1c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#ifndef _IP_NAT_H 2c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define _IP_NAT_H 3c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#include <linux/netfilter_ipv4.h> 4c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#include <linux/netfilter_ipv4/ip_conntrack_tuple.h> 5c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 6c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define IP_NAT_MAPPING_TYPE_MAX_NAMELEN 16 7c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 8c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queruenum ip_nat_manip_type 9c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru{ 10c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru IP_NAT_MANIP_SRC, 11c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru IP_NAT_MANIP_DST 12c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru}; 13c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 14c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* SRC manip occurs POST_ROUTING or LOCAL_IN */ 15c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define HOOK2MANIP(hooknum) ((hooknum) != NF_IP_POST_ROUTING && (hooknum) != NF_IP_LOCAL_IN) 16c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 17c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define IP_NAT_RANGE_MAP_IPS 1 18c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define IP_NAT_RANGE_PROTO_SPECIFIED 2 19c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 20c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* NAT sequence number modifications */ 21c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Querustruct ip_nat_seq { 22c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* position of the last TCP sequence number 23c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru * modification (if any) */ 24c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru u_int32_t correction_pos; 25c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* sequence number offset before and after last modification */ 26c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru int16_t offset_before, offset_after; 27c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru}; 28c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 29c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Single range specification. */ 30c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Querustruct ip_nat_range 31c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru{ 32c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Set to OR of flags above. */ 33c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru unsigned int flags; 34c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 35c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Inclusive: network order. */ 36c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru u_int32_t min_ip, max_ip; 37c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 38c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* Inclusive: network order */ 39c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru union ip_conntrack_manip_proto min, max; 40c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru}; 41c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 42c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* For backwards compat: don't use in modern code. */ 43c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Querustruct ip_nat_multi_range_compat 44c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru{ 45c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru unsigned int rangesize; /* Must be 1. */ 46c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 47c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru /* hangs off end. */ 48c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru struct ip_nat_range range[1]; 49c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru}; 50c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 51c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#ifdef __KERNEL__ 52c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#include <linux/list.h> 53c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 54c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Protects NAT hash tables, and NAT-private part of conntracks. */ 55c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queruextern rwlock_t ip_nat_lock; 56c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 57c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* The structure embedded in the conntrack structure. */ 58c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Querustruct ip_nat_info 59c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru{ 60c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru struct list_head bysource; 61c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru struct ip_nat_seq seq[IP_CT_DIR_MAX]; 62c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru}; 63c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 64c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Querustruct ip_conntrack; 65c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 66c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Set up the info structure to map into this range. */ 67c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queruextern unsigned int ip_nat_setup_info(struct ip_conntrack *conntrack, 68c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru const struct ip_nat_range *range, 69c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru unsigned int hooknum); 70c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 71c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Is this tuple already taken? (not by us)*/ 72c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queruextern int ip_nat_used_tuple(const struct ip_conntrack_tuple *tuple, 73c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru const struct ip_conntrack *ignored_conntrack); 74c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 75c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Calculate relative checksum. */ 76c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queruextern u_int16_t ip_nat_cheat_check(u_int32_t oldvalinv, 77c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru u_int32_t newval, 78c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru u_int16_t oldcheck); 79c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#else /* !__KERNEL__: iptables wants this to compile. */ 80c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define ip_nat_multi_range ip_nat_multi_range_compat 81c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#endif /*__KERNEL__*/ 82c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#endif 83