4 * Copyright (C) 2012 by Darren Reed.
6 * See the IPFILTER.LICENCE file for details on licencing.
8 * @(#)ip_nat.h 1.5 2/4/96
10 * Id: ip_nat.h,v 2.90.2.20 2007/09/25 08:27:32 darrenr Exp $
17 #define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
20 #if defined(__STDC__) || defined(__GNUC__) || defined(_AIX51)
21 #define SIOCADNAT _IOW('r', 60, struct ipfobj)
22 #define SIOCRMNAT _IOW('r', 61, struct ipfobj)
23 #define SIOCGNATS _IOWR('r', 62, struct ipfobj)
24 #define SIOCGNATL _IOWR('r', 63, struct ipfobj)
25 #define SIOCPURGENAT _IOWR('r', 100, struct ipfobj)
27 #define SIOCADNAT _IOW(r, 60, struct ipfobj)
28 #define SIOCRMNAT _IOW(r, 61, struct ipfobj)
29 #define SIOCGNATS _IOWR(r, 62, struct ipfobj)
30 #define SIOCGNATL _IOWR(r, 63, struct ipfobj)
31 #define SIOCPURGENAT _IOWR(r, 100, struct ipfobj)
34 #undef LARGE_NAT /* define this if you're setting up a system to NAT
35 * LARGE numbers of networks/hosts - i.e. in the
36 * hundreds or thousands. In such a case, you should
37 * also change the RDR_SIZE and NAT_SIZE below to more
38 * appropriate sizes. The figures below were used for
39 * a setup with 1000-2000 networks to NAT.
43 # define NAT_SIZE 2047
50 # define RDR_SIZE 2047
57 # define HOSTMAP_SIZE 8191
59 # define HOSTMAP_SIZE 2047
64 * This is newly introduced and for the sake of "least surprise", the numbers
65 * present aren't what we'd normally use for creating a proper hash table.
68 # define NAT_TABLE_MAX 180000
70 # define NAT_TABLE_MAX 30000
75 # define NAT_TABLE_SZ 16383
77 # define NAT_TABLE_SZ 2047
81 #define APR_LABELLEN 16
83 #define NAT_HW_CKSUM 0x80000000
84 #define NAT_HW_CKSUM_PART 0x40000000
86 #define DEF_NAT_AGE 1200 /* 10 minutes (600 seconds) */
92 * This structure is used in the active NAT table and represents an
98 struct nat **nat_pnext;
99 struct nat *nat_hnext[2];
100 struct nat **nat_phnext[2];
101 struct hostmap *nat_hm;
104 struct ipstate *nat_state;
105 struct ap_session *nat_aps; /* proxy session */
106 frentry_t *nat_fr; /* filter rule ptr if appropriate */
107 struct ipnat *nat_ptr; /* pointer back to the rule */
113 u_32_t nat_sumd[2]; /* ip checksum delta for data segment*/
114 u_32_t nat_ipsumd; /* ip checksum delta for ip header */
115 u_32_t nat_mssclamp; /* if != zero clamp MSS to this */
120 U_QUAD_T nat_pkts[2];
121 U_QUAD_T nat_bytes[2];
127 } nat_unold, nat_unnew;
129 int nat_pr[2]; /* protocol for NAT */
131 int nat_ref; /* reference count */
133 char nat_ifnames[2][LIFNAMSIZ];
134 int nat_rev; /* 0 = forward, 1 = reverse */
136 int nat_v[2]; /* 0 = old, 1 = new */
137 u_int nat_redir; /* copy of in_redir */
140 #define nat_osrcip nat_osrc6.in4
141 #define nat_odstip nat_odst6.in4
142 #define nat_nsrcip nat_nsrc6.in4
143 #define nat_ndstip nat_ndst6.in4
144 #define nat_osrcaddr nat_osrc6.in4.s_addr
145 #define nat_odstaddr nat_odst6.in4.s_addr
146 #define nat_nsrcaddr nat_nsrc6.in4.s_addr
147 #define nat_ndstaddr nat_ndst6.in4.s_addr
148 #define nat_age nat_tqe.tqe_die
149 #define nat_osport nat_unold.nat_unt.ts_sport
150 #define nat_odport nat_unold.nat_unt.ts_dport
151 #define nat_nsport nat_unnew.nat_unt.ts_sport
152 #define nat_ndport nat_unnew.nat_unt.ts_dport
153 #define nat_oicmpid nat_unold.nat_uni.ici_id
154 #define nat_nicmpid nat_unnew.nat_uni.ici_id
155 #define nat_type nat_unold.nat_uni.ici_type
156 #define nat_oseq nat_unold.nat_uni.ici_seq
157 #define nat_nseq nat_unnew.nat_uni.ici_seq
158 #define nat_tcpstate nat_tqe.tqe_state
159 #define nat_die nat_tqe.tqe_die
160 #define nat_touched nat_tqe.tqe_touched
165 #define NAT_INBOUND 0
166 #define NAT_OUTBOUND 1
167 #define NAT_ENCAPIN 2
168 #define NAT_ENCAPOUT 3
169 #define NAT_DIVERTIN 4
170 #define NAT_DIVERTOUT 5
173 * Definitions for nat_flags
175 #define NAT_TCP 0x0001 /* IPN_TCP */
176 #define NAT_UDP 0x0002 /* IPN_UDP */
177 #define NAT_ICMPERR 0x0004 /* IPN_ICMPERR */
178 #define NAT_ICMPQUERY 0x0008 /* IPN_ICMPQUERY */
179 #define NAT_SEARCH 0x0010
180 #define NAT_SLAVE 0x0020 /* Slave connection for a proxy */
181 #define NAT_NOTRULEPORT 0x0040 /* Don't use the port # in the NAT rule */
183 #define NAT_TCPUDP (NAT_TCP|NAT_UDP)
184 #define NAT_TCPUDPICMP (NAT_TCP|NAT_UDP|NAT_ICMPERR)
185 #define NAT_TCPUDPICMPQ (NAT_TCP|NAT_UDP|NAT_ICMPQUERY)
186 #define NAT_FROMRULE (NAT_TCP|NAT_UDP)
188 /* 0x0100 reserved for FI_W_SPORT */
189 /* 0x0200 reserved for FI_W_DPORT */
190 /* 0x0400 reserved for FI_W_SADDR */
191 /* 0x0800 reserved for FI_W_DADDR */
192 /* 0x1000 reserved for FI_W_NEWFR */
193 /* 0x2000 reserved for SI_CLONE */
194 /* 0x4000 reserved for SI_CLONED */
195 /* 0x8000 reserved for SI_IGNOREPKT */
197 #define NAT_DEBUG 0x800000
199 typedef struct nat_addr_s {
201 i6addr_t na_nextaddr;
206 #define na_nextip na_nextaddr.in4.s_addr
207 #define na_nextip6 na_nextaddr.in6
208 #define na_num na_addr[0].iplookupnum
209 #define na_type na_addr[0].iplookuptype
210 #define na_subtype na_addr[0].iplookupsubtype
211 #define na_ptr na_addr[1].iplookupptr
212 #define na_func na_addr[1].iplookupfunc
216 * This structure represents an actual NAT rule, loaded by ipnat.
218 typedef struct ipnat {
220 struct ipnat *in_next; /* NAT rule list next */
221 struct ipnat **in_pnext; /* prior rdr next ptr */
222 struct ipnat *in_rnext; /* rdr rule hash next */
223 struct ipnat **in_prnext; /* prior rdr next ptr */
224 struct ipnat *in_mnext; /* map rule hash next */
225 struct ipnat **in_pmnext; /* prior map next ptr */
226 struct ipftq *in_tqehead[2];
233 U_QUAD_T in_bytes[2];
239 int in_flineno; /* conf. file line number */
244 /* From here to the end is covered by IPN_CMPSIZ */
245 u_char in_v[2]; /* 0 = old, 1 = new */
247 u_32_t in_mssclamp; /* if != 0 clamp MSS to this */
249 int in_redir; /* see below for values */
250 int in_pr[2]; /* protocol. */
256 u_short in_ppip; /* ports per IP. */
257 u_short in_ippip; /* IP #'s per IP# */
258 u_short in_ndports[2];
259 u_short in_nsports[2];
261 int in_plabel; /* proxy label. */
262 int in_pconfig; /* proxy label. */
269 * MAP-IN MAP-OUT RDR-IN RDR-OUT
270 * osrc X == src == src X
271 * odst X == dst == dst X
272 * nsrc == dst X X == dst
273 * ndst == src X X == src
275 #define in_dpmin in_ndports[0] /* Also holds static redir port */
276 #define in_dpmax in_ndports[1]
277 #define in_spmin in_nsports[0] /* Also holds static redir port */
278 #define in_spmax in_nsports[1]
279 #define in_ndport in_ndports[0]
280 #define in_nsport in_nsports[0]
281 #define in_dipnext in_ndst.na_nextaddr.in4
282 #define in_dipnext6 in_ndst.na_nextaddr
283 #define in_dnip in_ndst.na_nextaddr.in4.s_addr
284 #define in_dnip6 in_ndst.na_nextaddr
285 #define in_sipnext in_nsrc.na_nextaddr.in4
286 #define in_snip in_nsrc.na_nextaddr.in4.s_addr
287 #define in_snip6 in_nsrc.na_nextaddr
288 #define in_odstip in_odst.na_addr[0].in4
289 #define in_odstip6 in_odst.na_addr[0]
290 #define in_odstaddr in_odst.na_addr[0].in4.s_addr
291 #define in_odstmsk in_odst.na_addr[1].in4.s_addr
292 #define in_odstmsk6 in_odst.na_addr[1]
293 #define in_odstatype in_odst.na_atype
294 #define in_osrcip in_osrc.na_addr[0].in4
295 #define in_osrcip6 in_osrc.na_addr[0]
296 #define in_osrcaddr in_osrc.na_addr[0].in4.s_addr
297 #define in_osrcmsk in_osrc.na_addr[1].in4.s_addr
298 #define in_osrcmsk6 in_osrc.na_addr[1]
299 #define in_osrcatype in_osrc.na_atype
300 #define in_ndstip in_ndst.na_addr[0].in4
301 #define in_ndstip6 in_ndst.na_addr[0]
302 #define in_ndstaddr in_ndst.na_addr[0].in4.s_addr
303 #define in_ndstmsk in_ndst.na_addr[1].in4.s_addr
304 #define in_ndstmsk6 in_ndst.na_addr[1]
305 #define in_ndstatype in_ndst.na_atype
306 #define in_ndstafunc in_ndst.na_function
307 #define in_nsrcip in_nsrc.na_addr[0].in4
308 #define in_nsrcip6 in_nsrc.na_addr[0]
309 #define in_nsrcaddr in_nsrc.na_addr[0].in4.s_addr
310 #define in_nsrcmsk in_nsrc.na_addr[1].in4.s_addr
311 #define in_nsrcmsk6 in_nsrc.na_addr[1]
312 #define in_nsrcatype in_nsrc.na_atype
313 #define in_nsrcafunc in_nsrc.na_function
314 #define in_scmp in_tuc.ftu_scmp
315 #define in_dcmp in_tuc.ftu_dcmp
316 #define in_stop in_tuc.ftu_stop
317 #define in_dtop in_tuc.ftu_dtop
318 #define in_osport in_tuc.ftu_sport
319 #define in_odport in_tuc.ftu_dport
320 #define in_ndstnum in_ndst.na_addr[0].iplookupnum
321 #define in_ndsttype in_ndst.na_addr[0].iplookuptype
322 #define in_ndstptr in_ndst.na_addr[1].iplookupptr
323 #define in_ndstfunc in_ndst.na_addr[1].iplookupfunc
324 #define in_nsrcnum in_nsrc.na_addr[0].iplookupnum
325 #define in_nsrctype in_nsrc.na_addr[0].iplookuptype
326 #define in_nsrcptr in_nsrc.na_addr[1].iplookupptr
327 #define in_nsrcfunc in_nsrc.na_addr[1].iplookupfunc
328 #define in_odstnum in_odst.na_addr[0].iplookupnum
329 #define in_odsttype in_odst.na_addr[0].iplookuptype
330 #define in_odstptr in_odst.na_addr[1].iplookupptr
331 #define in_odstfunc in_odst.na_addr[1].iplookupfunc
332 #define in_osrcnum in_osrc.na_addr[0].iplookupnum
333 #define in_osrctype in_osrc.na_addr[0].iplookuptype
334 #define in_osrcptr in_osrc.na_addr[1].iplookupptr
335 #define in_osrcfunc in_osrc.na_addr[1].iplookupfunc
336 #define in_icmpidmin in_nsports[0]
337 #define in_icmpidmax in_nsports[1]
340 * Bit definitions for in_flags
342 #define IPN_ANY 0x00000
343 #define IPN_TCP 0x00001
344 #define IPN_UDP 0x00002
345 #define IPN_TCPUDP (IPN_TCP|IPN_UDP)
346 #define IPN_ICMPERR 0x00004
347 #define IPN_TCPUDPICMP (IPN_TCP|IPN_UDP|IPN_ICMPERR)
348 #define IPN_ICMPQUERY 0x00008
349 #define IPN_TCPUDPICMPQ (IPN_TCP|IPN_UDP|IPN_ICMPQUERY)
350 #define IPN_RF (IPN_TCPUDP|IPN_DELETE|IPN_ICMPERR)
351 #define IPN_AUTOPORTMAP 0x00010
352 #define IPN_FILTER 0x00020
353 #define IPN_SPLIT 0x00040
354 #define IPN_ROUNDR 0x00080
355 #define IPN_SIPRANGE 0x00100
356 #define IPN_DIPRANGE 0x00200
357 #define IPN_NOTSRC 0x00400
358 #define IPN_NOTDST 0x00800
359 #define IPN_NO 0x01000
360 #define IPN_DYNSRCIP 0x02000 /* dynamic src IP# */
361 #define IPN_DYNDSTIP 0x04000 /* dynamic dst IP# */
362 #define IPN_DELETE 0x08000
363 #define IPN_STICKY 0x10000
364 #define IPN_FRAG 0x20000
365 #define IPN_FIXEDSPORT 0x40000
366 #define IPN_FIXEDDPORT 0x80000
367 #define IPN_FINDFORWARD 0x100000
368 #define IPN_IN 0x200000
369 #define IPN_SEQUENTIAL 0x400000
370 #define IPN_PURGE 0x800000
371 #define IPN_PROXYRULE 0x1000000
372 #define IPN_USERFLAGS (IPN_TCPUDP|IPN_AUTOPORTMAP|IPN_SIPRANGE|IPN_SPLIT|\
373 IPN_ROUNDR|IPN_FILTER|IPN_NOTSRC|IPN_NOTDST|IPN_NO|\
374 IPN_FRAG|IPN_STICKY|IPN_FIXEDDPORT|IPN_ICMPQUERY|\
375 IPN_DIPRANGE|IPN_SEQUENTIAL|IPN_PURGE)
378 * Values for in_redir
381 #define NAT_REDIRECT 0x02
382 #define NAT_BIMAP (NAT_MAP|NAT_REDIRECT)
383 #define NAT_MAPBLK 0x04
384 #define NAT_REWRITE 0x08
385 #define NAT_ENCAP 0x10
386 #define NAT_DIVERTUDP 0x20
388 #define MAPBLK_MINPORT 1024 /* don't use reserved ports for src port */
389 #define USABLE_PORTS (65536 - MAPBLK_MINPORT)
391 #define IPN_CMPSIZ (sizeof(ipnat_t) - offsetof(ipnat_t, in_v))
393 typedef struct natlookup {
394 i6addr_t nl_inipaddr;
395 i6addr_t nl_outipaddr;
396 i6addr_t nl_realipaddr;
404 #define nl_inip nl_inipaddr.in4
405 #define nl_outip nl_outipaddr.in4
406 #define nl_realip nl_realipaddr.in4
407 #define nl_inip6 nl_inipaddr.in6
408 #define nl_outip6 nl_outipaddr.in6
409 #define nl_realip6 nl_realipaddr.in6
412 typedef struct nat_save {
415 struct ipnat ipn_ipnat;
416 struct frentry ipn_fr;
421 #define ipn_rule ipn_nat.nat_fr
423 typedef struct natget {
430 * This structure gets used to help NAT sessions keep the same NAT rule (and
431 * thus translation for IP address) when:
432 * (a) round-robin redirects are in use
433 * (b) different IP add
435 typedef struct hostmap {
436 struct hostmap *hm_hnext;
437 struct hostmap **hm_phnext;
438 struct hostmap *hm_next;
439 struct hostmap **hm_pnext;
440 struct ipnat *hm_ipnat;
451 #define hm_osrcip hm_osrcip6.in4
452 #define hm_odstip hm_odstip6.in4
453 #define hm_nsrcip hm_nsrcip6.in4
454 #define hm_ndstip hm_ndstip6.in4
455 #define hm_osrc6 hm_osrcip6.in6
456 #define hm_odst6 hm_odstip6.in6
457 #define hm_nsrc6 hm_nsrcip6.in6
458 #define hm_ndst6 hm_ndstip6.in6
462 * Structure used to pass information in to nat_newmap and nat_newrdr.
464 typedef struct natinfo {
468 struct in_addr nai_ip; /* In host byte order */
476 typedef struct nat_stat_side {
483 u_long ns_badnextaddr;
484 u_long ns_bucket_max;
485 u_long ns_clone_nomem;
487 u_long ns_decap_fail;
488 u_long ns_decap_pullup;
489 u_long ns_divert_dup;
490 u_long ns_divert_exist;
493 u_long ns_encap_pullup;
495 u_long ns_icmp_address;
496 u_long ns_icmp_basic;
498 u_long ns_icmp_notfound;
499 u_long ns_icmp_rebuild;
500 u_long ns_icmp_short;
502 u_long ns_ifpaddrfail;
504 u_long ns_insert_fail;
507 u_long ns_lookup_miss;
508 u_long ns_lookup_nowild;
509 u_long ns_new_ifpaddr;
512 u_long ns_translated;
513 u_long ns_unfinalised;
515 u_long ns_xlate_null;
516 u_long ns_xlate_exists;
517 u_long ns_ipf_proxy_fail;
518 u_long ns_uncreate[2];
522 typedef struct natstat {
525 hostmap_t *ns_maplist;
526 hostmap_t **ns_maptable;
529 u_long ns_divert_build;
532 u_long ns_flush_closing;
533 u_long ns_flush_queue;
534 u_long ns_flush_state;
535 u_long ns_flush_timeout;
537 u_long ns_hm_newfail;
554 u_long ns_proto[256];
555 nat_stat_side_t ns_side[2];
557 nat_stat_side_t ns_side6[2];
561 typedef struct natlog {
574 U_QUAD_T nl_bytes[2];
577 u_char nl_ifnames[2][LIFNAMSIZ];
583 #define NL_PURGE 0xfffc
584 #define NL_DESTROY 0xfffd
585 #define NL_FLUSH 0xfffe
586 #define NL_EXPIRE 0xffff
588 #define NAT_HASH_FN(_k,_l,_m) (((_k) + ((_k) >> 12) + _l) % (_m))
589 #define NAT_HASH_FN6(_k,_l,_m) ((((u_32_t *)(_k))[3] \
590 + (((u_32_t *)(_k))[3] >> 12) \
591 + (((u_32_t *)(_k))[2]) \
592 + (((u_32_t *)(_k))[2] >> 12) \
593 + (((u_32_t *)(_k))[1]) \
594 + (((u_32_t *)(_k))[1] >> 12) \
595 + (((u_32_t *)(_k))[0]) \
596 + (((u_32_t *)(_k))[0] >> 12) \
599 #define LONG_SUM(_i) (((_i) & 0xffff) + ((_i) >> 16))
600 #define LONG_SUM6(_i) (LONG_SUM(ntohl(((u_32_t *)(_i))[0])) + \
601 LONG_SUM(ntohl(((u_32_t *)(_i))[1])) + \
602 LONG_SUM(ntohl(((u_32_t *)(_i))[2])) + \
603 LONG_SUM(ntohl(((u_32_t *)(_i))[3])))
605 #define CALC_SUMD(s1, s2, sd) { \
606 (s1) = ((s1) & 0xffff) + ((s1) >> 16); \
607 (s2) = ((s2) & 0xffff) + ((s2) >> 16); \
609 (s1) = ((s1) & 0xffff) + ((s1) >> 16); \
610 (s2) = ((s2) & 0xffff) + ((s2) >> 16); \
611 /* Because ~1 == -2, We really need ~1 == -1 */ \
612 if ((s1) > (s2)) (s2)--; \
613 (sd) = (s2) - (s1); \
614 (sd) = ((sd) & 0xffff) + ((sd) >> 16); }
616 #define NAT_SYSSPACE 0x80000000
617 #define NAT_LOCKHELD 0x40000000
620 * This is present in ip_nat.h because it needs to be shared between
621 * ip_nat.c and ip_nat6.c
623 typedef struct ipf_nat_softc_s {
624 ipfmutex_t ipf_nat_new;
625 ipfmutex_t ipf_nat_io;
630 int ipf_nat_table_wm_high;
631 int ipf_nat_table_wm_low;
632 u_int ipf_nat_table_max;
633 u_int ipf_nat_table_sz;
634 u_int ipf_nat_maprules_sz;
635 u_int ipf_nat_rdrrules_sz;
636 u_int ipf_nat_hostmap_sz;
637 u_int ipf_nat_maxbucket;
638 u_int ipf_nat_last_force_flush;
639 u_int ipf_nat_defage;
640 u_int ipf_nat_defipage;
641 u_int ipf_nat_deficmpage;
642 ipf_v4_masktab_t ipf_nat_map_mask;
643 ipf_v6_masktab_t ipf_nat6_map_mask;
644 ipf_v4_masktab_t ipf_nat_rdr_mask;
645 ipf_v6_masktab_t ipf_nat6_rdr_mask;
646 nat_t **ipf_nat_table[2];
647 nat_t *ipf_nat_instances;
648 ipnat_t *ipf_nat_list;
649 ipnat_t **ipf_nat_list_tail;
650 ipnat_t **ipf_nat_map_rules;
651 ipnat_t **ipf_nat_rdr_rules;
652 ipftq_t *ipf_nat_utqe;
653 hostmap_t **ipf_hm_maptable ;
654 hostmap_t *ipf_hm_maplist ;
655 ipftuneable_t *ipf_nat_tune;
656 ipftq_t ipf_nat_udptq;
657 ipftq_t ipf_nat_udpacktq;
658 ipftq_t ipf_nat_icmptq;
659 ipftq_t ipf_nat_icmpacktq;
660 ipftq_t ipf_nat_iptq;
661 ipftq_t ipf_nat_pending;
662 ipftq_t ipf_nat_tcptq[IPF_TCP_NSTATES];
663 natstat_t ipf_nat_stats;
666 #define ipf_nat_map_max ipf_nat_map_mask.imt4_max
667 #define ipf_nat_rdr_max ipf_nat_rdr_mask.imt4_max
668 #define ipf_nat6_map_max ipf_nat6_map_mask.imt6_max
669 #define ipf_nat6_rdr_max ipf_nat6_rdr_mask.imt6_max
670 #define ipf_nat_map_active_masks ipf_nat_map_mask.imt4_active
671 #define ipf_nat_rdr_active_masks ipf_nat_rdr_mask.imt4_active
672 #define ipf_nat6_map_active_masks ipf_nat6_map_mask.imt6_active
673 #define ipf_nat6_rdr_active_masks ipf_nat6_rdr_mask.imt6_active
675 extern frentry_t ipfnatblock;
677 extern void ipf_fix_datacksum __P((u_short *, u_32_t));
678 extern void ipf_fix_incksum __P((int, u_short *, u_32_t, u_32_t));
679 extern void ipf_fix_outcksum __P((int, u_short *, u_32_t, u_32_t));
681 extern int ipf_nat_checkin __P((fr_info_t *, u_32_t *));
682 extern int ipf_nat_checkout __P((fr_info_t *, u_32_t *));
683 extern void ipf_nat_delete __P((ipf_main_softc_t *, struct nat *, int));
684 extern void ipf_nat_deref __P((ipf_main_softc_t *, nat_t **));
685 extern void ipf_nat_expire __P((ipf_main_softc_t *));
686 extern int ipf_nat_hashtab_add __P((ipf_main_softc_t *,
687 ipf_nat_softc_t *, nat_t *));
688 extern void ipf_nat_hostmapdel __P((ipf_main_softc_t *, hostmap_t **));
689 extern int ipf_nat_hostmap_rehash __P((ipf_main_softc_t *,
690 ipftuneable_t *, ipftuneval_t *));
691 extern nat_t *ipf_nat_icmperrorlookup __P((fr_info_t *, int));
692 extern nat_t *ipf_nat_icmperror __P((fr_info_t *, u_int *, int));
693 #if defined(__OpenBSD__)
694 extern void ipf_nat_ifdetach __P((void *));
696 extern int ipf_nat_init __P((void));
697 extern nat_t *ipf_nat_inlookup __P((fr_info_t *, u_int, u_int,
698 struct in_addr, struct in_addr));
699 extern int ipf_nat_in __P((fr_info_t *, nat_t *, int, u_32_t));
700 extern int ipf_nat_insert __P((ipf_main_softc_t *, ipf_nat_softc_t *,
702 extern int ipf_nat_ioctl __P((ipf_main_softc_t *, caddr_t, ioctlcmd_t,
704 extern void ipf_nat_log __P((ipf_main_softc_t *, ipf_nat_softc_t *,
705 struct nat *, u_int));
706 extern nat_t *ipf_nat_lookupredir __P((natlookup_t *));
707 extern nat_t *ipf_nat_maplookup __P((void *, u_int, struct in_addr,
709 extern nat_t *ipf_nat_add __P((fr_info_t *, ipnat_t *, nat_t **,
711 extern int ipf_nat_out __P((fr_info_t *, nat_t *, int, u_32_t));
712 extern nat_t *ipf_nat_outlookup __P((fr_info_t *, u_int, u_int,
713 struct in_addr, struct in_addr));
714 extern u_short *ipf_nat_proto __P((fr_info_t *, nat_t *, u_int));
715 extern void ipf_nat_rule_deref __P((ipf_main_softc_t *, ipnat_t **));
716 extern void ipf_nat_setqueue __P((ipf_main_softc_t *, ipf_nat_softc_t *,
718 extern void ipf_nat_setpending __P((ipf_main_softc_t *, nat_t *));
719 extern nat_t *ipf_nat_tnlookup __P((fr_info_t *, int));
720 extern void ipf_nat_update __P((fr_info_t *, nat_t *));
721 extern int ipf_nat_rehash __P((ipf_main_softc_t *, ipftuneable_t *,
723 extern int ipf_nat_rehash_rules __P((ipf_main_softc_t *, ipftuneable_t *,
725 extern int ipf_nat_settimeout __P((struct ipf_main_softc_s *,
726 ipftuneable_t *, ipftuneval_t *));
727 extern void ipf_nat_sync __P((ipf_main_softc_t *, void *));
729 extern nat_t *ipf_nat_clone __P((fr_info_t *, nat_t *));
730 extern void ipf_nat_delmap __P((ipf_nat_softc_t *, ipnat_t *));
731 extern void ipf_nat_delrdr __P((ipf_nat_softc_t *, ipnat_t *));
732 extern int ipf_nat_wildok __P((nat_t *, int, int, int, int));
733 extern void ipf_nat_setlock __P((void *, int));
734 extern void ipf_nat_load __P((void));
735 extern void *ipf_nat_soft_create __P((ipf_main_softc_t *));
736 extern int ipf_nat_soft_init __P((ipf_main_softc_t *, void *));
737 extern void ipf_nat_soft_destroy __P((ipf_main_softc_t *, void *));
738 extern int ipf_nat_soft_fini __P((ipf_main_softc_t *, void *));
739 extern int ipf_nat_main_load __P((void));
740 extern int ipf_nat_main_unload __P((void));
741 extern ipftq_t *ipf_nat_add_tq __P((ipf_main_softc_t *, int));
742 extern void ipf_nat_uncreate __P((fr_info_t *));
745 extern nat_t *ipf_nat6_add __P((fr_info_t *, ipnat_t *, nat_t **,
747 extern void ipf_nat6_addrdr __P((ipf_nat_softc_t *, ipnat_t *));
748 extern void ipf_nat6_addmap __P((ipf_nat_softc_t *, ipnat_t *));
749 extern void ipf_nat6_addencap __P((ipf_nat_softc_t *, ipnat_t *));
750 extern int ipf_nat6_checkout __P((fr_info_t *, u_32_t *));
751 extern int ipf_nat6_checkin __P((fr_info_t *, u_32_t *));
752 extern void ipf_nat6_delmap __P((ipf_nat_softc_t *, ipnat_t *));
753 extern void ipf_nat6_delrdr __P((ipf_nat_softc_t *, ipnat_t *));
754 extern int ipf_nat6_finalise __P((fr_info_t *, nat_t *));
755 extern nat_t *ipf_nat6_icmperror __P((fr_info_t *, u_int *, int));
756 extern nat_t *ipf_nat6_icmperrorlookup __P((fr_info_t *, int));
757 extern nat_t *ipf_nat6_inlookup __P((fr_info_t *, u_int, u_int,
758 struct in6_addr *, struct in6_addr *));
759 extern u_32_t ipf_nat6_ip6subtract __P((i6addr_t *, i6addr_t *));
760 extern frentry_t *ipf_nat6_ipfin __P((fr_info_t *, u_32_t *));
761 extern frentry_t *ipf_nat6_ipfout __P((fr_info_t *, u_32_t *));
762 extern nat_t *ipf_nat6_lookupredir __P((natlookup_t *));
763 extern int ipf_nat6_newmap __P((fr_info_t *, nat_t *, natinfo_t *));
764 extern int ipf_nat6_newrdr __P((fr_info_t *, nat_t *, natinfo_t *));
765 extern nat_t *ipf_nat6_outlookup __P((fr_info_t *, u_int, u_int,
766 struct in6_addr *, struct in6_addr *));
767 extern int ipf_nat6_newrewrite __P((fr_info_t *, nat_t *, natinfo_t *));
768 extern int ipf_nat6_newdivert __P((fr_info_t *, nat_t *, natinfo_t *));
769 extern int ipf_nat6_ruleaddrinit __P((ipf_main_softc_t *, ipf_nat_softc_t *, ipnat_t *));
774 #endif /* __IP_NAT_H__ */
projects / FreeBSD / releng / 10.2.git / blob