2 * Copyright (C) 1995-2001 by Darren Reed.
4 * See the IPFILTER.LICENCE file for details on licencing.
6 * @(#)ip_nat.h 1.5 2/4/96
7 * $Id: ip_nat.h,v 2.17.2.27 2002/08/28 12:45:51 darrenr Exp $
8 * $FreeBSD: src/sys/contrib/ipfilter/netinet/ip_nat.h,v 1.15.2.6 2004/07/04 09:24:39 darrenr Exp $
9 * $DragonFly: src/sys/contrib/ipfilter/netinet/ip_nat.h,v 1.5 2004/07/28 00:22:37 hmp Exp $
16 #define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
19 #if defined(__STDC__) || defined(__GNUC__)
20 #define SIOCADNAT _IOW('r', 60, struct ipnat *)
21 #define SIOCRMNAT _IOW('r', 61, struct ipnat *)
22 #define SIOCGNATS _IOWR('r', 62, struct natstat *)
23 #define SIOCGNATL _IOWR('r', 63, struct natlookup *)
25 #define SIOCADNAT _IOW(r, 60, struct ipnat *)
26 #define SIOCRMNAT _IOW(r, 61, struct ipnat *)
27 #define SIOCGNATS _IOWR(r, 62, struct natstat *)
28 #define SIOCGNATL _IOWR(r, 63, struct natlookup *)
31 #undef LARGE_NAT /* define this if you're setting up a system to NAT
32 * LARGE numbers of networks/hosts - i.e. in the
33 * hundreds or thousands. In such a case, you should
34 * also change the RDR_SIZE and NAT_SIZE below to more
35 * appropriate sizes. The figures below were used for
36 * a setup with 1000-2000 networks to NAT.
40 # define NAT_SIZE 2047
47 # define RDR_SIZE 2047
54 # define HOSTMAP_SIZE 8191
56 # define HOSTMAP_SIZE 2047
61 # define NAT_TABLE_MAX 180000
63 # define NAT_TABLE_MAX 30000
68 # define NAT_TABLE_SZ 16383
70 # define NAT_TABLE_SZ 2047
74 #define APR_LABELLEN 16
76 #define NAT_HW_CKSUM 0x80000000
78 #define DEF_NAT_AGE 1200 /* 10 minutes (600 seconds) */
88 struct ap_session *nat_aps; /* proxy session */
89 struct frentry *nat_fr; /* filter rule ptr if appropriate */
90 struct in_addr nat_inip;
91 struct in_addr nat_outip;
92 struct in_addr nat_oip; /* other ip */
96 u_short nat_oport; /* other port */
100 u_char nat_tcpstate[2];
101 u_char nat_p; /* protocol for NAT */
102 u_32_t nat_mssclamp; /* if != zero clamp MSS to this */
103 struct ipnat *nat_ptr; /* pointer back to the rule */
104 struct hostmap *nat_hm;
105 struct nat *nat_next;
106 struct nat *nat_hnext[2];
107 struct nat **nat_phnext[2];
111 char nat_ifname[IFNAMSIZ];
112 #if SOLARIS || defined(__sgi)
117 typedef struct ipnat {
118 struct ipnat *in_next;
119 struct ipnat *in_rnext;
120 struct ipnat **in_prnext;
121 struct ipnat *in_mnext;
122 struct ipnat **in_pmnext;
128 struct in_addr in_nextip;
130 u_short in_ippip; /* IP #'s per IP# */
131 u_32_t in_flags; /* From here to in_dport must be reflected */
132 u_32_t in_mssclamp; /* if != zero clamp MSS to this */
134 u_short in_ppip; /* ports per IP */
135 u_short in_port[2]; /* correctly in IPN_CMPSIZ */
136 struct in_addr in_in[2];
137 struct in_addr in_out[2];
138 struct in_addr in_src[2];
140 u_int in_age[2]; /* Aging for NAT entries. Not for TCP */
141 int in_redir; /* 0 if it's a mapping, 1 if it's a hard redir */
142 char in_ifname[IFNAMSIZ];
143 char in_plabel[APR_LABELLEN]; /* proxy label */
144 char in_p; /* protocol */
147 #define in_pmin in_port[0] /* Also holds static redir port */
148 #define in_pmax in_port[1]
149 #define in_nip in_nextip.s_addr
150 #define in_inip in_in[0].s_addr
151 #define in_inmsk in_in[1].s_addr
152 #define in_outip in_out[0].s_addr
153 #define in_outmsk in_out[1].s_addr
154 #define in_srcip in_src[0].s_addr
155 #define in_srcmsk in_src[1].s_addr
156 #define in_scmp in_tuc.ftu_scmp
157 #define in_dcmp in_tuc.ftu_dcmp
158 #define in_stop in_tuc.ftu_stop
159 #define in_dtop in_tuc.ftu_dtop
160 #define in_sport in_tuc.ftu_sport
161 #define in_dport in_tuc.ftu_dport
163 #define NAT_OUTBOUND 0
164 #define NAT_INBOUND 1
167 #define NAT_REDIRECT 0x02
168 #define NAT_BIMAP (NAT_MAP|NAT_REDIRECT)
169 #define NAT_MAPBLK 0x04
170 /* 0x100 reserved for FI_W_SPORT */
171 /* 0x200 reserved for FI_W_DPORT */
172 /* 0x400 reserved for FI_W_SADDR */
173 /* 0x800 reserved for FI_W_DADDR */
174 /* 0x1000 reserved for FI_W_NEWFR */
176 #define MAPBLK_MINPORT 1024 /* don't use reserved ports for src port */
177 #define USABLE_PORTS (65536 - MAPBLK_MINPORT)
179 #define IPN_CMPSIZ (sizeof(ipnat_t) - offsetof(ipnat_t, in_flags))
181 typedef struct natlookup {
182 struct in_addr nl_inip;
183 struct in_addr nl_outip;
184 struct in_addr nl_realip;
192 typedef struct nat_save {
195 struct ipnat ipn_ipnat;
196 struct frentry ipn_fr;
201 #define ipn_rule ipn_nat.nat_fr
203 typedef struct natget {
209 typedef struct hostmap {
210 struct hostmap *hm_next;
211 struct hostmap **hm_pnext;
212 struct ipnat *hm_ipnat;
213 struct in_addr hm_realip;
214 struct in_addr hm_mapip;
219 typedef struct natstat {
230 hostmap_t **ns_maptable;
241 #define IPN_ANY 0x000
242 #define IPN_TCP 0x001
243 #define IPN_UDP 0x002
244 #define IPN_TCPUDP (IPN_TCP|IPN_UDP)
245 #define IPN_DELETE 0x004
246 #define IPN_ICMPERR 0x008
247 #define IPN_RF (IPN_TCPUDP|IPN_DELETE|IPN_ICMPERR)
248 #define IPN_AUTOPORTMAP 0x010
249 #define IPN_IPRANGE 0x020
250 #define IPN_USERFLAGS (IPN_TCPUDP|IPN_AUTOPORTMAP|IPN_IPRANGE|IPN_SPLIT|\
251 IPN_ROUNDR|IPN_FILTER|IPN_NOTSRC|IPN_NOTDST|IPN_FRAG)
252 #define IPN_FILTER 0x040
253 #define IPN_SPLIT 0x080
254 #define IPN_ROUNDR 0x100
255 #define IPN_NOTSRC 0x080000
256 #define IPN_NOTDST 0x100000
257 #define IPN_FRAG 0x200000
260 typedef struct natlog {
261 struct in_addr nl_origip;
262 struct in_addr nl_outip;
263 struct in_addr nl_inip;
275 #define NL_NEWMAP NAT_MAP
276 #define NL_NEWRDR NAT_REDIRECT
277 #define NL_NEWBIMAP NAT_BIMAP
278 #define NL_NEWBLOCK NAT_MAPBLK
279 #define NL_FLUSH 0xfffe
280 #define NL_EXPIRE 0xffff
282 #define NAT_HASH_FN(k,l,m) (((k) + ((k) >> 12) + l) % (m))
284 #define LONG_SUM(in) (((in) & 0xffff) + ((in) >> 16))
286 #define CALC_SUMD(s1, s2, sd) { \
287 (s1) = ((s1) & 0xffff) + ((s1) >> 16); \
288 (s2) = ((s2) & 0xffff) + ((s2) >> 16); \
290 (s1) = ((s1) & 0xffff) + ((s1) >> 16); \
291 (s2) = ((s2) & 0xffff) + ((s2) >> 16); \
292 /* Because ~1 == -2, We really need ~1 == -1 */ \
293 if ((s1) > (s2)) (s2)--; \
294 (sd) = (s2) - (s1); \
295 (sd) = ((sd) & 0xffff) + ((sd) >> 16); }
297 #define NAT_SYSSPACE 0x80000000
298 #define NAT_LOCKHELD 0x40000000
300 extern u_int ipf_nattable_sz;
301 extern u_int ipf_natrules_sz;
302 extern u_int ipf_rdrrules_sz;
303 extern int fr_nat_lock;
304 extern void ip_natsync (void *);
305 extern u_long fr_defnatage;
306 extern u_long fr_defnaticmpage;
307 extern nat_t **nat_table[2];
308 extern nat_t *nat_instances;
309 extern ipnat_t **nat_rules;
310 extern ipnat_t **rdr_rules;
311 extern ipnat_t *nat_list;
312 extern natstat_t nat_stats;
313 #if defined(__OpenBSD__)
314 extern void nat_ifdetach (void *);
316 #if defined(__DragonFly__) || defined(__NetBSD__) || defined(__OpenBSD__) || (__FreeBSD_version >= 300003)
317 extern int nat_ioctl (caddr_t, u_long, int);
319 extern int nat_ioctl (caddr_t, int, int);
321 extern int nat_init (void);
322 extern nat_t *nat_new (fr_info_t *, ip_t *, ipnat_t *, nat_t **,
324 extern nat_t *nat_outlookup (fr_info_t *, u_int, u_int, struct in_addr,
325 struct in_addr, int);
326 extern nat_t *nat_inlookup (fr_info_t *, u_int, u_int, struct in_addr,
327 struct in_addr, int);
328 extern nat_t *nat_lookupredir (natlookup_t *);
329 extern nat_t *nat_icmplookup (ip_t *, fr_info_t *, int);
330 extern nat_t *nat_icmp (ip_t *, fr_info_t *, u_int *, int);
331 extern int nat_clearlist (void);
332 extern void nat_insert (nat_t *);
334 extern int ip_natout (ip_t *, fr_info_t *);
335 extern int ip_natin (ip_t *, fr_info_t *);
336 extern void ip_natunload (void), ip_natexpire (void);
337 extern void nat_log (struct nat *, u_int);
338 extern void fix_incksum (fr_info_t *, u_short *, u_32_t);
339 extern void fix_outcksum (fr_info_t *, u_short *, u_32_t);
340 extern void fix_datacksum (u_short *, u_32_t);
342 #endif /* __IP_NAT_H__ */