2 * Copyright (c) 2014 The DragonFly Project. All rights reserved.
4 * This code is derived from software contributed to The DragonFly Project
5 * by Bill Yuan <bycn82@gmail.com>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * 3. Neither the name of The DragonFly Project nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific, prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 #define MODULE_NAT_ID 4
39 #define MODULE_NAT_NAME "nat"
42 MALLOC_DEFINE(M_IPFW_NAT, "IPFW3/NAT", "IPFW3/NAT 's");
45 enum ipfw_nat_opcodes {
49 struct ipfw_ioc_nat_state {
50 struct in_addr src_addr;
51 struct in_addr dst_addr;
52 struct in_addr alias_addr;
62 /* Redirect modes id. */
63 #define REDIR_ADDR 0x01
64 #define REDIR_PORT 0x02
65 #define REDIR_PROTO 0x04
67 /* Server pool support (LSNAT). */
69 LIST_ENTRY(cfg_spool) _next; /* chain of spool instances */
75 LIST_ENTRY(cfg_redir) _next; /* chain of redir instances */
76 u_int16_t mode; /* type of redirect mode */
77 struct in_addr laddr; /* local ip address */
78 struct in_addr paddr; /* public ip address */
79 struct in_addr raddr; /* remote ip address */
80 u_short lport; /* local port */
81 u_short pport; /* public port */
82 u_short rport; /* remote port */
83 u_short pport_cnt; /* number of public ports */
84 u_short rport_cnt; /* number of remote ports */
85 int proto; /* protocol: tcp/udp */
86 struct alias_link **alink;
87 /* num of entry in spool chain */
89 /* chain of spool instances */
90 LIST_HEAD(spool_chain, cfg_spool) spool_chain;
93 /* Nat configuration data struct. */
95 /* chain of nat instances */
96 LIST_ENTRY(cfg_nat) _next;
98 struct in_addr ip; /* nat ip address */
99 char if_name[IF_NAMESIZE]; /* interface name */
100 int mode; /* aliasing mode */
101 struct libalias *lib; /* libalias instance */
102 /* number of entry in spool chain */
104 /* chain of redir instances */
105 LIST_HEAD(redir_chain, cfg_redir) redir_chain;
108 #define SOF_NAT sizeof(struct cfg_nat)
109 #define SOF_REDIR sizeof(struct cfg_redir)
110 #define SOF_SPOOL sizeof(struct cfg_spool)
113 typedef struct _ipfw_insn_nat {
118 #define LOOKUP_NAT(l, i, p) do { \
119 LIST_FOREACH((p), &(l.nat), _next){ \
120 if((p)->id == (i)){ \
126 #define HOOK_NAT(b, p) do { \
127 LIST_INSERT_HEAD(b, p, _next); \
130 #define UNHOOK_NAT(p) do { \
131 LIST_REMOVE(p, _next); \
134 #define HOOK_REDIR(b, p) do { \
135 LIST_INSERT_HEAD(b, p, _next); \
138 #define HOOK_SPOOL(b, p) do { \
139 LIST_INSERT_HEAD(b, p, _next); \