4 * Copyright (C) 2012 by Darren Reed.
6 * See the IPFILTER.LICENCE file for details on licencing.
8 * @(#)ip_nat.h 1.5 2/4/96
10 * Id: ip_nat.h,v 2.90.2.20 2007/09/25 08:27:32 darrenr Exp $
17 # if defined(sun) && defined(__SVR4)
24 #if defined(__STDC__) || defined(__GNUC__) || defined(_AIX51)
25 #define SIOCADNAT _IOW('r', 60, struct ipfobj)
26 #define SIOCRMNAT _IOW('r', 61, struct ipfobj)
27 #define SIOCGNATS _IOWR('r', 62, struct ipfobj)
28 #define SIOCGNATL _IOWR('r', 63, struct ipfobj)
29 #define SIOCPURGENAT _IOWR('r', 100, struct ipfobj)
31 #define SIOCADNAT _IOW(r, 60, struct ipfobj)
32 #define SIOCRMNAT _IOW(r, 61, struct ipfobj)
33 #define SIOCGNATS _IOWR(r, 62, struct ipfobj)
34 #define SIOCGNATL _IOWR(r, 63, struct ipfobj)
35 #define SIOCPURGENAT _IOWR(r, 100, struct ipfobj)
38 #undef LARGE_NAT /* define this if you're setting up a system to NAT
39 * LARGE numbers of networks/hosts - i.e. in the
40 * hundreds or thousands. In such a case, you should
41 * also change the RDR_SIZE and NAT_SIZE below to more
42 * appropriate sizes. The figures below were used for
43 * a setup with 1000-2000 networks to NAT.
47 # define NAT_SIZE 2047
54 # define RDR_SIZE 2047
61 # define HOSTMAP_SIZE 8191
63 # define HOSTMAP_SIZE 2047
68 * This is newly introduced and for the sake of "least surprise", the numbers
69 * present aren't what we'd normally use for creating a proper hash table.
72 # define NAT_TABLE_MAX 180000
74 # define NAT_TABLE_MAX 30000
79 # define NAT_TABLE_SZ 16383
81 # define NAT_TABLE_SZ 2047
85 #define APR_LABELLEN 16
87 #define NAT_HW_CKSUM 0x80000000
88 #define NAT_HW_CKSUM_PART 0x40000000
90 #define DEF_NAT_AGE 1200 /* 10 minutes (600 seconds) */
96 * This structure is used in the active NAT table and represents an
101 struct nat *nat_next;
102 struct nat **nat_pnext;
103 struct nat *nat_hnext[2];
104 struct nat **nat_phnext[2];
105 struct hostmap *nat_hm;
108 struct ipstate *nat_state;
109 struct ap_session *nat_aps; /* proxy session */
110 frentry_t *nat_fr; /* filter rule ptr if appropriate */
111 struct ipnat *nat_ptr; /* pointer back to the rule */
117 u_32_t nat_sumd[2]; /* ip checksum delta for data segment*/
118 u_32_t nat_ipsumd; /* ip checksum delta for ip header */
119 u_32_t nat_mssclamp; /* if != zero clamp MSS to this */
124 U_QUAD_T nat_pkts[2];
125 U_QUAD_T nat_bytes[2];
131 } nat_unold, nat_unnew;
133 int nat_pr[2]; /* protocol for NAT */
135 int nat_ref; /* reference count */
137 char nat_ifnames[2][LIFNAMSIZ];
138 int nat_rev; /* 0 = forward, 1 = reverse */
140 int nat_v[2]; /* 0 = old, 1 = new */
141 u_int nat_redir; /* copy of in_redir */
144 #define nat_osrcip nat_osrc6.in4
145 #define nat_odstip nat_odst6.in4
146 #define nat_nsrcip nat_nsrc6.in4
147 #define nat_ndstip nat_ndst6.in4
148 #define nat_osrcaddr nat_osrc6.in4.s_addr
149 #define nat_odstaddr nat_odst6.in4.s_addr
150 #define nat_nsrcaddr nat_nsrc6.in4.s_addr
151 #define nat_ndstaddr nat_ndst6.in4.s_addr
152 #define nat_age nat_tqe.tqe_die
153 #define nat_osport nat_unold.nat_unt.ts_sport
154 #define nat_odport nat_unold.nat_unt.ts_dport
155 #define nat_nsport nat_unnew.nat_unt.ts_sport
156 #define nat_ndport nat_unnew.nat_unt.ts_dport
157 #define nat_oicmpid nat_unold.nat_uni.ici_id
158 #define nat_nicmpid nat_unnew.nat_uni.ici_id
159 #define nat_type nat_unold.nat_uni.ici_type
160 #define nat_oseq nat_unold.nat_uni.ici_seq
161 #define nat_nseq nat_unnew.nat_uni.ici_seq
162 #define nat_tcpstate nat_tqe.tqe_state
163 #define nat_die nat_tqe.tqe_die
164 #define nat_touched nat_tqe.tqe_touched
169 #define NAT_INBOUND 0
170 #define NAT_OUTBOUND 1
171 #define NAT_ENCAPIN 2
172 #define NAT_ENCAPOUT 3
173 #define NAT_DIVERTIN 4
174 #define NAT_DIVERTOUT 5
177 * Definitions for nat_flags
179 #define NAT_TCP 0x0001 /* IPN_TCP */
180 #define NAT_UDP 0x0002 /* IPN_UDP */
181 #define NAT_ICMPERR 0x0004 /* IPN_ICMPERR */
182 #define NAT_ICMPQUERY 0x0008 /* IPN_ICMPQUERY */
183 #define NAT_SEARCH 0x0010
184 #define NAT_SLAVE 0x0020 /* Slave connection for a proxy */
185 #define NAT_NOTRULEPORT 0x0040 /* Don't use the port # in the NAT rule */
187 #define NAT_TCPUDP (NAT_TCP|NAT_UDP)
188 #define NAT_TCPUDPICMP (NAT_TCP|NAT_UDP|NAT_ICMPERR)
189 #define NAT_TCPUDPICMPQ (NAT_TCP|NAT_UDP|NAT_ICMPQUERY)
190 #define NAT_FROMRULE (NAT_TCP|NAT_UDP)
192 /* 0x0100 reserved for FI_W_SPORT */
193 /* 0x0200 reserved for FI_W_DPORT */
194 /* 0x0400 reserved for FI_W_SADDR */
195 /* 0x0800 reserved for FI_W_DADDR */
196 /* 0x1000 reserved for FI_W_NEWFR */
197 /* 0x2000 reserved for SI_CLONE */
198 /* 0x4000 reserved for SI_CLONED */
199 /* 0x8000 reserved for SI_IGNOREPKT */
201 #define NAT_DEBUG 0x800000
203 typedef struct nat_addr_s {
205 i6addr_t na_nextaddr;
210 #define na_nextip na_nextaddr.in4.s_addr
211 #define na_nextip6 na_nextaddr.in6
212 #define na_num na_addr[0].iplookupnum
213 #define na_type na_addr[0].iplookuptype
214 #define na_subtype na_addr[0].iplookupsubtype
215 #define na_ptr na_addr[1].iplookupptr
216 #define na_func na_addr[1].iplookupfunc
220 * This structure represents an actual NAT rule, loaded by ipnat.
222 typedef struct ipnat {
224 struct ipnat *in_next; /* NAT rule list next */
225 struct ipnat **in_pnext; /* prior rdr next ptr */
226 struct ipnat *in_rnext; /* rdr rule hash next */
227 struct ipnat **in_prnext; /* prior rdr next ptr */
228 struct ipnat *in_mnext; /* map rule hash next */
229 struct ipnat **in_pmnext; /* prior map next ptr */
230 struct ipftq *in_tqehead[2];
237 U_QUAD_T in_bytes[2];
243 int in_flineno; /* conf. file line number */
248 /* From here to the end is covered by IPN_CMPSIZ */
249 u_char in_v[2]; /* 0 = old, 1 = new */
251 u_32_t in_mssclamp; /* if != 0 clamp MSS to this */
253 int in_redir; /* see below for values */
254 int in_pr[2]; /* protocol. */
260 u_short in_ppip; /* ports per IP. */
261 u_short in_ippip; /* IP #'s per IP# */
262 u_short in_ndports[2];
263 u_short in_nsports[2];
265 int in_plabel; /* proxy label. */
266 int in_pconfig; /* proxy label. */
273 * MAP-IN MAP-OUT RDR-IN RDR-OUT
274 * osrc X == src == src X
275 * odst X == dst == dst X
276 * nsrc == dst X X == dst
277 * ndst == src X X == src
279 #define in_dpmin in_ndports[0] /* Also holds static redir port */
280 #define in_dpmax in_ndports[1]
281 #define in_spmin in_nsports[0] /* Also holds static redir port */
282 #define in_spmax in_nsports[1]
283 #define in_ndport in_ndports[0]
284 #define in_nsport in_nsports[0]
285 #define in_dipnext in_ndst.na_nextaddr.in4
286 #define in_dipnext6 in_ndst.na_nextaddr
287 #define in_dnip in_ndst.na_nextaddr.in4.s_addr
288 #define in_dnip6 in_ndst.na_nextaddr
289 #define in_sipnext in_nsrc.na_nextaddr.in4
290 #define in_snip in_nsrc.na_nextaddr.in4.s_addr
291 #define in_snip6 in_nsrc.na_nextaddr
292 #define in_odstip in_odst.na_addr[0].in4
293 #define in_odstip6 in_odst.na_addr[0]
294 #define in_odstaddr in_odst.na_addr[0].in4.s_addr
295 #define in_odstmsk in_odst.na_addr[1].in4.s_addr
296 #define in_odstmsk6 in_odst.na_addr[1]
297 #define in_odstatype in_odst.na_atype
298 #define in_osrcip in_osrc.na_addr[0].in4
299 #define in_osrcip6 in_osrc.na_addr[0]
300 #define in_osrcaddr in_osrc.na_addr[0].in4.s_addr
301 #define in_osrcmsk in_osrc.na_addr[1].in4.s_addr
302 #define in_osrcmsk6 in_osrc.na_addr[1]
303 #define in_osrcatype in_osrc.na_atype
304 #define in_ndstip in_ndst.na_addr[0].in4
305 #define in_ndstip6 in_ndst.na_addr[0]
306 #define in_ndstaddr in_ndst.na_addr[0].in4.s_addr
307 #define in_ndstmsk in_ndst.na_addr[1].in4.s_addr
308 #define in_ndstmsk6 in_ndst.na_addr[1]
309 #define in_ndstatype in_ndst.na_atype
310 #define in_ndstafunc in_ndst.na_function
311 #define in_nsrcip in_nsrc.na_addr[0].in4
312 #define in_nsrcip6 in_nsrc.na_addr[0]
313 #define in_nsrcaddr in_nsrc.na_addr[0].in4.s_addr
314 #define in_nsrcmsk in_nsrc.na_addr[1].in4.s_addr
315 #define in_nsrcmsk6 in_nsrc.na_addr[1]
316 #define in_nsrcatype in_nsrc.na_atype
317 #define in_nsrcafunc in_nsrc.na_function
318 #define in_scmp in_tuc.ftu_scmp
319 #define in_dcmp in_tuc.ftu_dcmp
320 #define in_stop in_tuc.ftu_stop
321 #define in_dtop in_tuc.ftu_dtop
322 #define in_osport in_tuc.ftu_sport
323 #define in_odport in_tuc.ftu_dport
324 #define in_ndstnum in_ndst.na_addr[0].iplookupnum
325 #define in_ndsttype in_ndst.na_addr[0].iplookuptype
326 #define in_ndstptr in_ndst.na_addr[1].iplookupptr
327 #define in_ndstfunc in_ndst.na_addr[1].iplookupfunc
328 #define in_nsrcnum in_nsrc.na_addr[0].iplookupnum
329 #define in_nsrctype in_nsrc.na_addr[0].iplookuptype
330 #define in_nsrcptr in_nsrc.na_addr[1].iplookupptr
331 #define in_nsrcfunc in_nsrc.na_addr[1].iplookupfunc
332 #define in_odstnum in_odst.na_addr[0].iplookupnum
333 #define in_odsttype in_odst.na_addr[0].iplookuptype
334 #define in_odstptr in_odst.na_addr[1].iplookupptr
335 #define in_odstfunc in_odst.na_addr[1].iplookupfunc
336 #define in_osrcnum in_osrc.na_addr[0].iplookupnum
337 #define in_osrctype in_osrc.na_addr[0].iplookuptype
338 #define in_osrcptr in_osrc.na_addr[1].iplookupptr
339 #define in_osrcfunc in_osrc.na_addr[1].iplookupfunc
340 #define in_icmpidmin in_nsports[0]
341 #define in_icmpidmax in_nsports[1]
344 * Bit definitions for in_flags
346 #define IPN_ANY 0x00000
347 #define IPN_TCP 0x00001
348 #define IPN_UDP 0x00002
349 #define IPN_TCPUDP (IPN_TCP|IPN_UDP)
350 #define IPN_ICMPERR 0x00004
351 #define IPN_TCPUDPICMP (IPN_TCP|IPN_UDP|IPN_ICMPERR)
352 #define IPN_ICMPQUERY 0x00008
353 #define IPN_TCPUDPICMPQ (IPN_TCP|IPN_UDP|IPN_ICMPQUERY)
354 #define IPN_RF (IPN_TCPUDP|IPN_DELETE|IPN_ICMPERR)
355 #define IPN_AUTOPORTMAP 0x00010
356 #define IPN_FILTER 0x00020
357 #define IPN_SPLIT 0x00040
358 #define IPN_ROUNDR 0x00080
359 #define IPN_SIPRANGE 0x00100
360 #define IPN_DIPRANGE 0x00200
361 #define IPN_NOTSRC 0x00400
362 #define IPN_NOTDST 0x00800
363 #define IPN_NO 0x01000
364 #define IPN_DYNSRCIP 0x02000 /* dynamic src IP# */
365 #define IPN_DYNDSTIP 0x04000 /* dynamic dst IP# */
366 #define IPN_DELETE 0x08000
367 #define IPN_STICKY 0x10000
368 #define IPN_FRAG 0x20000
369 #define IPN_FIXEDSPORT 0x40000
370 #define IPN_FIXEDDPORT 0x80000
371 #define IPN_FINDFORWARD 0x100000
372 #define IPN_IN 0x200000
373 #define IPN_SEQUENTIAL 0x400000
374 #define IPN_PURGE 0x800000
375 #define IPN_PROXYRULE 0x1000000
376 #define IPN_USERFLAGS (IPN_TCPUDP|IPN_AUTOPORTMAP|IPN_SIPRANGE|IPN_SPLIT|\
377 IPN_ROUNDR|IPN_FILTER|IPN_NOTSRC|IPN_NOTDST|IPN_NO|\
378 IPN_FRAG|IPN_STICKY|IPN_FIXEDDPORT|IPN_ICMPQUERY|\
379 IPN_DIPRANGE|IPN_SEQUENTIAL|IPN_PURGE)
382 * Values for in_redir
385 #define NAT_REDIRECT 0x02
386 #define NAT_BIMAP (NAT_MAP|NAT_REDIRECT)
387 #define NAT_MAPBLK 0x04
388 #define NAT_REWRITE 0x08
389 #define NAT_ENCAP 0x10
390 #define NAT_DIVERTUDP 0x20
392 #define MAPBLK_MINPORT 1024 /* don't use reserved ports for src port */
393 #define USABLE_PORTS (65536 - MAPBLK_MINPORT)
395 #define IPN_CMPSIZ (sizeof(ipnat_t) - offsetof(ipnat_t, in_v))
397 typedef struct natlookup {
398 i6addr_t nl_inipaddr;
399 i6addr_t nl_outipaddr;
400 i6addr_t nl_realipaddr;
408 #define nl_inip nl_inipaddr.in4
409 #define nl_outip nl_outipaddr.in4
410 #define nl_realip nl_realipaddr.in4
411 #define nl_inip6 nl_inipaddr.in6
412 #define nl_outip6 nl_outipaddr.in6
413 #define nl_realip6 nl_realipaddr.in6
416 typedef struct nat_save {
419 struct ipnat ipn_ipnat;
420 struct frentry ipn_fr;
425 #define ipn_rule ipn_nat.nat_fr
427 typedef struct natget {
434 * This structure gets used to help NAT sessions keep the same NAT rule (and
435 * thus translation for IP address) when:
436 * (a) round-robin redirects are in use
437 * (b) different IP add
439 typedef struct hostmap {
440 struct hostmap *hm_hnext;
441 struct hostmap **hm_phnext;
442 struct hostmap *hm_next;
443 struct hostmap **hm_pnext;
444 struct ipnat *hm_ipnat;
455 #define hm_osrcip hm_osrcip6.in4
456 #define hm_odstip hm_odstip6.in4
457 #define hm_nsrcip hm_nsrcip6.in4
458 #define hm_ndstip hm_ndstip6.in4
459 #define hm_osrc6 hm_osrcip6.in6
460 #define hm_odst6 hm_odstip6.in6
461 #define hm_nsrc6 hm_nsrcip6.in6
462 #define hm_ndst6 hm_ndstip6.in6
466 * Structure used to pass information in to nat_newmap and nat_newrdr.
468 typedef struct natinfo {
472 struct in_addr nai_ip; /* In host byte order */
480 typedef struct nat_stat_side {
487 u_long ns_badnextaddr;
488 u_long ns_bucket_max;
489 u_long ns_clone_nomem;
491 u_long ns_decap_fail;
492 u_long ns_decap_pullup;
493 u_long ns_divert_dup;
494 u_long ns_divert_exist;
497 u_long ns_encap_pullup;
499 u_long ns_icmp_address;
500 u_long ns_icmp_basic;
502 u_long ns_icmp_notfound;
503 u_long ns_icmp_rebuild;
504 u_long ns_icmp_short;
506 u_long ns_ifpaddrfail;
508 u_long ns_insert_fail;
511 u_long ns_lookup_miss;
512 u_long ns_lookup_nowild;
513 u_long ns_new_ifpaddr;
516 u_long ns_translated;
517 u_long ns_unfinalised;
519 u_long ns_xlate_null;
520 u_long ns_xlate_exists;
521 u_long ns_ipf_proxy_fail;
522 u_long ns_uncreate[2];
526 typedef struct natstat {
529 hostmap_t *ns_maplist;
530 hostmap_t **ns_maptable;
533 u_long ns_divert_build;
536 u_long ns_flush_closing;
537 u_long ns_flush_queue;
538 u_long ns_flush_state;
539 u_long ns_flush_timeout;
541 u_long ns_hm_newfail;
558 u_long ns_proto[256];
559 nat_stat_side_t ns_side[2];
561 nat_stat_side_t ns_side6[2];
565 typedef struct natlog {
578 U_QUAD_T nl_bytes[2];
581 u_char nl_ifnames[2][LIFNAMSIZ];
587 #define NL_PURGE 0xfffc
588 #define NL_DESTROY 0xfffd
589 #define NL_FLUSH 0xfffe
590 #define NL_EXPIRE 0xffff
592 #define NAT_HASH_FN(_k,_l,_m) (((_k) + ((_k) >> 12) + _l) % (_m))
593 #define NAT_HASH_FN6(_k,_l,_m) ((((u_32_t *)(_k))[3] \
594 + (((u_32_t *)(_k))[3] >> 12) \
595 + (((u_32_t *)(_k))[2]) \
596 + (((u_32_t *)(_k))[2] >> 12) \
597 + (((u_32_t *)(_k))[1]) \
598 + (((u_32_t *)(_k))[1] >> 12) \
599 + (((u_32_t *)(_k))[0]) \
600 + (((u_32_t *)(_k))[0] >> 12) \
603 #define LONG_SUM(_i) (((_i) & 0xffff) + ((_i) >> 16))
604 #define LONG_SUM6(_i) (LONG_SUM(ntohl(((u_32_t *)(_i))[0])) + \
605 LONG_SUM(ntohl(((u_32_t *)(_i))[1])) + \
606 LONG_SUM(ntohl(((u_32_t *)(_i))[2])) + \
607 LONG_SUM(ntohl(((u_32_t *)(_i))[3])))
609 #define CALC_SUMD(s1, s2, sd) { \
610 (s1) = ((s1) & 0xffff) + ((s1) >> 16); \
611 (s2) = ((s2) & 0xffff) + ((s2) >> 16); \
613 (s1) = ((s1) & 0xffff) + ((s1) >> 16); \
614 (s2) = ((s2) & 0xffff) + ((s2) >> 16); \
615 /* Because ~1 == -2, We really need ~1 == -1 */ \
616 if ((s1) > (s2)) (s2)--; \
617 (sd) = (s2) - (s1); \
618 (sd) = ((sd) & 0xffff) + ((sd) >> 16); }
620 #define NAT_SYSSPACE 0x80000000
621 #define NAT_LOCKHELD 0x40000000
624 * This is present in ip_nat.h because it needs to be shared between
625 * ip_nat.c and ip_nat6.c
627 typedef struct ipf_nat_softc_s {
628 ipfmutex_t ipf_nat_new;
629 ipfmutex_t ipf_nat_io;
634 int ipf_nat_table_wm_high;
635 int ipf_nat_table_wm_low;
636 u_int ipf_nat_table_max;
637 u_int ipf_nat_table_sz;
638 u_int ipf_nat_maprules_sz;
639 u_int ipf_nat_rdrrules_sz;
640 u_int ipf_nat_hostmap_sz;
641 u_int ipf_nat_maxbucket;
642 u_int ipf_nat_last_force_flush;
643 u_int ipf_nat_defage;
644 u_int ipf_nat_defipage;
645 u_int ipf_nat_deficmpage;
646 ipf_v4_masktab_t ipf_nat_map_mask;
647 ipf_v6_masktab_t ipf_nat6_map_mask;
648 ipf_v4_masktab_t ipf_nat_rdr_mask;
649 ipf_v6_masktab_t ipf_nat6_rdr_mask;
650 nat_t **ipf_nat_table[2];
651 nat_t *ipf_nat_instances;
652 ipnat_t *ipf_nat_list;
653 ipnat_t **ipf_nat_list_tail;
654 ipnat_t **ipf_nat_map_rules;
655 ipnat_t **ipf_nat_rdr_rules;
656 ipftq_t *ipf_nat_utqe;
657 hostmap_t **ipf_hm_maptable ;
658 hostmap_t *ipf_hm_maplist ;
659 ipftuneable_t *ipf_nat_tune;
660 ipftq_t ipf_nat_udptq;
661 ipftq_t ipf_nat_udpacktq;
662 ipftq_t ipf_nat_icmptq;
663 ipftq_t ipf_nat_icmpacktq;
664 ipftq_t ipf_nat_iptq;
665 ipftq_t ipf_nat_pending;
666 ipftq_t ipf_nat_tcptq[IPF_TCP_NSTATES];
667 natstat_t ipf_nat_stats;
670 #define ipf_nat_map_max ipf_nat_map_mask.imt4_max
671 #define ipf_nat_rdr_max ipf_nat_rdr_mask.imt4_max
672 #define ipf_nat6_map_max ipf_nat6_map_mask.imt6_max
673 #define ipf_nat6_rdr_max ipf_nat6_rdr_mask.imt6_max
674 #define ipf_nat_map_active_masks ipf_nat_map_mask.imt4_active
675 #define ipf_nat_rdr_active_masks ipf_nat_rdr_mask.imt4_active
676 #define ipf_nat6_map_active_masks ipf_nat6_map_mask.imt6_active
677 #define ipf_nat6_rdr_active_masks ipf_nat6_rdr_mask.imt6_active
679 extern frentry_t ipfnatblock;
681 extern void ipf_fix_datacksum __P((u_short *, u_32_t));
682 extern void ipf_fix_incksum __P((int, u_short *, u_32_t, u_32_t));
683 extern void ipf_fix_outcksum __P((int, u_short *, u_32_t, u_32_t));
685 extern int ipf_nat_checkin __P((fr_info_t *, u_32_t *));
686 extern int ipf_nat_checkout __P((fr_info_t *, u_32_t *));
687 extern void ipf_nat_delete __P((ipf_main_softc_t *, struct nat *, int));
688 extern void ipf_nat_deref __P((ipf_main_softc_t *, nat_t **));
689 extern void ipf_nat_expire __P((ipf_main_softc_t *));
690 extern int ipf_nat_hashtab_add __P((ipf_main_softc_t *,
691 ipf_nat_softc_t *, nat_t *));
692 extern void ipf_nat_hostmapdel __P((ipf_main_softc_t *, hostmap_t **));
693 extern int ipf_nat_hostmap_rehash __P((ipf_main_softc_t *,
694 ipftuneable_t *, ipftuneval_t *));
695 extern nat_t *ipf_nat_icmperrorlookup __P((fr_info_t *, int));
696 extern nat_t *ipf_nat_icmperror __P((fr_info_t *, u_int *, int));
697 extern int ipf_nat_init __P((void));
698 extern nat_t *ipf_nat_inlookup __P((fr_info_t *, u_int, u_int,
699 struct in_addr, struct in_addr));
700 extern int ipf_nat_in __P((fr_info_t *, nat_t *, int, u_32_t));
701 extern int ipf_nat_insert __P((ipf_main_softc_t *, ipf_nat_softc_t *,
703 extern int ipf_nat_ioctl __P((ipf_main_softc_t *, caddr_t, ioctlcmd_t,
705 extern void ipf_nat_log __P((ipf_main_softc_t *, ipf_nat_softc_t *,
706 struct nat *, u_int));
707 extern nat_t *ipf_nat_lookupredir __P((natlookup_t *));
708 extern nat_t *ipf_nat_maplookup __P((void *, u_int, struct in_addr,
710 extern nat_t *ipf_nat_add __P((fr_info_t *, ipnat_t *, nat_t **,
712 extern int ipf_nat_out __P((fr_info_t *, nat_t *, int, u_32_t));
713 extern nat_t *ipf_nat_outlookup __P((fr_info_t *, u_int, u_int,
714 struct in_addr, struct in_addr));
715 extern u_short *ipf_nat_proto __P((fr_info_t *, nat_t *, u_int));
716 extern void ipf_nat_rule_deref __P((ipf_main_softc_t *, ipnat_t **));
717 extern void ipf_nat_setqueue __P((ipf_main_softc_t *, ipf_nat_softc_t *,
719 extern void ipf_nat_setpending __P((ipf_main_softc_t *, nat_t *));
720 extern nat_t *ipf_nat_tnlookup __P((fr_info_t *, int));
721 extern void ipf_nat_update __P((fr_info_t *, nat_t *));
722 extern int ipf_nat_rehash __P((ipf_main_softc_t *, ipftuneable_t *,
724 extern int ipf_nat_rehash_rules __P((ipf_main_softc_t *, ipftuneable_t *,
726 extern int ipf_nat_settimeout __P((struct ipf_main_softc_s *,
727 ipftuneable_t *, ipftuneval_t *));
728 extern void ipf_nat_sync __P((ipf_main_softc_t *, void *));
730 extern nat_t *ipf_nat_clone __P((fr_info_t *, nat_t *));
731 extern void ipf_nat_delmap __P((ipf_nat_softc_t *, ipnat_t *));
732 extern void ipf_nat_delrdr __P((ipf_nat_softc_t *, ipnat_t *));
733 extern int ipf_nat_wildok __P((nat_t *, int, int, int, int));
734 extern void ipf_nat_setlock __P((void *, int));
735 extern void ipf_nat_load __P((void));
736 extern void *ipf_nat_soft_create __P((ipf_main_softc_t *));
737 extern int ipf_nat_soft_init __P((ipf_main_softc_t *, void *));
738 extern void ipf_nat_soft_destroy __P((ipf_main_softc_t *, void *));
739 extern int ipf_nat_soft_fini __P((ipf_main_softc_t *, void *));
740 extern int ipf_nat_main_load __P((void));
741 extern int ipf_nat_main_unload __P((void));
742 extern ipftq_t *ipf_nat_add_tq __P((ipf_main_softc_t *, int));
743 extern void ipf_nat_uncreate __P((fr_info_t *));
746 extern nat_t *ipf_nat6_add __P((fr_info_t *, ipnat_t *, nat_t **,
748 extern void ipf_nat6_addrdr __P((ipf_nat_softc_t *, ipnat_t *));
749 extern void ipf_nat6_addmap __P((ipf_nat_softc_t *, ipnat_t *));
750 extern void ipf_nat6_addencap __P((ipf_nat_softc_t *, ipnat_t *));
751 extern int ipf_nat6_checkout __P((fr_info_t *, u_32_t *));
752 extern int ipf_nat6_checkin __P((fr_info_t *, u_32_t *));
753 extern void ipf_nat6_delmap __P((ipf_nat_softc_t *, ipnat_t *));
754 extern void ipf_nat6_delrdr __P((ipf_nat_softc_t *, ipnat_t *));
755 extern int ipf_nat6_finalise __P((fr_info_t *, nat_t *));
756 extern nat_t *ipf_nat6_icmperror __P((fr_info_t *, u_int *, int));
757 extern nat_t *ipf_nat6_icmperrorlookup __P((fr_info_t *, int));
758 extern nat_t *ipf_nat6_inlookup __P((fr_info_t *, u_int, u_int,
759 struct in6_addr *, struct in6_addr *));
760 extern u_32_t ipf_nat6_ip6subtract __P((i6addr_t *, i6addr_t *));
761 extern frentry_t *ipf_nat6_ipfin __P((fr_info_t *, u_32_t *));
762 extern frentry_t *ipf_nat6_ipfout __P((fr_info_t *, u_32_t *));
763 extern nat_t *ipf_nat6_lookupredir __P((natlookup_t *));
764 extern int ipf_nat6_newmap __P((fr_info_t *, nat_t *, natinfo_t *));
765 extern int ipf_nat6_newrdr __P((fr_info_t *, nat_t *, natinfo_t *));
766 extern nat_t *ipf_nat6_outlookup __P((fr_info_t *, u_int, u_int,
767 struct in6_addr *, struct in6_addr *));
768 extern int ipf_nat6_newrewrite __P((fr_info_t *, nat_t *, natinfo_t *));
769 extern int ipf_nat6_newdivert __P((fr_info_t *, nat_t *, natinfo_t *));
770 extern int ipf_nat6_ruleaddrinit __P((ipf_main_softc_t *, ipf_nat_softc_t *, ipnat_t *));
775 #endif /* __IP_NAT_H__ */
projects / FreeBSD / FreeBSD.git / blob