2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright 2005, Gleb Smirnoff <glebius@FreeBSD.org>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 #include <sys/param.h>
30 #include <sys/systm.h>
31 #include <sys/kernel.h>
33 #include <sys/malloc.h>
34 #include <sys/ctype.h>
35 #include <sys/errno.h>
36 #include <sys/syslog.h>
38 #include <netinet/in_systm.h>
39 #include <netinet/in.h>
40 #include <netinet/ip.h>
41 #include <netinet/ip_var.h>
42 #include <netinet/tcp.h>
43 #include <machine/in_cksum.h>
46 #include <net/ethernet.h>
48 #include <netinet/libalias/alias.h>
49 #include <netinet/libalias/alias_local.h>
51 #include <netgraph/ng_message.h>
52 #include <netgraph/ng_parse.h>
53 #include <netgraph/ng_nat.h>
54 #include <netgraph/netgraph.h>
56 static ng_constructor_t ng_nat_constructor;
57 static ng_rcvmsg_t ng_nat_rcvmsg;
58 static ng_shutdown_t ng_nat_shutdown;
59 static ng_newhook_t ng_nat_newhook;
60 static ng_rcvdata_t ng_nat_rcvdata;
61 static ng_disconnect_t ng_nat_disconnect;
63 static unsigned int ng_nat_translate_flags(unsigned int x);
65 /* Parse type for struct ng_nat_mode. */
66 static const struct ng_parse_struct_field ng_nat_mode_fields[]
68 static const struct ng_parse_type ng_nat_mode_type = {
69 &ng_parse_struct_type,
73 /* Parse type for 'description' field in structs. */
74 static const struct ng_parse_fixedstring_info ng_nat_description_info
75 = { NG_NAT_DESC_LENGTH };
76 static const struct ng_parse_type ng_nat_description_type = {
77 &ng_parse_fixedstring_type,
78 &ng_nat_description_info
81 /* Parse type for struct ng_nat_redirect_port. */
82 static const struct ng_parse_struct_field ng_nat_redirect_port_fields[]
83 = NG_NAT_REDIRECT_PORT_TYPE_INFO(&ng_nat_description_type);
84 static const struct ng_parse_type ng_nat_redirect_port_type = {
85 &ng_parse_struct_type,
86 &ng_nat_redirect_port_fields
89 /* Parse type for struct ng_nat_redirect_addr. */
90 static const struct ng_parse_struct_field ng_nat_redirect_addr_fields[]
91 = NG_NAT_REDIRECT_ADDR_TYPE_INFO(&ng_nat_description_type);
92 static const struct ng_parse_type ng_nat_redirect_addr_type = {
93 &ng_parse_struct_type,
94 &ng_nat_redirect_addr_fields
97 /* Parse type for struct ng_nat_redirect_proto. */
98 static const struct ng_parse_struct_field ng_nat_redirect_proto_fields[]
99 = NG_NAT_REDIRECT_PROTO_TYPE_INFO(&ng_nat_description_type);
100 static const struct ng_parse_type ng_nat_redirect_proto_type = {
101 &ng_parse_struct_type,
102 &ng_nat_redirect_proto_fields
105 /* Parse type for struct ng_nat_add_server. */
106 static const struct ng_parse_struct_field ng_nat_add_server_fields[]
107 = NG_NAT_ADD_SERVER_TYPE_INFO;
108 static const struct ng_parse_type ng_nat_add_server_type = {
109 &ng_parse_struct_type,
110 &ng_nat_add_server_fields
113 /* Parse type for one struct ng_nat_listrdrs_entry. */
114 static const struct ng_parse_struct_field ng_nat_listrdrs_entry_fields[]
115 = NG_NAT_LISTRDRS_ENTRY_TYPE_INFO(&ng_nat_description_type);
116 static const struct ng_parse_type ng_nat_listrdrs_entry_type = {
117 &ng_parse_struct_type,
118 &ng_nat_listrdrs_entry_fields
121 /* Parse type for 'redirects' array in struct ng_nat_list_redirects. */
123 ng_nat_listrdrs_ary_getLength(const struct ng_parse_type *type,
124 const u_char *start, const u_char *buf)
126 const struct ng_nat_list_redirects *lr;
128 lr = (const struct ng_nat_list_redirects *)
129 (buf - offsetof(struct ng_nat_list_redirects, redirects));
130 return lr->total_count;
133 static const struct ng_parse_array_info ng_nat_listrdrs_ary_info = {
134 &ng_nat_listrdrs_entry_type,
135 &ng_nat_listrdrs_ary_getLength,
138 static const struct ng_parse_type ng_nat_listrdrs_ary_type = {
139 &ng_parse_array_type,
140 &ng_nat_listrdrs_ary_info
143 /* Parse type for struct ng_nat_list_redirects. */
144 static const struct ng_parse_struct_field ng_nat_list_redirects_fields[]
145 = NG_NAT_LIST_REDIRECTS_TYPE_INFO(&ng_nat_listrdrs_ary_type);
146 static const struct ng_parse_type ng_nat_list_redirects_type = {
147 &ng_parse_struct_type,
148 &ng_nat_list_redirects_fields
151 /* Parse type for struct ng_nat_libalias_info. */
152 static const struct ng_parse_struct_field ng_nat_libalias_info_fields[]
153 = NG_NAT_LIBALIAS_INFO;
154 static const struct ng_parse_type ng_nat_libalias_info_type = {
155 &ng_parse_struct_type,
156 &ng_nat_libalias_info_fields
159 /* List of commands and how to convert arguments to/from ASCII. */
160 static const struct ng_cmdlist ng_nat_cmdlist[] = {
165 &ng_parse_ipaddr_type,
179 &ng_parse_ipaddr_type,
184 NGM_NAT_REDIRECT_PORT,
186 &ng_nat_redirect_port_type,
187 &ng_parse_uint32_type
191 NGM_NAT_REDIRECT_ADDR,
193 &ng_nat_redirect_addr_type,
194 &ng_parse_uint32_type
198 NGM_NAT_REDIRECT_PROTO,
200 &ng_nat_redirect_proto_type,
201 &ng_parse_uint32_type
205 NGM_NAT_REDIRECT_DYNAMIC,
207 &ng_parse_uint32_type,
212 NGM_NAT_REDIRECT_DELETE,
214 &ng_parse_uint32_type,
221 &ng_nat_add_server_type,
226 NGM_NAT_LIST_REDIRECTS,
229 &ng_nat_list_redirects_type
235 &ng_parse_string_type,
240 NGM_NAT_LIBALIAS_INFO,
243 &ng_nat_libalias_info_type
249 &ng_parse_uint8_type,
262 /* Netgraph node type descriptor. */
263 static struct ng_type typestruct = {
264 .version = NG_ABI_VERSION,
265 .name = NG_NAT_NODE_TYPE,
266 .constructor = ng_nat_constructor,
267 .rcvmsg = ng_nat_rcvmsg,
268 .shutdown = ng_nat_shutdown,
269 .newhook = ng_nat_newhook,
270 .rcvdata = ng_nat_rcvdata,
271 .disconnect = ng_nat_disconnect,
272 .cmdlist = ng_nat_cmdlist,
274 NETGRAPH_INIT(nat, &typestruct);
275 MODULE_DEPEND(ng_nat, libalias, 1, 1, 1);
277 /* Element for list of redirects. */
278 struct ng_nat_rdr_lst {
279 STAILQ_ENTRY(ng_nat_rdr_lst) entries;
280 struct alias_link *lnk;
281 struct ng_nat_listrdrs_entry rdr;
283 STAILQ_HEAD(rdrhead, ng_nat_rdr_lst);
285 /* Information we store for each node. */
287 node_p node; /* back pointer to node */
288 hook_p in; /* hook for demasquerading */
289 hook_p out; /* hook for masquerading */
290 struct libalias *lib; /* libalias handler */
291 uint32_t flags; /* status flags */
292 uint32_t rdrcount; /* number or redirects in list */
293 uint32_t nextid; /* for next in turn in list */
294 struct rdrhead redirhead; /* redirect list header */
295 uint8_t dlt; /* DLT_XXX from bpf.h */
297 typedef struct ng_nat_priv *priv_p;
299 /* Values of flags */
300 #define NGNAT_CONNECTED 0x1 /* We have both hooks connected */
301 #define NGNAT_ADDR_DEFINED 0x2 /* NGM_NAT_SET_IPADDR happened */
304 ng_nat_constructor(node_p node)
308 /* Initialize private descriptor. */
309 priv = malloc(sizeof(*priv), M_NETGRAPH, M_WAITOK | M_ZERO);
311 /* Init aliasing engine. */
312 priv->lib = LibAliasInit(NULL);
314 /* Set same ports on. */
315 (void )LibAliasSetMode(priv->lib, PKT_ALIAS_SAME_PORTS,
316 PKT_ALIAS_SAME_PORTS);
318 /* Init redirects housekeeping. */
322 STAILQ_INIT(&priv->redirhead);
324 /* Link structs together. */
325 NG_NODE_SET_PRIVATE(node, priv);
329 * libalias is not thread safe, so our node
330 * must be single threaded.
332 NG_NODE_FORCE_WRITER(node);
338 ng_nat_newhook(node_p node, hook_p hook, const char *name)
340 const priv_p priv = NG_NODE_PRIVATE(node);
342 if (strcmp(name, NG_NAT_HOOK_IN) == 0) {
344 } else if (strcmp(name, NG_NAT_HOOK_OUT) == 0) {
349 if (priv->out != NULL &&
351 priv->flags |= NGNAT_CONNECTED;
357 ng_nat_rcvmsg(node_p node, item_p item, hook_p lasthook)
359 const priv_p priv = NG_NODE_PRIVATE(node);
360 struct ng_mesg *resp = NULL;
364 NGI_GET_MSG(item, msg);
366 switch (msg->header.typecookie) {
368 switch (msg->header.cmd) {
369 case NGM_NAT_SET_IPADDR:
371 struct in_addr *const ia = (struct in_addr *)msg->data;
373 if (msg->header.arglen < sizeof(*ia)) {
378 LibAliasSetAddress(priv->lib, *ia);
380 priv->flags |= NGNAT_ADDR_DEFINED;
383 case NGM_NAT_SET_MODE:
385 struct ng_nat_mode *const mode =
386 (struct ng_nat_mode *)msg->data;
388 if (msg->header.arglen < sizeof(*mode)) {
393 if (LibAliasSetMode(priv->lib,
394 ng_nat_translate_flags(mode->flags),
395 ng_nat_translate_flags(mode->mask)) < 0) {
401 case NGM_NAT_SET_TARGET:
403 struct in_addr *const ia = (struct in_addr *)msg->data;
405 if (msg->header.arglen < sizeof(*ia)) {
410 LibAliasSetTarget(priv->lib, *ia);
413 case NGM_NAT_REDIRECT_PORT:
415 struct ng_nat_rdr_lst *entry;
416 struct ng_nat_redirect_port *const rp =
417 (struct ng_nat_redirect_port *)msg->data;
419 if (msg->header.arglen < sizeof(*rp)) {
424 if ((entry = malloc(sizeof(struct ng_nat_rdr_lst),
425 M_NETGRAPH, M_NOWAIT | M_ZERO)) == NULL) {
430 /* Try actual redirect. */
431 entry->lnk = LibAliasRedirectPort(priv->lib,
432 rp->local_addr, htons(rp->local_port),
433 rp->remote_addr, htons(rp->remote_port),
434 rp->alias_addr, htons(rp->alias_port),
437 if (entry->lnk == NULL) {
439 free(entry, M_NETGRAPH);
443 /* Successful, save info in our internal list. */
444 entry->rdr.local_addr = rp->local_addr;
445 entry->rdr.alias_addr = rp->alias_addr;
446 entry->rdr.remote_addr = rp->remote_addr;
447 entry->rdr.local_port = rp->local_port;
448 entry->rdr.alias_port = rp->alias_port;
449 entry->rdr.remote_port = rp->remote_port;
450 entry->rdr.proto = rp->proto;
451 bcopy(rp->description, entry->rdr.description,
454 /* Safety precaution. */
455 entry->rdr.description[NG_NAT_DESC_LENGTH-1] = '\0';
457 entry->rdr.id = priv->nextid++;
460 /* Link to list of redirects. */
461 STAILQ_INSERT_TAIL(&priv->redirhead, entry, entries);
463 /* Response with id of newly added entry. */
464 NG_MKRESPONSE(resp, msg, sizeof(entry->rdr.id), M_NOWAIT);
469 bcopy(&entry->rdr.id, resp->data, sizeof(entry->rdr.id));
472 case NGM_NAT_REDIRECT_ADDR:
474 struct ng_nat_rdr_lst *entry;
475 struct ng_nat_redirect_addr *const ra =
476 (struct ng_nat_redirect_addr *)msg->data;
478 if (msg->header.arglen < sizeof(*ra)) {
483 if ((entry = malloc(sizeof(struct ng_nat_rdr_lst),
484 M_NETGRAPH, M_NOWAIT | M_ZERO)) == NULL) {
489 /* Try actual redirect. */
490 entry->lnk = LibAliasRedirectAddr(priv->lib,
491 ra->local_addr, ra->alias_addr);
493 if (entry->lnk == NULL) {
495 free(entry, M_NETGRAPH);
499 /* Successful, save info in our internal list. */
500 entry->rdr.local_addr = ra->local_addr;
501 entry->rdr.alias_addr = ra->alias_addr;
502 entry->rdr.proto = NG_NAT_REDIRPROTO_ADDR;
503 bcopy(ra->description, entry->rdr.description,
506 /* Safety precaution. */
507 entry->rdr.description[NG_NAT_DESC_LENGTH-1] = '\0';
509 entry->rdr.id = priv->nextid++;
512 /* Link to list of redirects. */
513 STAILQ_INSERT_TAIL(&priv->redirhead, entry, entries);
515 /* Response with id of newly added entry. */
516 NG_MKRESPONSE(resp, msg, sizeof(entry->rdr.id), M_NOWAIT);
521 bcopy(&entry->rdr.id, resp->data, sizeof(entry->rdr.id));
524 case NGM_NAT_REDIRECT_PROTO:
526 struct ng_nat_rdr_lst *entry;
527 struct ng_nat_redirect_proto *const rp =
528 (struct ng_nat_redirect_proto *)msg->data;
530 if (msg->header.arglen < sizeof(*rp)) {
535 if ((entry = malloc(sizeof(struct ng_nat_rdr_lst),
536 M_NETGRAPH, M_NOWAIT | M_ZERO)) == NULL) {
541 /* Try actual redirect. */
542 entry->lnk = LibAliasRedirectProto(priv->lib,
543 rp->local_addr, rp->remote_addr,
544 rp->alias_addr, rp->proto);
546 if (entry->lnk == NULL) {
548 free(entry, M_NETGRAPH);
552 /* Successful, save info in our internal list. */
553 entry->rdr.local_addr = rp->local_addr;
554 entry->rdr.alias_addr = rp->alias_addr;
555 entry->rdr.remote_addr = rp->remote_addr;
556 entry->rdr.proto = rp->proto;
557 bcopy(rp->description, entry->rdr.description,
560 /* Safety precaution. */
561 entry->rdr.description[NG_NAT_DESC_LENGTH-1] = '\0';
563 entry->rdr.id = priv->nextid++;
566 /* Link to list of redirects. */
567 STAILQ_INSERT_TAIL(&priv->redirhead, entry, entries);
569 /* Response with id of newly added entry. */
570 NG_MKRESPONSE(resp, msg, sizeof(entry->rdr.id), M_NOWAIT);
575 bcopy(&entry->rdr.id, resp->data, sizeof(entry->rdr.id));
578 case NGM_NAT_REDIRECT_DYNAMIC:
579 case NGM_NAT_REDIRECT_DELETE:
581 struct ng_nat_rdr_lst *entry;
582 uint32_t *const id = (uint32_t *)msg->data;
584 if (msg->header.arglen < sizeof(*id)) {
589 /* Find entry with supplied id. */
590 STAILQ_FOREACH(entry, &priv->redirhead, entries) {
591 if (entry->rdr.id == *id)
601 if (msg->header.cmd == NGM_NAT_REDIRECT_DYNAMIC) {
602 if (LibAliasRedirectDynamic(priv->lib,
604 error = ENOTTY; /* XXX Something better? */
607 } else { /* NGM_NAT_REDIRECT_DELETE */
608 LibAliasRedirectDelete(priv->lib, entry->lnk);
611 /* Delete entry from our internal list. */
613 STAILQ_REMOVE(&priv->redirhead, entry, ng_nat_rdr_lst, entries);
614 free(entry, M_NETGRAPH);
617 case NGM_NAT_ADD_SERVER:
619 struct ng_nat_rdr_lst *entry;
620 struct ng_nat_add_server *const as =
621 (struct ng_nat_add_server *)msg->data;
623 if (msg->header.arglen < sizeof(*as)) {
628 /* Find entry with supplied id. */
629 STAILQ_FOREACH(entry, &priv->redirhead, entries) {
630 if (entry->rdr.id == as->id)
640 if (LibAliasAddServer(priv->lib, entry->lnk,
641 as->addr, htons(as->port)) == -1) {
649 case NGM_NAT_LIST_REDIRECTS:
651 struct ng_nat_rdr_lst *entry;
652 struct ng_nat_list_redirects *ary;
655 NG_MKRESPONSE(resp, msg, sizeof(*ary) +
656 (priv->rdrcount) * sizeof(*entry), M_NOWAIT);
662 ary = (struct ng_nat_list_redirects *)resp->data;
663 ary->total_count = priv->rdrcount;
665 STAILQ_FOREACH(entry, &priv->redirhead, entries) {
666 bcopy(&entry->rdr, &ary->redirects[i++],
667 sizeof(struct ng_nat_listrdrs_entry));
671 case NGM_NAT_PROXY_RULE:
673 char *cmd = (char *)msg->data;
675 if (msg->header.arglen < 6) {
680 if (LibAliasProxyRule(priv->lib, cmd) != 0)
684 case NGM_NAT_LIBALIAS_INFO:
686 struct ng_nat_libalias_info *i;
688 NG_MKRESPONSE(resp, msg,
689 sizeof(struct ng_nat_libalias_info), M_NOWAIT);
694 i = (struct ng_nat_libalias_info *)resp->data;
695 #define COPY(F) do { \
696 if (priv->lib->F >= 0 && priv->lib->F < UINT32_MAX) \
697 i->F = priv->lib->F; \
707 COPY(protoLinkCount);
708 COPY(fragmentIdLinkCount);
709 COPY(fragmentPtrLinkCount);
714 case NGM_NAT_SET_DLT:
715 if (msg->header.arglen != sizeof(uint8_t)) {
719 switch (*(uint8_t *) msg->data) {
722 priv->dlt = *(uint8_t *) msg->data;
730 error = EINVAL; /* unknown command */
734 case NGM_NAT_GET_DLT:
735 NG_MKRESPONSE(resp, msg, sizeof(uint8_t), M_WAITOK);
740 *((uint8_t *) resp->data) = priv->dlt;
743 error = EINVAL; /* unknown cookie type */
747 NG_RESPOND_MSG(error, node, item, resp);
753 ng_nat_rcvdata(hook_p hook, item_p item )
755 const priv_p priv = NG_NODE_PRIVATE(NG_HOOK_NODE(hook));
758 int rval, ipofs, error = 0;
761 /* We have no required hooks. */
762 if (!(priv->flags & NGNAT_CONNECTED)) {
767 /* We have no alias address yet to do anything. */
768 if (!(priv->flags & NGNAT_ADDR_DEFINED))
773 if ((m = m_megapullup(m, m->m_pkthdr.len)) == NULL) {
774 NGI_M(item) = NULL; /* avoid double free */
787 struct ether_header *eh;
789 if (m->m_pkthdr.len < sizeof(struct ether_header)) {
793 eh = mtod(m, struct ether_header *);
794 switch (ntohs(eh->ether_type)) {
796 ipofs = sizeof(struct ether_header);
804 panic("Corrupted priv->dlt: %u", priv->dlt);
807 if (m->m_pkthdr.len < ipofs + sizeof(struct ip))
808 goto send; /* packet too short to hold IP */
810 c = (char *)mtodo(m, ipofs);
811 ip = (struct ip *)mtodo(m, ipofs);
813 if (ip->ip_v != IPVERSION)
814 goto send; /* other IP version, let it pass */
815 if (m->m_pkthdr.len < ipofs + ntohs(ip->ip_len))
816 goto send; /* packet too short (i.e. fragmented or broken) */
819 * We drop packet when:
820 * 1. libalias returns PKT_ALIAS_ERROR;
821 * 2. For incoming packets:
822 * a) for unresolved fragments;
823 * b) libalias returns PKT_ALIAS_IGNORED and
824 * PKT_ALIAS_DENY_INCOMING flag is set.
826 if (hook == priv->in) {
827 rval = LibAliasIn(priv->lib, c, m->m_len - ipofs +
829 if (rval == PKT_ALIAS_ERROR ||
830 rval == PKT_ALIAS_UNRESOLVED_FRAGMENT ||
831 (rval == PKT_ALIAS_IGNORED &&
832 (priv->lib->packetAliasMode &
833 PKT_ALIAS_DENY_INCOMING) != 0)) {
837 } else if (hook == priv->out) {
838 rval = LibAliasOut(priv->lib, c, m->m_len - ipofs +
840 if (rval == PKT_ALIAS_ERROR) {
845 panic("ng_nat: unknown hook!\n");
847 if (rval == PKT_ALIAS_RESPOND)
848 m->m_flags |= M_SKIP_FIREWALL;
849 m->m_pkthdr.len = m->m_len = ntohs(ip->ip_len) + ipofs;
851 if ((ip->ip_off & htons(IP_OFFMASK)) == 0 &&
852 ip->ip_p == IPPROTO_TCP) {
853 struct tcphdr *th = (struct tcphdr *)((caddr_t)ip +
857 * Here is our terrible HACK.
859 * Sometimes LibAlias edits contents of TCP packet.
860 * In this case it needs to recompute full TCP
861 * checksum. However, the problem is that LibAlias
862 * doesn't have any idea about checksum offloading
863 * in kernel. To workaround this, we do not do
864 * checksumming in LibAlias, but only mark the
865 * packets in th_x2 field. If we receive a marked
866 * packet, we calculate correct checksum for it
867 * aware of offloading.
869 * Why do I do such a terrible hack instead of
870 * recalculating checksum for each packet?
871 * Because the previous checksum was not checked!
872 * Recalculating checksums for EVERY packet will
873 * hide ALL transmission errors. Yes, marked packets
874 * still suffer from this problem. But, sigh, natd(8)
875 * has this problem, too.
879 uint16_t ip_len = ntohs(ip->ip_len);
882 th->th_sum = in_pseudo(ip->ip_src.s_addr,
883 ip->ip_dst.s_addr, htons(IPPROTO_TCP +
884 ip_len - (ip->ip_hl << 2)));
886 if ((m->m_pkthdr.csum_flags & CSUM_TCP) == 0) {
887 m->m_pkthdr.csum_data = offsetof(struct tcphdr,
895 if (hook == priv->in)
896 NG_FWD_ITEM_HOOK(error, item, priv->out);
898 NG_FWD_ITEM_HOOK(error, item, priv->in);
904 ng_nat_shutdown(node_p node)
906 const priv_p priv = NG_NODE_PRIVATE(node);
908 NG_NODE_SET_PRIVATE(node, NULL);
911 /* Free redirects list. */
912 while (!STAILQ_EMPTY(&priv->redirhead)) {
913 struct ng_nat_rdr_lst *entry = STAILQ_FIRST(&priv->redirhead);
914 STAILQ_REMOVE_HEAD(&priv->redirhead, entries);
915 free(entry, M_NETGRAPH);
919 LibAliasUninit(priv->lib);
920 free(priv, M_NETGRAPH);
926 ng_nat_disconnect(hook_p hook)
928 const priv_p priv = NG_NODE_PRIVATE(NG_HOOK_NODE(hook));
930 priv->flags &= ~NGNAT_CONNECTED;
932 if (hook == priv->out)
934 if (hook == priv->in)
937 if (priv->out == NULL && priv->in == NULL)
938 ng_rmnode_self(NG_HOOK_NODE(hook));
944 ng_nat_translate_flags(unsigned int x)
946 unsigned int res = 0;
949 res |= PKT_ALIAS_LOG;
950 if (x & NG_NAT_DENY_INCOMING)
951 res |= PKT_ALIAS_DENY_INCOMING;
952 if (x & NG_NAT_SAME_PORTS)
953 res |= PKT_ALIAS_SAME_PORTS;
954 if (x & NG_NAT_UNREGISTERED_ONLY)
955 res |= PKT_ALIAS_UNREGISTERED_ONLY;
956 if (x & NG_NAT_RESET_ON_ADDR_CHANGE)
957 res |= PKT_ALIAS_RESET_ON_ADDR_CHANGE;
958 if (x & NG_NAT_PROXY_ONLY)
959 res |= PKT_ALIAS_PROXY_ONLY;
960 if (x & NG_NAT_REVERSE)
961 res |= PKT_ALIAS_REVERSE;
962 if (x & NG_NAT_UNREGISTERED_CGN)
963 res |= PKT_ALIAS_UNREGISTERED_CGN;