• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 #ifndef _IP_NAT_H
2 #define _IP_NAT_H
3 #include <linux/netfilter_ipv4.h>
4 #include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
5 
6 #define IP_NAT_MAPPING_TYPE_MAX_NAMELEN 16
7 
8 enum ip_nat_manip_type
9 {
10 	IP_NAT_MANIP_SRC,
11 	IP_NAT_MANIP_DST
12 };
13 
14 /* SRC manip occurs POST_ROUTING or LOCAL_IN */
15 #define HOOK2MANIP(hooknum) ((hooknum) != NF_IP_POST_ROUTING && (hooknum) != NF_IP_LOCAL_IN)
16 
17 #define IP_NAT_RANGE_MAP_IPS 1
18 #define IP_NAT_RANGE_PROTO_SPECIFIED 2
19 
20 /* NAT sequence number modifications */
21 struct ip_nat_seq {
22 	/* position of the last TCP sequence number
23 	 * modification (if any) */
24 	u_int32_t correction_pos;
25 	/* sequence number offset before and after last modification */
26 	int16_t offset_before, offset_after;
27 };
28 
29 /* Single range specification. */
30 struct ip_nat_range
31 {
32 	/* Set to OR of flags above. */
33 	unsigned int flags;
34 
35 	/* Inclusive: network order. */
36 	u_int32_t min_ip, max_ip;
37 
38 	/* Inclusive: network order */
39 	union ip_conntrack_manip_proto min, max;
40 };
41 
42 /* For backwards compat: don't use in modern code. */
43 struct ip_nat_multi_range_compat
44 {
45 	unsigned int rangesize; /* Must be 1. */
46 
47 	/* hangs off end. */
48 	struct ip_nat_range range[1];
49 };
50 
51 #ifdef __KERNEL__
52 #include <linux/list.h>
53 
54 /* Protects NAT hash tables, and NAT-private part of conntracks. */
55 extern rwlock_t ip_nat_lock;
56 
57 /* The structure embedded in the conntrack structure. */
58 struct ip_nat_info
59 {
60 	struct list_head bysource;
61 	struct ip_nat_seq seq[IP_CT_DIR_MAX];
62 };
63 
64 struct ip_conntrack;
65 
66 /* Set up the info structure to map into this range. */
67 extern unsigned int ip_nat_setup_info(struct ip_conntrack *conntrack,
68 				      const struct ip_nat_range *range,
69 				      unsigned int hooknum);
70 
71 /* Is this tuple already taken? (not by us)*/
72 extern int ip_nat_used_tuple(const struct ip_conntrack_tuple *tuple,
73 			     const struct ip_conntrack *ignored_conntrack);
74 
75 /* Calculate relative checksum. */
76 extern u_int16_t ip_nat_cheat_check(u_int32_t oldvalinv,
77 				    u_int32_t newval,
78 				    u_int16_t oldcheck);
79 #else  /* !__KERNEL__: iptables wants this to compile. */
80 #define ip_nat_multi_range ip_nat_multi_range_compat
81 #endif /*__KERNEL__*/
82 #endif
83