN_SPLIT|\ 254 IPN_ROUNDR|IPN_FILTER|IPN_NOTSRC|IPN_NOTDST|\ 255 IPN_FRAG|IPN_STICKY|IPN_FIXEDDPORT|IPN_ICMPQUERY) 256 257 /* 258 * Values for in_redir 259 */ 260 #define NAT_MAP 0x01 261 #define NAT_REDIRECT 0x02 262 #define NAT_BIMAP (NAT_MAP|NAT_REDIRECT) 263 #define NAT_MAPBLK 0x04 264 265 #define MAPBLK_MINPORT 1024 /* don't use reserved ports for src port */ 266 #define USABLE_PORTS (65536 - MAPBLK_MINPORT) 267 268 #define IPN_CMPSIZ (sizeof(ipnat_t) - offsetof(ipnat_t, in_flags)) 269 270 typedef struct natlookup { 271 struct in_addr nl_inip; 272 struct in_addr nl_outip; 273 struct in_addr nl_realip; 274 int nl_flags; 275 u_short nl_inport; 276 u_short nl_outport; 277 u_short nl_realport; 278 } natlookup_t; 279 280 281 typedef struct nat_save { 282 void *ipn_next; 283 struct nat ipn_nat; 284 struct ipnat ipn_ipnat; 285 struct frentry ipn_fr; 286 int ipn_dsize; 287 char ipn_data[4]; 288 } nat_save_t; 289 290 #define ipn_rule ipn_nat.nat_fr 291 292 typedef struct natget { 293 void *ng_ptr; 294 int ng_sz; 295 } natget_t; 296 297 298 typedef struct nattrpnt { 299 struct in_addr tr_dstip; /* real destination IP# */ 300 struct in_addr tr_srcip; /* real source IP# */ 301 struct in_addr tr_locip; /* local source IP# */ 302 u_int tr_flags; 303 int tr_expire; 304 u_short tr_dstport; /* real destination port# */ 305 u_short tr_srcport; /* real source port# */ 306 u_short tr_locport; /* local source port# */ 307 struct nattrpnt *tr_hnext; 308 struct nattrpnt **tr_phnext; 309 struct nattrpnt *tr_next; 310 struct nattrpnt **tr_pnext; /* previous next */ 311 } nattrpnt_t; 312 313 #define TN_CMPSIZ offsetof(nattrpnt_t, tr_hnext) 314 315 316 /* 317 * This structure gets used to help NAT sessions keep the same NAT rule (and 318 * thus translation for IP address) when: 319 * (a) round-robin redirects are in use 320 * (b) different IP add 321 */ 322 typedef struct hostmap { 323 struct hostmap *hm_next; 324 struct hostmap **hm_pnext; 325 struct ipnat *hm_ipnat; 326 struct in_addr hm_srcip; 327 struct in_addr hm_dstip; 328 struct in_addr hm_mapip; 329 u_32_t hm_port; 330 int hm_ref; 331 } hostmap_t; 332 333 334 /* 335 * Structure used to pass information in to nat_newmap and nat_newrdr. 336 */ 337 typedef struct natinfo { 338 ipnat_t *nai_np; 339 u_32_t nai_sum1; 340 u_32_t nai_sum2; 341 u_32_t nai_nflags; 342 u_32_t nai_flags; 343 struct in_addr nai_ip; 344 u_short nai_port; 345 u_short nai_nport; 346 u_short nai_sport; 347 u_short nai_dport; 348 } natinfo_t; 349 350 351 typedef struct natstat { 352 u_long ns_mapped[2]; 353 u_long ns_rules; 354 u_long ns_added; 355 u_long ns_expire; 356 u_long ns_inuse; 357 u_long ns_logged; 358 u_long ns_logfail; 359 u_long ns_memfail; 360 u_long ns_badnat; 361 u_long ns_addtrpnt; 362 nat_t **ns_table[2]; 363 hostmap_t **ns_maptable; 364 ipnat_t *ns_list; 365 void *ns_apslist; 366 u_int ns_wilds; 367 u_int ns_nattab_sz; 368 u_int ns_nattab_max; 369 u_int ns_rultab_sz; 370 u_int ns_rdrtab_sz; 371 u_int ns_trpntab_sz; 372 u_int ns_hostmap_sz; 373 nat_t *ns_instances; 374 nattrpnt_t *ns_trpntlist; 375 u_long *ns_bucketlen[2]; 376 } natstat_t; 377 378 typedef struct natlog { 379 struct in_addr nl_origip; 380 struct in_addr nl_outip; 381 struct in_addr nl_inip; 382 u_short nl_origport; 383 u_short nl_outport; 384 u_short nl_inport; 385 u_short nl_type; 386 int nl_rule; 387 U_QUAD_T nl_pkts[2]; 388 U_QUAD_T nl_bytes[2]; 389 u_char nl_p; 390 } natlog_t; 391 392 393 #define NL_NEWMAP NAT_MAP 394 #define NL_NEWRDR NAT_REDIRECT 395 #define NL_NEWBIMAP NAT_BIMAP 396 #define NL_NEWBLOCK NAT_MAPBLK 397 #define NL_CLONE 0xfffd 398 #define NL_FLUSH 0xfffe 399 #define NL_EXPIRE 0xffff 400 401 #define NAT_HASH_FN(k,l,m) (((k) + ((k) >> 12) + l) % (m)) 402 403 #define LONG_SUM(in) (((in) & 0xffff) + ((in) >> 16)) 404 405 #define CALC_SUMD(s1, s2, sd) { \ 406 (s1) = ((s1) & 0xffff) + ((s1) >> 16); \ 407 (s2) = ((s2) & 0xffff) + ((s2) >> 16); \ 408 /* Do it twice */ \ 409 (s1) = ((s1) & 0xffff) + ((s1) >> 16); \ 410 (s2) = ((s2) & 0xffff) + ((s2) >> 16); \ 411 /* Because ~1 == -2, We really need ~1 == -1 */ \ 412 if ((s1) > (s2)) (s2)--; \ 413 (sd) = (s2) - (s1); \ 414 (sd) = ((sd) & 0xffff) + ((sd) >> 16); } 415 416 #define NAT_SYSSPACE 0x80000000 417 #define NAT_LOCKHELD 0x40000000 418 419 420 extern u_int ipf_nattable_sz; 421 extern u_int ipf_nattable_max; 422 extern u_int ipf_natrules_sz; 423 extern u_int ipf_rdrrules_sz; 424 extern u_int ipf_hostmap_sz; 425 extern u_int fr_nat_maxbucket; 426 extern u_int fr_nat_maxbucket_reset; 427 extern int fr_nat_lock; 428 extern void fr_natsync __P((void *)); 429 extern u_long fr_defnatage; 430 extern u_long fr_defnaticmpage; 431 /* nat_table[0] -> hashed list sorted by inside (ip, port) */ 432 /* nat_table[1] -> hashed list sorted by outside (ip, port) */ 433 extern nat_t **nat_table[2]; 434 extern nat_t *nat_instances; 435 extern ipnat_t *nat_list; 436 extern ipnat_t **nat_rules; 437 extern ipnat_t **rdr_rules; 438 extern ipftq_t *nat_utqe; 439 extern natstat_t nat_stats; 440 441 #if defined(__OpenBSD__) 442 extern void nat_ifdetach __P((void *)); 443 #endif 444 extern int fr_nat_ioctl __P((caddr_t, ioctlcmd_t, int)); 445 extern int fr_natinit __P((void)); 446 extern nat_t *nat_new __P((fr_info_t *, ipnat_t *, nat_t **, u_int, int)); 447 extern nat_t *nat_outlookup __P((fr_info_t *, u_int, u_int, struct in_addr, 448 struct in_addr)); 449 extern void fix_datacksum __P((u_short *, u_32_t)); 450 extern nat_t *nat_inlookup __P((fr_info_t *, u_int, u_int, struct in_addr, 451 struct in_addr)); 452 extern nat_t *nat_tnlookup __P((fr_info_t *, int)); 453 extern nat_t *nat_maplookup __P((void *, u_int, struct in_addr, 454 struct in_addr)); 455 extern nat_t *nat_lookupredir __P((natlookup_t *)); 456 extern nat_t *nat_icmperrorlookup __P((fr_info_t *, int)); 457 extern nat_t *nat_icmperror __P((fr_info_t *, u_int *, int)); 458 extern int nat_insert __P((nat_t *, int)); 459 460 extern int fr_checknatout __P((fr_info_t *, u_32_t *)); 461 extern int fr_natout __P((fr_info_t *, nat_t *, int, u_32_t)); 462 extern int fr_checknatin __P((fr_info_t *, u_32_t *)); 463 extern int fr_natin __P((fr_info_t *, nat_t *, int, u_32_t)); 464 extern void fr_natunload __P((void)); 465 extern void fr_natexpire __P((void)); 466 extern void nat_log __P((struct nat *, u_int)); 467 extern void fix_incksum __P((fr_info_t *, u_short *, u_32_t)); 468 extern void fix_outcksum __P((fr_info_t *, u_short *, u_32_t)); 469 extern void fr_natderef __P((nat_t **)); 470 extern u_short *nat_proto __P((fr_info_t *, nat_t *, u_int)); 471 extern void nat_update __P((fr_info_t *, nat_t *, ipnat_t *)); 472 extern void fr_setnatqueue __P((nat_t *, int)); 473 474 #endif /* __IP_NAT_H__ */
Cache object: 6d763ad591e566b5016df3749f6738e1
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]