Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/netpfil/ipfilter/netinet/ip_nat.h
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* $FreeBSD$ */ 2 3 /* 4 * Copyright (C) 2012 by Darren Reed. 5 * 6 * See the IPFILTER.LICENCE file for details on licencing. 7 * 8 * @(#)ip_nat.h 1.5 2/4/96 9 * $FreeBSD$ 10 * Id: ip_nat.h,v 2.90.2.20 2007/09/25 08:27:32 darrenr Exp $ 11 */ 12 13 #ifndef __IP_NAT_H__ 14 #define __IP_NAT_H__ 15 16 #ifndef SOLARIS 17 # if defined(sun) && defined(__SVR4) 18 # define SOLARIS 1 19 # else 20 # define SOLARIS 0 21 # endif 22 #endif 23 24 #define SIOCADNAT _IOW('r', 60, struct ipfobj) 25 #define SIOCRMNAT _IOW('r', 61, struct ipfobj) 26 #define SIOCGNATS _IOWR('r', 62, struct ipfobj) 27 #define SIOCGNATL _IOWR('r', 63, struct ipfobj) 28 #define SIOCPURGENAT _IOWR('r', 100, struct ipfobj) 29 30 #undef LARGE_NAT /* define this if you're setting up a system to NAT 31 * LARGE numbers of networks/hosts - i.e. in the 32 * hundreds or thousands. In such a case, you should 33 * also change the RDR_SIZE and NAT_SIZE below to more 34 * appropriate sizes. The figures below were used for 35 * a setup with 1000-2000 networks to NAT. 36 */ 37 #ifdef NAT_SIZE 38 # define NAT_SIZE_LARGE NAT_SIZE 39 # define NAT_SIZE_NORMAL NAT_SIZE 40 #else 41 # define NAT_SIZE_LARGE 2047 42 # define NAT_SIZE_NORMAL 127 43 #endif 44 #ifdef RDR_SIZE 45 # define RDR_SIZE_LARGE RDR_SIZE 46 # define RDR_SIZE_NORMAL RDR_SIZE 47 #else 48 # define RDR_SIZE_LARGE 2047 49 # define RDR_SIZE_NORMAL 127 50 #endif 51 #ifdef HOSTMAP_SIZE 52 # define HOSTMAP_SIZE_LARGE HOSTMAP_SIZE 53 # define HOSTMAP_SIZE_NORMAL HOSTMAP_SIZE 54 #else 55 # define HOSTMAP_SIZE_LARGE 8191 56 # define HOSTMAP_SIZE_NORMAL 2047 57 #endif 58 /* 59 * This is newly introduced and for the sake of "least surprise", the numbers 60 * present aren't what we'd normally use for creating a proper hash table. 61 */ 62 #ifdef NAT_TABLE_MAX 63 # define NAT_TABLE_MAX_LARGE NAT_TABLE_MAX 64 # define NAT_TABLE_MAX_NORMAL NAT_TABLE_MAX 65 #else 66 # define NAT_TABLE_MAX_LARGE 180000 67 # define NAT_TABLE_MAX_NORMAL 30000 68 #endif 69 #ifdef NAT_TABLE_SZ 70 # define NAT_TABLE_SZ_LARGE NAT_TABLE_SZ 71 # define NAT_TABLE_SZ_NORMAL NAT_TABLE_SZ 72 #else 73 # define NAT_TABLE_SZ_LARGE 16383 74 # define NAT_TABLE_SZ_NORMAL 2047 75 #endif 76 #ifndef APR_LABELLEN 77 #define APR_LABELLEN 16 78 #endif 79 #define NAT_HW_CKSUM 0x80000000 80 #define NAT_HW_CKSUM_PART 0x40000000 81 82 #define DEF_NAT_AGE 1200 /* 10 minutes (600 seconds) */ 83 84 struct ipstate; 85 struct ap_session; 86 87 /* 88 * This structure is used in the active NAT table and represents an 89 * active NAT session. 90 */ 91 typedef struct nat { 92 ipfmutex_t nat_lock; 93 struct nat *nat_next; 94 struct nat **nat_pnext; 95 struct nat *nat_hnext[2]; 96 struct nat **nat_phnext[2]; 97 struct hostmap *nat_hm; 98 void *nat_data; 99 struct nat **nat_me; 100 struct ipstate *nat_state; 101 struct ap_session *nat_aps; /* proxy session */ 102 frentry_t *nat_fr; /* filter rule ptr if appropriate */ 103 struct ipnat *nat_ptr; /* pointer back to the rule */ 104 void *nat_ifps[2]; 105 void *nat_sync; 106 ipftqent_t nat_tqe; 107 int nat_mtu[2]; 108 u_32_t nat_flags; 109 u_32_t nat_sumd[2]; /* ip checksum delta for data segment*/ 110 u_32_t nat_ipsumd; /* ip checksum delta for ip header */ 111 u_32_t nat_mssclamp; /* if != zero clamp MSS to this */ 112 i6addr_t nat_odst6; 113 i6addr_t nat_osrc6; 114 i6addr_t nat_ndst6; 115 i6addr_t nat_nsrc6; 116 U_QUAD_T nat_pkts[2]; 117 U_QUAD_T nat_bytes[2]; 118 union { 119 udpinfo_t nat_unu; 120 tcpinfo_t nat_unt; 121 icmpinfo_t nat_uni; 122 greinfo_t nat_ugre; 123 } nat_unold, nat_unnew; 124 int nat_use; 125 int nat_pr[2]; /* protocol for NAT */ 126 int nat_dir; 127 int nat_ref; /* reference count */ 128 u_int nat_hv[2]; 129 char nat_ifnames[2][LIFNAMSIZ]; 130 int nat_rev; /* 0 = forward, 1 = reverse */ 131 int nat_dlocal; 132 int nat_v[2]; /* 0 = old, 1 = new */ 133 u_int nat_redir; /* copy of in_redir */ 134 } nat_t; 135 136 #define nat_osrcip nat_osrc6.in4 137 #define nat_odstip nat_odst6.in4 138 #define nat_nsrcip nat_nsrc6.in4 139 #define nat_ndstip nat_ndst6.in4 140 #define nat_osrcaddr nat_osrc6.in4.s_addr 141 #define nat_odstaddr nat_odst6.in4.s_addr 142 #define nat_nsrcaddr nat_nsrc6.in4.s_addr 143 #define nat_ndstaddr nat_ndst6.in4.s_addr 144 #define nat_age nat_tqe.tqe_die 145 #define nat_osport nat_unold.nat_unt.ts_sport 146 #define nat_odport nat_unold.nat_unt.ts_dport 147 #define nat_nsport nat_unnew.nat_unt.ts_sport 148 #define nat_ndport nat_unnew.nat_unt.ts_dport 149 #define nat_oicmpid nat_unold.nat_uni.ici_id 150 #define nat_nicmpid nat_unnew.nat_uni.ici_id 151 #define nat_type nat_unold.nat_uni.ici_type 152 #define nat_oseq nat_unold.nat_uni.ici_seq 153 #define nat_nseq nat_unnew.nat_uni.ici_seq 154 #define nat_tcpstate nat_tqe.tqe_state 155 #define nat_die nat_tqe.tqe_die 156 #define nat_touched nat_tqe.tqe_touched 157 158 /* 159 * Values for nat_dir 160 */ 161 #define NAT_INBOUND 0 162 #define NAT_OUTBOUND 1 163 #define NAT_ENCAPIN 2 164 #define NAT_ENCAPOUT 3 165 #define NAT_DIVERTIN 4 166 #define NAT_DIVERTOUT 5 167 168 /* 169 * Definitions for nat_flags 170 */ 171 #define NAT_TCP 0x0001 /* IPN_TCP */ 172 #define NAT_UDP 0x0002 /* IPN_UDP */ 173 #define NAT_ICMPERR 0x0004 /* IPN_ICMPERR */ 174 #define NAT_ICMPQUERY 0x0008 /* IPN_ICMPQUERY */ 175 #define NAT_SEARCH 0x0010 176 #define NAT_SLAVE 0x0020 /* Slave connection for a proxy */ 177 #define NAT_NOTRULEPORT 0x0040 /* Don't use the port # in the NAT rule */ 178 179 #define NAT_TCPUDP (NAT_TCP|NAT_UDP) 180 #define NAT_TCPUDPICMP (NAT_TCP|NAT_UDP|NAT_ICMPERR) 181 #define NAT_TCPUDPICMPQ (NAT_TCP|NAT_UDP|NAT_ICMPQUERY) 182 #define NAT_FROMRULE (NAT_TCP|NAT_UDP) 183 184 /* 0x0100 reserved for FI_W_SPORT */ 185 /* 0x0200 reserved for FI_W_DPORT */ 186 /* 0x0400 reserved for FI_W_SADDR */ 187 /* 0x0800 reserved for FI_W_DADDR */ 188 /* 0x1000 reserved for FI_W_NEWFR */ 189 /* 0x2000 reserved for SI_CLONE */ 190 /* 0x4000 reserved for SI_CLONED */ 191 /* 0x8000 reserved for SI_IGNOREPKT */ 192 193 #define NAT_DEBUG 0x800000 194 195 typedef struct nat_addr_s { 196 i6addr_t na_addr[2]; 197 i6addr_t na_nextaddr; 198 int na_atype; 199 int na_function; 200 } nat_addr_t; 201 202 #define na_nextip na_nextaddr.in4.s_addr 203 #define na_nextip6 na_nextaddr.in6 204 #define na_num na_addr[0].iplookupnum 205 #define na_type na_addr[0].iplookuptype 206 #define na_subtype na_addr[0].iplookupsubtype 207 #define na_ptr na_addr[1].iplookupptr 208 #define na_func na_addr[1].iplookupfunc 209 210 211 /* 212 * This structure represents an actual NAT rule, loaded by ipnat. 213 */ 214 typedef struct ipnat { 215 ipfmutex_t in_lock; 216 struct ipnat *in_next; /* NAT rule list next */ 217 struct ipnat **in_pnext; /* prior rdr next ptr */ 218 struct ipnat *in_rnext; /* rdr rule hash next */ 219 struct ipnat **in_prnext; /* prior rdr next ptr */ 220 struct ipnat *in_mnext; /* map rule hash next */ 221 struct ipnat **in_pmnext; /* prior map next ptr */ 222 struct ipftq *in_tqehead[2]; 223 void *in_ifps[2]; 224 void *in_apr; 225 char *in_comment; 226 mb_t *in_divmp; 227 void *in_pconf; 228 U_QUAD_T in_pkts[2]; 229 U_QUAD_T in_bytes[2]; 230 u_long in_space; 231 u_long in_hits; 232 int in_size; 233 int in_use; 234 u_int in_hv[2]; 235 int in_flineno; /* conf. file line number */ 236 int in_stepnext; 237 int in_dlocal; 238 u_short in_dpnext; 239 u_short in_spnext; 240 /* From here to the end is covered by IPN_CMPSIZ */ 241 u_char in_v[2]; /* 0 = old, 1 = new */ 242 u_32_t in_flags; 243 u_32_t in_mssclamp; /* if != 0 clamp MSS to this */ 244 u_int in_age[2]; 245 int in_redir; /* see below for values */ 246 int in_pr[2]; /* protocol. */ 247 nat_addr_t in_ndst; 248 nat_addr_t in_nsrc; 249 nat_addr_t in_osrc; 250 nat_addr_t in_odst; 251 frtuc_t in_tuc; 252 u_short in_ppip; /* ports per IP. */ 253 u_short in_ippip; /* IP #'s per IP# */ 254 u_short in_ndports[2]; 255 u_short in_nsports[2]; 256 int in_ifnames[2]; 257 int in_plabel; /* proxy label. */ 258 int in_pconfig; /* proxy label. */ 259 ipftag_t in_tag; 260 int in_namelen; 261 char in_names[1]; 262 } ipnat_t; 263 264 /* 265 * MAP-IN MAP-OUT RDR-IN RDR-OUT 266 * osrc X == src == src X 267 * odst X == dst == dst X 268 * nsrc == dst X X == dst 269 * ndst == src X X == src 270 */ 271 #define in_dpmin in_ndports[0] /* Also holds static redir port */ 272 #define in_dpmax in_ndports[1] 273 #define in_spmin in_nsports[0] /* Also holds static redir port */ 274 #define in_spmax in_nsports[1] 275 #define in_ndport in_ndports[0] 276 #define in_nsport in_nsports[0] 277 #define in_dipnext in_ndst.na_nextaddr.in4 278 #define in_dipnext6 in_ndst.na_nextaddr 279 #define in_dnip in_ndst.na_nextaddr.in4.s_addr 280 #define in_dnip6 in_ndst.na_nextaddr 281 #define in_sipnext in_nsrc.na_nextaddr.in4 282 #define in_snip in_nsrc.na_nextaddr.in4.s_addr 283 #define in_snip6 in_nsrc.na_nextaddr 284 #define in_odstip in_odst.na_addr[0].in4 285 #define in_odstip6 in_odst.na_addr[0] 286 #define in_odstaddr in_odst.na_addr[0].in4.s_addr 287 #define in_odstmsk in_odst.na_addr[1].in4.s_addr 288 #define in_odstmsk6 in_odst.na_addr[1] 289 #define in_odstatype in_odst.na_atype 290 #define in_osrcip in_osrc.na_addr[0].in4 291 #define in_osrcip6 in_osrc.na_addr[0] 292 #define in_osrcaddr in_osrc.na_addr[0].in4.s_addr 293 #define in_osrcmsk in_osrc.na_addr[1].in4.s_addr 294 #define in_osrcmsk6 in_osrc.na_addr[1] 295 #define in_osrcatype in_osrc.na_atype 296 #define in_ndstip in_ndst.na_addr[0].in4 297 #define in_ndstip6 in_ndst.na_addr[0] 298 #define in_ndstaddr in_ndst.na_addr[0].in4.s_addr 299 #define in_ndstmsk in_ndst.na_addr[1].in4.s_addr 300 #define in_ndstmsk6 in_ndst.na_addr[1] 301 #define in_ndstatype in_ndst.na_atype 302 #define in_ndstafunc in_ndst.na_function 303 #define in_nsrcip in_nsrc.na_addr[0].in4 304 #define in_nsrcip6 in_nsrc.na_addr[0] 305 #define in_nsrcaddr in_nsrc.na_addr[0].in4.s_addr 306 #define in_nsrcmsk in_nsrc.na_addr[1].in4.s_addr 307 #define in_nsrcmsk6 in_nsrc.na_addr[1] 308 #define in_nsrcatype in_nsrc.na_atype 309 #define in_nsrcafunc in_nsrc.na_function 310 #define in_scmp in_tuc.ftu_scmp 311 #define in_dcmp in_tuc.ftu_dcmp 312 #define in_stop in_tuc.ftu_stop 313 #define in_dtop in_tuc.ftu_dtop 314 #define in_osport in_tuc.ftu_sport 315 #define in_odport in_tuc.ftu_dport 316 #define in_ndstnum in_ndst.na_addr[0].iplookupnum 317 #define in_ndsttype in_ndst.na_addr[0].iplookuptype 318 #define in_ndstptr in_ndst.na_addr[1].iplookupptr 319 #define in_ndstfunc in_ndst.na_addr[1].iplookupfunc 320 #define in_nsrcnum in_nsrc.na_addr[0].iplookupnum 321 #define in_nsrctype in_nsrc.na_addr[0].iplookuptype 322 #define in_nsrcptr in_nsrc.na_addr[1].iplookupptr 323 #define in_nsrcfunc in_nsrc.na_addr[1].iplookupfunc 324 #define in_odstnum in_odst.na_addr[0].iplookupnum 325 #define in_odsttype in_odst.na_addr[0].iplookuptype 326 #define in_odstptr in_odst.na_addr[1].iplookupptr 327 #define in_odstfunc in_odst.na_addr[1].iplookupfunc 328 #define in_osrcnum in_osrc.na_addr[0].iplookupnum 329 #define in_osrctype in_osrc.na_addr[0].iplookuptype 330 #define in_osrcptr in_osrc.na_addr[1].iplookupptr 331 #define in_osrcfunc in_osrc.na_addr[1].iplookupfunc 332 #define in_icmpidmin in_nsports[0] 333 #define in_icmpidmax in_nsports[1] 334 335 /* 336 * Bit definitions for in_flags 337 */ 338 #define IPN_ANY 0x00000 339 #define IPN_TCP 0x00001 340 #define IPN_UDP 0x00002 341 #define IPN_TCPUDP (IPN_TCP|IPN_UDP) 342 #define IPN_ICMPERR 0x00004 343 #define IPN_TCPUDPICMP (IPN_TCP|IPN_UDP|IPN_ICMPERR) 344 #define IPN_ICMPQUERY 0x00008 345 #define IPN_TCPUDPICMPQ (IPN_TCP|IPN_UDP|IPN_ICMPQUERY) 346 #define IPN_RF (IPN_TCPUDP|IPN_DELETE|IPN_ICMPERR) 347 #define IPN_AUTOPORTMAP 0x00010 348 #define IPN_FILTER 0x00020 349 #define IPN_SPLIT 0x00040 350 #define IPN_ROUNDR 0x00080 351 #define IPN_SIPRANGE 0x00100 352 #define IPN_DIPRANGE 0x00200 353 #define IPN_NOTSRC 0x00400 354 #define IPN_NOTDST 0x00800 355 #define IPN_NO 0x01000 356 #define IPN_DYNSRCIP 0x02000 /* dynamic src IP# */ 357 #define IPN_DYNDSTIP 0x04000 /* dynamic dst IP# */ 358 #define IPN_DELETE 0x08000 359 #define IPN_STICKY 0x10000 360 #define IPN_FRAG 0x20000 361 #define IPN_FIXEDSPORT 0x40000 362 #define IPN_FIXEDDPORT 0x80000 363 #define IPN_FINDFORWARD 0x100000 364 #define IPN_IN 0x200000 365 #define IPN_SEQUENTIAL 0x400000 366 #define IPN_PURGE 0x800000 367 #define IPN_PROXYRULE 0x1000000 368 #define IPN_USERFLAGS (IPN_TCPUDP|IPN_AUTOPORTMAP|IPN_SIPRANGE|IPN_SPLIT|\ 369 IPN_ROUNDR|IPN_FILTER|IPN_NOTSRC|IPN_NOTDST|IPN_NO|\ 370 IPN_FRAG|IPN_STICKY|IPN_FIXEDDPORT|IPN_ICMPQUERY|\ 371 IPN_DIPRANGE|IPN_SEQUENTIAL|IPN_PURGE) 372 373 /* 374 * Values for in_redir 375 */ 376 #define NAT_MAP 0x01 377 #define NAT_REDIRECT 0x02 378 #define NAT_BIMAP (NAT_MAP|NAT_REDIRECT) 379 #define NAT_MAPBLK 0x04 380 #define NAT_REWRITE 0x08 381 #define NAT_ENCAP 0x10 382 #define NAT_DIVERTUDP 0x20 383 384 #define MAPBLK_MINPORT 1024 /* don't use reserved ports for src port */ 385 #define USABLE_PORTS (65536 - MAPBLK_MINPORT) 386 387 #define IPN_CMPSIZ (sizeof(ipnat_t) - offsetof(ipnat_t, in_v)) 388 389 typedef struct natlookup { 390 i6addr_t nl_inipaddr; 391 i6addr_t nl_outipaddr; 392 i6addr_t nl_realipaddr; 393 int nl_v; 394 int nl_flags; 395 u_short nl_inport; 396 u_short nl_outport; 397 u_short nl_realport; 398 } natlookup_t; 399 400 #define nl_inip nl_inipaddr.in4 401 #define nl_outip nl_outipaddr.in4 402 #define nl_realip nl_realipaddr.in4 403 #define nl_inip6 nl_inipaddr.in6 404 #define nl_outip6 nl_outipaddr.in6 405 #define nl_realip6 nl_realipaddr.in6 406 407 408 typedef struct nat_save { 409 void *ipn_next; 410 struct nat ipn_nat; 411 struct ipnat ipn_ipnat; 412 struct frentry ipn_fr; 413 int ipn_dsize; 414 char ipn_data[4]; 415 } nat_save_t; 416 417 #define ipn_rule ipn_nat.nat_fr 418 419 typedef struct natget { 420 void *ng_ptr; 421 int ng_sz; 422 } natget_t; 423 424 425 /* 426 * This structure gets used to help NAT sessions keep the same NAT rule (and 427 * thus translation for IP address) when: 428 * (a) round-robin redirects are in use 429 * (b) different IP add 430 */ 431 typedef struct hostmap { 432 struct hostmap *hm_hnext; 433 struct hostmap **hm_phnext; 434 struct hostmap *hm_next; 435 struct hostmap **hm_pnext; 436 struct ipnat *hm_ipnat; 437 i6addr_t hm_osrcip6; 438 i6addr_t hm_odstip6; 439 i6addr_t hm_nsrcip6; 440 i6addr_t hm_ndstip6; 441 u_32_t hm_port; 442 int hm_ref; 443 int hm_hv; 444 int hm_v; 445 } hostmap_t; 446 447 #define hm_osrcip hm_osrcip6.in4 448 #define hm_odstip hm_odstip6.in4 449 #define hm_nsrcip hm_nsrcip6.in4 450 #define hm_ndstip hm_ndstip6.in4 451 #define hm_osrc6 hm_osrcip6.in6 452 #define hm_odst6 hm_odstip6.in6 453 #define hm_nsrc6 hm_nsrcip6.in6 454 #define hm_ndst6 hm_ndstip6.in6 455 456 457 /* 458 * Structure used to pass information in to nat_newmap and nat_newrdr. 459 */ 460 typedef struct natinfo { 461 ipnat_t *nai_np; 462 u_32_t nai_sum1; 463 u_32_t nai_sum2; 464 struct in_addr nai_ip; /* In host byte order */ 465 u_short nai_port; 466 u_short nai_nport; 467 u_short nai_sport; 468 u_short nai_dport; 469 } natinfo_t; 470 471 472 typedef struct nat_stat_side { 473 u_int *ns_bucketlen; 474 nat_t **ns_table; 475 u_long ns_added; 476 u_long ns_appr_fail; 477 u_long ns_badnat; 478 u_long ns_badnatnew; 479 u_long ns_badnextaddr; 480 u_long ns_bucket_max; 481 u_long ns_clone_nomem; 482 u_long ns_decap_bad; 483 u_long ns_decap_fail; 484 u_long ns_decap_pullup; 485 u_long ns_divert_dup; 486 u_long ns_divert_exist; 487 u_long ns_drop; 488 u_long ns_encap_dup; 489 u_long ns_encap_pullup; 490 u_long ns_exhausted; 491 u_long ns_icmp_address; 492 u_long ns_icmp_basic; 493 u_long ns_icmp_mbuf; 494 u_long ns_icmp_notfound; 495 u_long ns_icmp_rebuild; 496 u_long ns_icmp_short; 497 u_long ns_icmp_size; 498 u_long ns_ifpaddrfail; 499 u_long ns_ignored; 500 u_long ns_insert_fail; 501 u_long ns_inuse; 502 u_long ns_log; 503 u_long ns_lookup_miss; 504 u_long ns_lookup_nowild; 505 u_long ns_new_ifpaddr; 506 u_long ns_memfail; 507 u_long ns_table_max; 508 u_long ns_translated; 509 u_long ns_unfinalised; 510 u_long ns_wrap; 511 u_long ns_xlate_null; 512 u_long ns_xlate_exists; 513 u_long ns_ipf_proxy_fail; 514 u_long ns_uncreate[2]; 515 } nat_stat_side_t; 516 517 518 typedef struct natstat { 519 nat_t *ns_instances; 520 ipnat_t *ns_list; 521 hostmap_t *ns_maplist; 522 hostmap_t **ns_maptable; 523 u_int ns_active; 524 u_long ns_addtrpnt; 525 u_long ns_divert_build; 526 u_long ns_expire; 527 u_long ns_flush_all; 528 u_long ns_flush_closing; 529 u_long ns_flush_queue; 530 u_long ns_flush_state; 531 u_long ns_flush_timeout; 532 u_long ns_hm_new; 533 u_long ns_hm_newfail; 534 u_long ns_hm_addref; 535 u_long ns_hm_nullnp; 536 u_long ns_log_ok; 537 u_long ns_log_fail; 538 u_int ns_hostmap_sz; 539 u_int ns_nattab_sz; 540 u_int ns_nattab_max; 541 u_int ns_orphans; 542 u_int ns_rules; 543 u_int ns_rules_map; 544 u_int ns_rules_rdr; 545 u_int ns_rultab_sz; 546 u_int ns_rdrtab_sz; 547 u_32_t ns_ticks; 548 u_int ns_trpntab_sz; 549 u_int ns_wilds; 550 u_long ns_proto[256]; 551 nat_stat_side_t ns_side[2]; 552 #ifdef USE_INET6 553 nat_stat_side_t ns_side6[2]; 554 #endif 555 } natstat_t; 556 557 typedef struct natlog { 558 i6addr_t nl_osrcip; 559 i6addr_t nl_odstip; 560 i6addr_t nl_nsrcip; 561 i6addr_t nl_ndstip; 562 u_short nl_osrcport; 563 u_short nl_odstport; 564 u_short nl_nsrcport; 565 u_short nl_ndstport; 566 int nl_action; 567 int nl_type; 568 int nl_rule; 569 U_QUAD_T nl_pkts[2]; 570 U_QUAD_T nl_bytes[2]; 571 u_char nl_p[2]; 572 u_char nl_v[2]; 573 u_char nl_ifnames[2][LIFNAMSIZ]; 574 } natlog_t; 575 576 577 #define NL_NEW 0 578 #define NL_CLONE 1 579 #define NL_PURGE 0xfffc 580 #define NL_DESTROY 0xfffd 581 #define NL_FLUSH 0xfffe 582 #define NL_EXPIRE 0xffff 583 584 #define NAT_HASH_FN(_k,_l,_m) (((_k) + ((_k) >> 12) + _l) % (_m)) 585 #define NAT_HASH_FN6(_k,_l,_m) ((((u_32_t *)(_k))[3] \ 586 + (((u_32_t *)(_k))[3] >> 12) \ 587 + (((u_32_t *)(_k))[2]) \ 588 + (((u_32_t *)(_k))[2] >> 12) \ 589 + (((u_32_t *)(_k))[1]) \ 590 + (((u_32_t *)(_k))[1] >> 12) \ 591 + (((u_32_t *)(_k))[0]) \ 592 + (((u_32_t *)(_k))[0] >> 12) \ 593 + _l) % (_m)) 594 595 #define LONG_SUM(_i) (((_i) & 0xffff) + ((_i) >> 16)) 596 #define LONG_SUM6(_i) (LONG_SUM(ntohl(((u_32_t *)(_i))[0])) + \ 597 LONG_SUM(ntohl(((u_32_t *)(_i))[1])) + \ 598 LONG_SUM(ntohl(((u_32_t *)(_i))[2])) + \ 599 LONG_SUM(ntohl(((u_32_t *)(_i))[3]))) 600 601 #define CALC_SUMD(s1, s2, sd) { \ 602 (s1) = ((s1) & 0xffff) + ((s1) >> 16); \ 603 (s2) = ((s2) & 0xffff) + ((s2) >> 16); \ 604 /* Do it twice */ \ 605 (s1) = ((s1) & 0xffff) + ((s1) >> 16); \ 606 (s2) = ((s2) & 0xffff) + ((s2) >> 16); \ 607 /* Because ~1 == -2, We really need ~1 == -1 */ \ 608 if ((s1) > (s2)) (s2)--; \ 609 (sd) = (s2) - (s1); \ 610 (sd) = ((sd) & 0xffff) + ((sd) >> 16); } 611 612 #define NAT_SYSSPACE 0x80000000 613 #define NAT_LOCKHELD 0x40000000 614 615 /* 616 * This is present in ip_nat.h because it needs to be shared between 617 * ip_nat.c and ip_nat6.c 618 */ 619 typedef struct ipf_nat_softc_s { 620 ipfmutex_t ipf_nat_new; 621 ipfmutex_t ipf_nat_io; 622 int ipf_nat_doflush; 623 int ipf_nat_logging; 624 int ipf_nat_lock; 625 int ipf_nat_inited; 626 int ipf_nat_table_wm_high; 627 int ipf_nat_table_wm_low; 628 u_int ipf_nat_table_max; 629 u_int ipf_nat_table_sz; 630 u_int ipf_nat_maprules_sz; 631 u_int ipf_nat_rdrrules_sz; 632 u_int ipf_nat_hostmap_sz; 633 u_int ipf_nat_maxbucket; 634 u_int ipf_nat_last_force_flush; 635 u_int ipf_nat_defage; 636 u_int ipf_nat_defipage; 637 u_int ipf_nat_deficmpage; 638 ipf_v4_masktab_t ipf_nat_map_mask; 639 ipf_v6_masktab_t ipf_nat6_map_mask; 640 ipf_v4_masktab_t ipf_nat_rdr_mask; 641 ipf_v6_masktab_t ipf_nat6_rdr_mask; 642 nat_t **ipf_nat_table[2]; 643 nat_t *ipf_nat_instances; 644 ipnat_t *ipf_nat_list; 645 ipnat_t **ipf_nat_list_tail; 646 ipnat_t **ipf_nat_map_rules; 647 ipnat_t **ipf_nat_rdr_rules; 648 ipftq_t *ipf_nat_utqe; 649 hostmap_t **ipf_hm_maptable ; 650 hostmap_t *ipf_hm_maplist ; 651 ipftuneable_t *ipf_nat_tune; 652 ipftq_t ipf_nat_udptq; 653 ipftq_t ipf_nat_udpacktq; 654 ipftq_t ipf_nat_icmptq; 655 ipftq_t ipf_nat_icmpacktq; 656 ipftq_t ipf_nat_iptq; 657 ipftq_t ipf_nat_pending; 658 ipftq_t ipf_nat_tcptq[IPF_TCP_NSTATES]; 659 natstat_t ipf_nat_stats; 660 } ipf_nat_softc_t ; 661 662 #define ipf_nat_map_max ipf_nat_map_mask.imt4_max 663 #define ipf_nat_rdr_max ipf_nat_rdr_mask.imt4_max 664 #define ipf_nat6_map_max ipf_nat6_map_mask.imt6_max 665 #define ipf_nat6_rdr_max ipf_nat6_rdr_mask.imt6_max 666 #define ipf_nat_map_active_masks ipf_nat_map_mask.imt4_active 667 #define ipf_nat_rdr_active_masks ipf_nat_rdr_mask.imt4_active 668 #define ipf_nat6_map_active_masks ipf_nat6_map_mask.imt6_active 669 #define ipf_nat6_rdr_active_masks ipf_nat6_rdr_mask.imt6_active 670 671 extern frentry_t ipfnatblock; 672 673 extern void ipf_fix_datacksum(u_short *, u_32_t); 674 extern void ipf_fix_incksum(int, u_short *, u_32_t, u_32_t); 675 extern void ipf_fix_outcksum(int, u_short *, u_32_t, u_32_t); 676 677 extern int ipf_nat_checkin(fr_info_t *, u_32_t *); 678 extern int ipf_nat_checkout(fr_info_t *, u_32_t *); 679 extern void ipf_nat_delete(ipf_main_softc_t *, struct nat *, int); 680 extern void ipf_nat_deref(ipf_main_softc_t *, nat_t **); 681 extern void ipf_nat_expire(ipf_main_softc_t *); 682 extern int ipf_nat_hashtab_add(ipf_main_softc_t *, 683 ipf_nat_softc_t *, nat_t *); 684 extern void ipf_nat_hostmapdel(ipf_main_softc_t *, hostmap_t **); 685 extern int ipf_nat_hostmap_rehash(ipf_main_softc_t *, 686 ipftuneable_t *, ipftuneval_t *); 687 extern nat_t *ipf_nat_icmperrorlookup(fr_info_t *, int); 688 extern nat_t *ipf_nat_icmperror(fr_info_t *, u_int *, int); 689 extern int ipf_nat_init(void); 690 extern nat_t *ipf_nat_inlookup(fr_info_t *, u_int, u_int, 691 struct in_addr, struct in_addr); 692 extern int ipf_nat_in(fr_info_t *, nat_t *, int, u_32_t); 693 extern int ipf_nat_insert(ipf_main_softc_t *, ipf_nat_softc_t *, 694 nat_t *); 695 extern int ipf_nat_ioctl(ipf_main_softc_t *, caddr_t, ioctlcmd_t, 696 int, int, void *); 697 extern void ipf_nat_log(ipf_main_softc_t *, ipf_nat_softc_t *, 698 struct nat *, u_int); 699 extern nat_t *ipf_nat_lookupredir(natlookup_t *); 700 extern nat_t *ipf_nat_maplookup(void *, u_int, struct in_addr, 701 struct in_addr); 702 extern nat_t *ipf_nat_add(fr_info_t *, ipnat_t *, nat_t **, 703 u_int, int); 704 extern int ipf_nat_out(fr_info_t *, nat_t *, int, u_32_t); 705 extern nat_t *ipf_nat_outlookup(fr_info_t *, u_int, u_int, 706 struct in_addr, struct in_addr); 707 extern u_short *ipf_nat_proto(fr_info_t *, nat_t *, u_int); 708 extern void ipf_nat_rule_deref(ipf_main_softc_t *, ipnat_t **); 709 extern void ipf_nat_setqueue(ipf_main_softc_t *, ipf_nat_softc_t *, 710 nat_t *); 711 extern void ipf_nat_setpending(ipf_main_softc_t *, nat_t *); 712 extern nat_t *ipf_nat_tnlookup(fr_info_t *, int); 713 extern void ipf_nat_update(fr_info_t *, nat_t *); 714 extern int ipf_nat_rehash(ipf_main_softc_t *, ipftuneable_t *, 715 ipftuneval_t *); 716 extern int ipf_nat_rehash_rules(ipf_main_softc_t *, ipftuneable_t *, 717 ipftuneval_t *); 718 extern int ipf_nat_settimeout(struct ipf_main_softc_s *, 719 ipftuneable_t *, ipftuneval_t *); 720 extern void ipf_nat_sync(ipf_main_softc_t *, void *); 721 722 extern nat_t *ipf_nat_clone(fr_info_t *, nat_t *); 723 extern void ipf_nat_delmap(ipf_nat_softc_t *, ipnat_t *); 724 extern void ipf_nat_delrdr(ipf_nat_softc_t *, ipnat_t *); 725 extern int ipf_nat_wildok(nat_t *, int, int, int, int); 726 extern void ipf_nat_setlock(void *, int); 727 extern void ipf_nat_load(void); 728 extern void *ipf_nat_soft_create(ipf_main_softc_t *); 729 extern int ipf_nat_soft_init(ipf_main_softc_t *, void *); 730 extern void ipf_nat_soft_destroy(ipf_main_softc_t *, void *); 731 extern int ipf_nat_soft_fini(ipf_main_softc_t *, void *); 732 extern int ipf_nat_main_load(void); 733 extern int ipf_nat_main_unload(void); 734 extern ipftq_t *ipf_nat_add_tq(ipf_main_softc_t *, int); 735 extern void ipf_nat_uncreate(fr_info_t *); 736 737 #ifdef USE_INET6 738 extern nat_t *ipf_nat6_add(fr_info_t *, ipnat_t *, nat_t **, 739 u_int, int); 740 extern void ipf_nat6_addrdr(ipf_nat_softc_t *, ipnat_t *); 741 extern void ipf_nat6_addmap(ipf_nat_softc_t *, ipnat_t *); 742 extern void ipf_nat6_addencap(ipf_nat_softc_t *, ipnat_t *); 743 extern int ipf_nat6_checkout(fr_info_t *, u_32_t *); 744 extern int ipf_nat6_checkin(fr_info_t *, u_32_t *); 745 extern void ipf_nat6_delmap(ipf_nat_softc_t *, ipnat_t *); 746 extern void ipf_nat6_delrdr(ipf_nat_softc_t *, ipnat_t *); 747 extern int ipf_nat6_finalise(fr_info_t *, nat_t *); 748 extern nat_t *ipf_nat6_icmperror(fr_info_t *, u_int *, int); 749 extern nat_t *ipf_nat6_icmperrorlookup(fr_info_t *, int); 750 extern nat_t *ipf_nat6_inlookup(fr_info_t *, u_int, u_int, 751 struct in6_addr *, struct in6_addr *); 752 extern u_32_t ipf_nat6_ip6subtract(i6addr_t *, i6addr_t *); 753 extern frentry_t *ipf_nat6_ipfin(fr_info_t *, u_32_t *); 754 extern frentry_t *ipf_nat6_ipfout(fr_info_t *, u_32_t *); 755 extern nat_t *ipf_nat6_lookupredir(natlookup_t *); 756 extern int ipf_nat6_newmap(fr_info_t *, nat_t *, natinfo_t *); 757 extern int ipf_nat6_newrdr(fr_info_t *, nat_t *, natinfo_t *); 758 extern nat_t *ipf_nat6_outlookup(fr_info_t *, u_int, u_int, 759 struct in6_addr *, struct in6_addr *); 760 extern int ipf_nat6_newrewrite(fr_info_t *, nat_t *, natinfo_t *); 761 extern int ipf_nat6_newdivert(fr_info_t *, nat_t *, natinfo_t *); 762 extern int ipf_nat6_ruleaddrinit(ipf_main_softc_t *, ipf_nat_softc_t *, ipnat_t *); 763 764 #endif 765 766 767 #endif /* __IP_NAT_H__ */
Cache object: 566142ba6dae4c2204e8e61738e526ea
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]