1 /* 2 * Copyright (c) 2014 - 2018 The DragonFly Project. All rights reserved. 3 * 4 * This code is derived from software contributed to The DragonFly Project 5 * by Bill Yuan <bycn82@dragonflybsd.org> 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in 15 * the documentation and/or other materials provided with the 16 * distribution. 17 * 3. Neither the name of The DragonFly Project nor the names of its 18 * contributors may be used to endorse or promote products derived 19 * from this software without specific, prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 #ifndef _IP_FW3_NAT_H 36 #define _IP_FW3_NAT_H 37 38 #define MODULE_NAT_ID 4 39 #define MODULE_NAT_NAME "nat" 40 #define NAT_ID_MAX 16 41 42 #define ALIAS_RANGE 64511 43 #define ALIAS_BEGIN 1024 44 45 #define LEN_IN_ADDR sizeof(struct in_addr) 46 47 enum ipfw_nat_opcodes { 48 O_NAT_NAT, 49 }; 50 51 struct ioc_nat_state { 52 struct in_addr src_addr; 53 struct in_addr dst_addr; 54 struct in_addr alias_addr; 55 u_short src_port; 56 u_short dst_port; 57 u_short alias_port; 58 int nat_id; 59 int cpu_id; 60 int proto; 61 int direction; 62 time_t life; 63 }; 64 #define LEN_IOC_NAT_STATE sizeof(struct ioc_nat_state) 65 66 struct ioc_nat { 67 int id; 68 int count; 69 struct in_addr ip; 70 }; 71 #define LEN_IOC_NAT sizeof(struct ioc_nat) 72 73 typedef struct _ipfw_insn_nat { 74 ipfw_insn o; 75 struct cfg_nat *nat; 76 } ipfw_insn_nat; 77 78 79 #ifdef _KERNEL 80 81 /* 82 * Each NAT state contains the tuple (saddr,sport,daddr,dport,proto) and a pair 83 * of alias(alias_addr & alias_port). 84 * For outgoing TCP & UDP packets, the alias will be the after NAT src 85 * For incoming TCP & UDP packets, its alias will be the original src info. 86 * For ICMP packets, the icmp_id will be stored in the alias. 87 */ 88 struct nat_state { 89 RB_ENTRY(nat_state) entries; 90 uint32_t src_addr; 91 uint32_t dst_addr; 92 uint32_t alias_addr; 93 uint16_t src_port; 94 uint16_t dst_port; 95 uint16_t alias_port; 96 time_t timestamp; 97 }; 98 #define LEN_NAT_STATE sizeof(struct nat_state) 99 100 /* nat_state for the incoming packets */ 101 struct nat_state2 { 102 uint32_t src_addr; 103 uint32_t dst_addr; 104 uint32_t alias_addr; 105 uint16_t src_port; 106 uint16_t dst_port; 107 uint16_t alias_port; 108 time_t timestamp; 109 }; 110 #define LEN_NAT_STATE2 sizeof(struct nat_state2) 111 112 int ip_fw3_nat_state_cmp(struct nat_state *s1, struct nat_state *s2); 113 114 RB_HEAD(state_tree, nat_state); 115 116 struct cfg_nat { 117 int id; 118 int count; 119 LIST_HEAD(, cfg_alias) alias; /* list of the alias IP */ 120 121 struct state_tree rb_tcp_out; 122 struct state_tree rb_udp_out; 123 struct state_tree rb_icmp_out; 124 }; 125 126 #define LEN_CFG_NAT sizeof(struct cfg_nat) 127 128 struct cfg_alias { 129 LIST_ENTRY(cfg_alias) next; 130 struct in_addr ip; 131 struct nat_state2 *tcp_in[ALIAS_RANGE]; 132 struct nat_state2 *udp_in[ALIAS_RANGE]; 133 struct nat_state2 *icmp_in[ALIAS_RANGE]; 134 }; 135 #define LEN_CFG_ALIAS sizeof(struct cfg_alias) 136 137 /* place to hold the nat conf */ 138 struct ip_fw3_nat_context { 139 struct cfg_nat *nats[NAT_ID_MAX]; 140 }; 141 142 struct netmsg_nat_del { 143 struct netmsg_base base; 144 int id; 145 }; 146 147 struct netmsg_nat_add { 148 struct netmsg_base base; 149 struct ioc_nat ioc_nat; 150 }; 151 152 struct netmsg_nat_state_add { 153 struct netmsg_base base; 154 struct nat_state2 *state; 155 struct in_addr alias_addr; 156 uint16_t alias_port; 157 int proto; 158 int nat_id; 159 }; 160 #define LEN_NMSG_NAT_STATE_ADD sizeof(struct netmsg_nat_state_add) 161 162 void check_nat(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 163 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 164 165 int ip_fw3_nat(struct ip_fw_args *, struct cfg_nat *, struct mbuf *); 166 167 void pick_alias_port(struct nat_state *s, struct state_tree *tree); 168 169 void nat_state_add_dispatch(netmsg_t msg); 170 void nat_add_dispatch(netmsg_t msg); 171 int ip_fw3_ctl_nat_add(struct sockopt *sopt); 172 void nat_del_dispatch(netmsg_t msg); 173 int ip_fw3_ctl_nat_del(struct sockopt *sopt); 174 int ip_fw3_ctl_nat_flush(struct sockopt *sopt); 175 void nat_init_ctx_dispatch(netmsg_t msg); 176 void nat_fnit_ctx_dispatch(netmsg_t msg); 177 int ip_fw3_ctl_nat_sockopt(struct sockopt *sopt); 178 int ip_fw3_ctl_nat_get_cfg(struct sockopt *sopt); 179 int ip_fw3_ctl_nat_get_record(struct sockopt *sopt); 180 181 #endif 182 #endif 183