2 * Copyright (C) 1995-1998 by Darren Reed.
4 * Redistribution and use in source and binary forms are permitted
5 * provided that this notice is preserved and due credit is given
6 * to the original author and the contributors.
8 * @(#)ip_nat.h 1.5 2/4/96
9 * $Id: ip_nat.h,v 2.1.2.3 2000/01/24 12:44:24 darrenr Exp $
16 #define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
19 #if defined(__STDC__) || defined(__GNUC__)
20 #define SIOCADNAT _IOW('r', 80, struct ipnat)
21 #define SIOCRMNAT _IOW('r', 81, struct ipnat)
22 #define SIOCGNATS _IOR('r', 82, struct natstat)
23 #define SIOCGNATL _IOWR('r', 83, struct natlookup)
24 #define SIOCGFRST _IOR('r', 84, struct ipfrstat)
25 #define SIOCGIPST _IOR('r', 85, struct ips_stat)
26 #define SIOCFLNAT _IOWR('r', 86, int)
27 #define SIOCCNATL _IOWR('r', 87, int)
29 #define SIOCADNAT _IOW(r, 80, struct ipnat)
30 #define SIOCRMNAT _IOW(r, 81, struct ipnat)
31 #define SIOCGNATS _IOR(r, 82, struct natstat)
32 #define SIOCGNATL _IOWR(r, 83, struct natlookup)
33 #define SIOCGFRST _IOR(r, 84, struct ipfrstat)
34 #define SIOCGIPST _IOR(r, 85, struct ips_stat)
35 #define SIOCFLNAT _IOWR(r, 86, int)
36 #define SIOCCNATL _IOWR(r, 87, int)
39 #undef LARGE_NAT /* define this if you're setting up a system to NAT
40 * LARGE numbers of networks/hosts - i.e. in the
41 * hundreds or thousands. In such a case, you should
42 * also change the RDR_SIZE and NAT_SIZE below to more
43 * appropriate sizes. The figures below were used for
44 * a setup with 1000-2000 networks to NAT.
48 #define NAT_TABLE_SZ 127
55 #define NAT_TABLE_SZ 16383
58 #define APR_LABELLEN 16
60 #define NAT_HW_CKSUM 0x80000000
62 #define DEF_NAT_AGE 1200 /* 10 minutes (600 seconds) */
70 void *nat_aps; /* proxy session */
71 frentry_t *nat_fr; /* filter rule ptr if appropriate */
72 struct in_addr nat_inip;
73 struct in_addr nat_outip;
74 struct in_addr nat_oip; /* other ip */
77 u_short nat_oport; /* other port */
81 u_char nat_tcpstate[2];
82 u_char nat_p; /* protocol for NAT */
83 struct ipnat *nat_ptr; /* pointer back to the rule */
85 struct nat *nat_hnext[2];
86 struct nat **nat_hstart[2];
91 typedef struct ipnat {
92 struct ipnat *in_next;
93 struct ipnat *in_rnext;
94 struct ipnat *in_mnext;
100 struct in_addr in_nextip;
102 u_short in_ppip; /* ports per IP */
103 u_short in_ippip; /* IP #'s per IP# */
104 u_short in_flags; /* From here to in_dport must be reflected */
105 u_short in_port[2]; /* correctly in IPN_CMPSIZ */
106 struct in_addr in_in[2];
107 struct in_addr in_out[2];
108 struct in_addr in_src[2];
109 int in_redir; /* 0 if it's a mapping, 1 if it's a hard redir */
110 char in_ifname[IFNAMSIZ];
111 char in_plabel[APR_LABELLEN]; /* proxy label */
112 char in_p; /* protocol */
116 #define in_pmin in_port[0] /* Also holds static redir port */
117 #define in_pmax in_port[1]
118 #define in_nip in_nextip.s_addr
119 #define in_inip in_in[0].s_addr
120 #define in_inmsk in_in[1].s_addr
121 #define in_outip in_out[0].s_addr
122 #define in_outmsk in_out[1].s_addr
123 #define in_srcip in_src[0].s_addr
124 #define in_srcmsk in_src[1].s_addr
126 #define NAT_OUTBOUND 0
127 #define NAT_INBOUND 1
130 #define NAT_REDIRECT 0x02
131 #define NAT_BIMAP (NAT_MAP|NAT_REDIRECT)
132 #define NAT_MAPBLK 0x04
134 #define MAPBLK_MINPORT 1024 /* don't use reserved ports for src port */
135 #define USABLE_PORTS (65536 - MAPBLK_MINPORT)
137 #define IPN_CMPSIZ (sizeof(ipnat_t) - offsetof(ipnat_t, in_flags))
139 typedef struct natlookup {
140 struct in_addr nl_inip;
141 struct in_addr nl_outip;
142 struct in_addr nl_realip;
149 typedef struct natstat {
169 #define IPN_TCPUDP (IPN_TCP|IPN_UDP)
170 #define IPN_DELETE 0x04
171 #define IPN_ICMPERR 0x08
172 #define IPN_RF (IPN_TCPUDP|IPN_DELETE|IPN_ICMPERR)
173 #define IPN_AUTOPORTMAP 0x10
174 #define IPN_RANGE 0x20
175 #define IPN_USERFLAGS (IPN_TCPUDP|IPN_AUTOPORTMAP|IPN_RANGE)
178 typedef struct natlog {
179 struct in_addr nl_origip;
180 struct in_addr nl_outip;
181 struct in_addr nl_inip;
193 #define NL_NEWMAP NAT_MAP
194 #define NL_NEWRDR NAT_REDIRECT
195 #define NL_EXPIRE 0xffff
197 #define NAT_HASH_FN(k,m) (((k) + ((k) >> 12)) % (m))
199 #define LONG_SUM(in) (((in) & 0xffff) + ((in) >> 16))
201 #define CALC_SUMD(s1, s2, sd) { \
202 (s1) = ((s1) & 0xffff) + ((s1) >> 16); \
203 (s2) = ((s2) & 0xffff) + ((s2) >> 16); \
205 (s1) = ((s1) & 0xffff) + ((s1) >> 16); \
206 (s2) = ((s2) & 0xffff) + ((s2) >> 16); \
207 /* Because ~1 == -2, We really need ~1 == -1 */ \
208 if ((s1) > (s2)) (s2)--; \
209 (sd) = (s2) - (s1); \
210 (sd) = ((sd) & 0xffff) + ((sd) >> 16); }
213 extern u_int ipf_nattable_sz;
214 extern u_int ipf_natrules_sz;
215 extern u_int ipf_rdrrules_sz;
216 extern void ip_natsync __P((void *));
217 extern u_long fr_defnatage;
218 extern u_long fr_defnaticmpage;
219 extern nat_t **nat_table[2];
220 extern nat_t *nat_instances;
221 extern ipnat_t **nat_rules;
222 extern ipnat_t **rdr_rules;
223 extern natstat_t nat_stats;
224 #if defined(__NetBSD__) || defined(__OpenBSD__)
225 extern int nat_ioctl __P((caddr_t, u_long, int));
227 extern int nat_ioctl __P((caddr_t, int, int));
229 extern int nat_init __P((void));
230 extern nat_t *nat_new __P((ipnat_t *, ip_t *, fr_info_t *, u_int, int));
231 extern nat_t *nat_outlookup __P((void *, u_int, u_int, struct in_addr,
232 struct in_addr, u_32_t));
233 extern nat_t *nat_inlookup __P((void *, u_int, u_int, struct in_addr,
234 struct in_addr, u_32_t));
235 extern nat_t *nat_maplookup __P((void *, u_int, struct in_addr,
237 extern nat_t *nat_lookupredir __P((natlookup_t *));
238 extern nat_t *nat_icmpinlookup __P((ip_t *, fr_info_t *));
239 extern nat_t *nat_icmpin __P((ip_t *, fr_info_t *, u_int *));
241 extern int ip_natout __P((ip_t *, fr_info_t *));
242 extern int ip_natin __P((ip_t *, fr_info_t *));
243 extern void ip_natunload __P((void)), ip_natexpire __P((void));
244 extern void nat_log __P((struct nat *, u_int));
245 extern void fix_incksum __P((u_short *, u_32_t, int));
246 extern void fix_outcksum __P((u_short *, u_32_t, int));
248 #endif /* __IP_NAT_H__ */