Details | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 423 | giacomo | 1 | #ifndef _IP_NAT_H |
| 2 | #define _IP_NAT_H |
||
| 3 | #include <linux/netfilter_ipv4.h> |
||
| 4 | #include <linux/netfilter_ipv4/ip_conntrack_tuple.h> |
||
| 5 | |||
| 6 | #define IP_NAT_MAPPING_TYPE_MAX_NAMELEN 16 |
||
| 7 | |||
| 8 | enum ip_nat_manip_type |
||
| 9 | { |
||
| 10 | IP_NAT_MANIP_SRC, |
||
| 11 | IP_NAT_MANIP_DST |
||
| 12 | }; |
||
| 13 | |||
| 14 | #ifndef CONFIG_IP_NF_NAT_LOCAL |
||
| 15 | /* SRC manip occurs only on POST_ROUTING */ |
||
| 16 | #define HOOK2MANIP(hooknum) ((hooknum) != NF_IP_POST_ROUTING) |
||
| 17 | #else |
||
| 18 | /* SRC manip occurs POST_ROUTING or LOCAL_IN */ |
||
| 19 | #define HOOK2MANIP(hooknum) ((hooknum) != NF_IP_POST_ROUTING && (hooknum) != NF_IP_LOCAL_IN) |
||
| 20 | #endif |
||
| 21 | |||
| 22 | #define IP_NAT_RANGE_MAP_IPS 1 |
||
| 23 | #define IP_NAT_RANGE_PROTO_SPECIFIED 2 |
||
| 24 | /* Used internally by get_unique_tuple(). */ |
||
| 25 | #define IP_NAT_RANGE_FULL 4 |
||
| 26 | |||
| 27 | /* NAT sequence number modifications */ |
||
| 28 | struct ip_nat_seq { |
||
| 29 | /* position of the last TCP sequence number |
||
| 30 | * modification (if any) */ |
||
| 31 | u_int32_t correction_pos; |
||
| 32 | /* sequence number offset before and after last modification */ |
||
| 33 | int32_t offset_before, offset_after; |
||
| 34 | }; |
||
| 35 | |||
| 36 | /* Single range specification. */ |
||
| 37 | struct ip_nat_range |
||
| 38 | { |
||
| 39 | /* Set to OR of flags above. */ |
||
| 40 | unsigned int flags; |
||
| 41 | |||
| 42 | /* Inclusive: network order. */ |
||
| 43 | u_int32_t min_ip, max_ip; |
||
| 44 | |||
| 45 | /* Inclusive: network order */ |
||
| 46 | union ip_conntrack_manip_proto min, max; |
||
| 47 | }; |
||
| 48 | |||
| 49 | /* A range consists of an array of 1 or more ip_nat_range */ |
||
| 50 | struct ip_nat_multi_range |
||
| 51 | { |
||
| 52 | unsigned int rangesize; |
||
| 53 | |||
| 54 | /* hangs off end. */ |
||
| 55 | struct ip_nat_range range[1]; |
||
| 56 | }; |
||
| 57 | |||
| 58 | /* Worst case: local-out manip + 1 post-routing, and reverse dirn. */ |
||
| 59 | #define IP_NAT_MAX_MANIPS (2*3) |
||
| 60 | |||
| 61 | struct ip_nat_info_manip |
||
| 62 | { |
||
| 63 | /* The direction. */ |
||
| 64 | u_int8_t direction; |
||
| 65 | |||
| 66 | /* Which hook the manipulation happens on. */ |
||
| 67 | u_int8_t hooknum; |
||
| 68 | |||
| 69 | /* The manipulation type. */ |
||
| 70 | u_int8_t maniptype; |
||
| 71 | |||
| 72 | /* Manipulations to occur at each conntrack in this dirn. */ |
||
| 73 | struct ip_conntrack_manip manip; |
||
| 74 | }; |
||
| 75 | |||
| 76 | #ifdef __KERNEL__ |
||
| 77 | #include <linux/list.h> |
||
| 78 | #include <linux/netfilter_ipv4/lockhelp.h> |
||
| 79 | |||
| 80 | /* Protects NAT hash tables, and NAT-private part of conntracks. */ |
||
| 81 | DECLARE_RWLOCK_EXTERN(ip_nat_lock); |
||
| 82 | |||
| 83 | /* Hashes for by-source and IP/protocol. */ |
||
| 84 | struct ip_nat_hash |
||
| 85 | { |
||
| 86 | struct list_head list; |
||
| 87 | |||
| 88 | /* conntrack we're embedded in: NULL if not in hash. */ |
||
| 89 | struct ip_conntrack *conntrack; |
||
| 90 | }; |
||
| 91 | |||
| 92 | /* The structure embedded in the conntrack structure. */ |
||
| 93 | struct ip_nat_info |
||
| 94 | { |
||
| 95 | /* Set to zero when conntrack created: bitmask of maniptypes */ |
||
| 96 | int initialized; |
||
| 97 | |||
| 98 | unsigned int num_manips; |
||
| 99 | |||
| 100 | /* Manipulations to be done on this conntrack. */ |
||
| 101 | struct ip_nat_info_manip manips[IP_NAT_MAX_MANIPS]; |
||
| 102 | |||
| 103 | /* The mapping type which created us (NULL for null mapping). */ |
||
| 104 | const struct ip_nat_mapping_type *mtype; |
||
| 105 | |||
| 106 | struct ip_nat_hash bysource, byipsproto; |
||
| 107 | |||
| 108 | /* Helper (NULL if none). */ |
||
| 109 | struct ip_nat_helper *helper; |
||
| 110 | |||
| 111 | struct ip_nat_seq seq[IP_CT_DIR_MAX]; |
||
| 112 | }; |
||
| 113 | |||
| 114 | /* Set up the info structure to map into this range. */ |
||
| 115 | extern unsigned int ip_nat_setup_info(struct ip_conntrack *conntrack, |
||
| 116 | const struct ip_nat_multi_range *mr, |
||
| 117 | unsigned int hooknum); |
||
| 118 | |||
| 119 | /* Is this tuple already taken? (not by us)*/ |
||
| 120 | extern int ip_nat_used_tuple(const struct ip_conntrack_tuple *tuple, |
||
| 121 | const struct ip_conntrack *ignored_conntrack); |
||
| 122 | |||
| 123 | /* Calculate relative checksum. */ |
||
| 124 | extern u_int16_t ip_nat_cheat_check(u_int32_t oldvalinv, |
||
| 125 | u_int32_t newval, |
||
| 126 | u_int16_t oldcheck); |
||
| 127 | #endif /*__KERNEL__*/ |
||
| 128 | #endif |