ip_nat.h revision ab073b324433ebc8947d28ade932d29d0e809795
/*
* Copyright (C) 1995-2001, 2003 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ip_nat.h 1.5 2/4/96
* $Id: ip_nat.h,v 2.90.2.11 2005/06/18 02:41:32 darrenr Exp $
*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#ifndef __IP_NAT_H__
#define __IP_NAT_H__
#ifndef SOLARIS
#endif
#else
#endif
* hundreds or thousands. In such a case, you should
* also change the RDR_SIZE and NAT_SIZE below to more
* appropriate sizes. The figures below were used for
* a setup with 1000-2000 networks to NAT.
*/
#ifndef NAT_SIZE
# ifdef LARGE_NAT
# define NAT_SIZE 2047
# else
# define NAT_SIZE 127
# endif
#endif
#ifndef RDR_SIZE
# ifdef LARGE_NAT
# define RDR_SIZE 2047
# else
# define RDR_SIZE 127
# endif
#endif
#ifndef HOSTMAP_SIZE
# ifdef LARGE_NAT
# define HOSTMAP_SIZE 8191
# else
# define HOSTMAP_SIZE 2047
# endif
#endif
#ifndef NAT_TABLE_MAX
/*
* This is newly introduced and for the sake of "least surprise", the numbers
* present aren't what we'd normally use for creating a proper hash table.
*/
# ifdef LARGE_NAT
# define NAT_TABLE_MAX 180000
# else
# define NAT_TABLE_MAX 30000
# endif
#endif
#ifndef NAT_TABLE_SZ
# ifdef LARGE_NAT
# define NAT_TABLE_SZ 16383
# else
# define NAT_TABLE_SZ 2047
# endif
#endif
#ifndef APR_LABELLEN
#define APR_LABELLEN 16
#endif
/*
* Default hi and lo watermarks used with forced flush of nat table.
*/
#define NAT_FLUSH_HI 95
#define NAT_FLUSH_LO 75
/* How full is the nat table? */
/ (x)->ifs_ipf_nattable_max)
struct ipstate;
struct ap_session;
typedef struct nat {
void *nat_data;
void *nat_ifps[2];
void *nat_sync;
union {
} nat_un;
int nat_dir;
int nat_ref; /* reference count */
int nat_hv[2];
int nat_rev; /* 0 = forward, 1 = reverse */
int nat_v;
int nat_redir; /* copy of in_redir */
} nat_t;
/*
* Values for nat_dir
*/
#define NAT_INBOUND 0
#define NAT_OUTBOUND 1
/*
* Definitions for nat_flags
*/
#define NAT_SEARCH 0x0010
#define NAT_NOTRULEPORT 0x0040
/* 0x0100 reserved for FI_W_SPORT */
/* 0x0200 reserved for FI_W_DPORT */
/* 0x0400 reserved for FI_W_SADDR */
/* 0x0800 reserved for FI_W_DADDR */
/* 0x1000 reserved for FI_W_NEWFR */
/* 0x2000 reserved for SI_CLONE */
/* 0x4000 reserved for SI_CLONED */
/* 0x8000 reserved for SI_IGNOREPKT */
#define NAT_DEBUG 0x800000
typedef struct ipnat {
void *in_ifps[2];
void *in_apr;
char *in_comment;
int in_flineno; /* conf. file line number */
/* From here to the end is covered by IPN_CMPSIZ */
int in_redir; /* see below for values */
int in_p; /* protocol. */
} ipnat_t;
/*
* Bit definitions for in_flags
*/
#define IPN_ANY 0x00000
#define IPN_TCP 0x00001
#define IPN_UDP 0x00002
#define IPN_ICMPERR 0x00004
#define IPN_ICMPQUERY 0x00008
#define IPN_AUTOPORTMAP 0x00010
#define IPN_IPRANGE 0x00020
#define IPN_FILTER 0x00040
#define IPN_SPLIT 0x00080
#define IPN_ROUNDR 0x00100
#define IPN_NOTSRC 0x04000
#define IPN_NOTDST 0x08000
#define IPN_DELETE 0x40000
#define IPN_STICKY 0x80000
#define IPN_FRAG 0x100000
#define IPN_FIXEDDPORT 0x200000
#define IPN_FINDFORWARD 0x400000
#define IPN_IN 0x800000
#define IPN_SEQUENTIAL 0x1000000
/*
* Values for in_redir
*/
#define NAT_MAP 0x01
#define NAT_REDIRECT 0x02
#define NAT_MAPBLK 0x04
typedef struct natlookup {
int nl_v;
int nl_flags;
} natlookup_t;
typedef struct nat_save {
void *ipn_next;
int ipn_dsize;
char ipn_data[4];
} nat_save_t;
typedef struct natget {
void *ng_ptr;
int ng_sz;
} natget_t;
typedef struct nattrpnt {
int tr_expire;
} nattrpnt_t;
/*
* This structure gets used to help NAT sessions keep the same NAT rule (and
* thus translation for IP address) when:
* (a) round-robin redirects are in use
* (b) different IP add
*/
typedef struct hostmap {
int hm_ref;
int hm_v;
} hostmap_t;
/*
* Structure used to pass information in to nat_newmap and nat_newrdr.
*/
typedef struct natinfo {
} natinfo_t;
typedef struct natstat {
void *ns_apslist;
} natstat_t;
typedef struct natlog {
int nlg_rule;
int nlg_v;
} natlog_t;
#define NL_NEWRDR NAT_REDIRECT
#define NL_NEWBIMAP NAT_BIMAP
#define NL_NEWBLOCK NAT_MAPBLK
#define NL_CLONE 0xfffd
#define NL_FLUSH 0xfffe
#define NL_EXPIRE 0xffff
#define NAT_HASH_FN(k, l, m) (((k) + ((k) >> 12) + l) % (m))
+ (((u_32_t *)(k))[2]) \
+ (((u_32_t *)(k))[1]) \
+ (((u_32_t *)(k))[0]) \
+ (((u_32_t *)(k))[0] >> 12) \
+ l) % (m))
/* Do it twice */ \
/* Because ~1 == -2, We really need ~1 == -1 */ \
#define NAT_SYSSPACE 0x80000000
#define NAT_LOCKHELD 0x40000000
#if defined(__OpenBSD__)
#endif
struct in_addr));
struct in_addr));
struct in_addr));
#ifdef USE_INET6
#endif
#endif /* __IP_NAT_H__ */