1 #ifndef _IP_NAT_H
2 #define _IP_NAT_H
3 #include <linux/netfilter_ipv4.h>
4 #include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
5 
6 #define IP_NAT_MAPPING_TYPE_MAX_NAMELEN 16
7 
8 enum ip_nat_manip_type
9 {
10 	IP_NAT_MANIP_SRC,
11 	IP_NAT_MANIP_DST
12 };
13 
14 /* SRC manip occurs POST_ROUTING or LOCAL_IN */
15 #define HOOK2MANIP(hooknum) ((hooknum) != NF_IP_POST_ROUTING && (hooknum) != NF_IP_LOCAL_IN)
16 
17 /* 2.3.19 (I hope) will define this in linux/netfilter_ipv4.h. */
18 #ifndef SO_ORIGINAL_DST
19 #define SO_ORIGINAL_DST 80
20 #endif
21 
22 #define IP_NAT_RANGE_MAP_IPS 1
23 #define IP_NAT_RANGE_PROTO_SPECIFIED 2
24 /* Used internally by get_unique_tuple(). */
25 #define IP_NAT_RANGE_FULL 4
26 
27 /* NAT sequence number modifications */
28 struct ip_nat_seq {
29 	/* position of the last TCP sequence number
30 	 * modification (if any) */
31 	u_int32_t correction_pos;
32 	/* sequence number offset before and after last modification */
33 	int32_t offset_before, offset_after;
34 };
35 
36 /* Single range specification. */
37 struct ip_nat_range
38 {
39 	/* Set to OR of flags above. */
40 	unsigned int flags;
41 
42 	/* Inclusive: network order. */
43 	u_int32_t min_ip, max_ip;
44 
45 	/* Inclusive: network order */
46 	union ip_conntrack_manip_proto min, max;
47 };
48 
49 /* A range consists of an array of 1 or more ip_nat_range */
50 struct ip_nat_multi_range
51 {
52 	unsigned int rangesize;
53 
54 	/* hangs off end. */
55 	struct ip_nat_range range[1];
56 };
57 
58 /* Worst case: local-out manip + 1 post-routing, and reverse dirn. */
59 #define IP_NAT_MAX_MANIPS (2*3)
60 
61 struct ip_nat_info_manip
62 {
63 	/* The direction. */
64 	u_int8_t direction;
65 
66 	/* Which hook the manipulation happens on. */
67 	u_int8_t hooknum;
68 
69 	/* The manipulation type. */
70 	u_int8_t maniptype;
71 
72 	/* Manipulations to occur at each conntrack in this dirn. */
73 	struct ip_conntrack_manip manip;
74 };
75 
76 #ifdef __KERNEL__
77 #include <linux/list.h>
78 #include <linux/netfilter_ipv4/lockhelp.h>
79 
80 /* Protects NAT hash tables, and NAT-private part of conntracks. */
81 DECLARE_RWLOCK_EXTERN(ip_nat_lock);
82 
83 /* Hashes for by-source and IP/protocol. */
84 struct ip_nat_hash
85 {
86 	struct list_head list;
87 
88 	/* conntrack we're embedded in: NULL if not in hash. */
89 	struct ip_conntrack *conntrack;
90 };
91 
92 /* The structure embedded in the conntrack structure. */
93 struct ip_nat_info
94 {
95 	/* Set to zero when conntrack created: bitmask of maniptypes */
96 	int initialized;
97 
98 	unsigned int num_manips;
99 
100 	/* Manipulations to be done on this conntrack. */
101 	struct ip_nat_info_manip manips[IP_NAT_MAX_MANIPS];
102 
103 	struct ip_nat_hash bysource, byipsproto;
104 
105 	/* Helper (NULL if none). */
106 	struct ip_nat_helper *helper;
107 
108 	struct ip_nat_seq seq[IP_CT_DIR_MAX];
109 };
110 
111 /* Set up the info structure to map into this range. */
112 extern unsigned int ip_nat_setup_info(struct ip_conntrack *conntrack,
113 				      const struct ip_nat_multi_range *mr,
114 				      unsigned int hooknum);
115 
116 /* Is this tuple already taken? (not by us)*/
117 extern int ip_nat_used_tuple(const struct ip_conntrack_tuple *tuple,
118 			     const struct ip_conntrack *ignored_conntrack);
119 
120 /* Calculate relative checksum. */
121 extern u_int16_t ip_nat_cheat_check(u_int32_t oldvalinv,
122 				    u_int32_t newval,
123 				    u_int16_t oldcheck);
124 #endif /*__KERNEL__*/
125 #endif
126