1 /* 2 * Copyright (c) 2014 The DragonFly Project. All rights reserved. 3 * 4 * This code is derived from software contributed to The DragonFly Project 5 * by Bill Yuan <bycn82@dragonflybsd.org> 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in 15 * the documentation and/or other materials provided with the 16 * distribution. 17 * 3. Neither the name of The DragonFly Project nor the names of its 18 * contributors may be used to endorse or promote products derived 19 * from this software without specific, prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 #ifndef _IP_FW_NAT_H 36 #define _IP_FW_NAT_H 37 38 #define MODULE_NAT_ID 4 39 #define MODULE_NAT_NAME "nat" 40 41 #ifdef _KERNEL 42 43 MALLOC_DEFINE(M_IPFW_NAT, "IPFW3/NAT", "IPFW3/NAT 's"); 44 45 /* place to hold the nat conf */ 46 struct ipfw_nat_context { 47 LIST_HEAD(, cfg_nat) nat; /* list of nat entries*/ 48 }; 49 50 struct netmsg_nat_del { 51 struct netmsg_base base; 52 int id; 53 }; 54 55 struct netmsg_nat_add { 56 struct netmsg_base base; 57 char *buf; 58 }; 59 60 struct netmsg_alias_link_add { 61 struct netmsg_base base; 62 struct alias_link *lnk; 63 int id; 64 int is_outgoing; 65 int is_tcp; 66 }; 67 68 #endif 69 70 enum ipfw_nat_opcodes { 71 O_NAT_NAT, 72 }; 73 74 struct ipfw_ioc_nat_state { 75 struct in_addr src_addr; 76 struct in_addr dst_addr; 77 struct in_addr alias_addr; 78 int link_type; 79 int timestamp; 80 int expire_time; 81 int nat_id; 82 int cpuid; 83 int is_outgoing; 84 u_short src_port; 85 u_short dst_port; 86 u_short alias_port; 87 }; 88 89 /* Redirect modes id. */ 90 #define REDIR_ADDR 0x01 91 #define REDIR_PORT 0x02 92 #define REDIR_PROTO 0x04 93 94 /* Server pool support (LSNAT). */ 95 struct cfg_spool { 96 LIST_ENTRY(cfg_spool) _next; /* chain of spool instances */ 97 struct in_addr addr; 98 u_short port; 99 }; 100 101 struct cfg_redir { 102 LIST_ENTRY(cfg_redir) _next; /* chain of redir instances */ 103 u_int16_t mode; /* type of redirect mode */ 104 struct in_addr laddr; /* local ip address */ 105 struct in_addr paddr; /* public ip address */ 106 struct in_addr raddr; /* remote ip address */ 107 u_short lport; /* local port */ 108 u_short pport; /* public port */ 109 u_short rport; /* remote port */ 110 u_short pport_cnt; /* number of public ports */ 111 u_short rport_cnt; /* number of remote ports */ 112 int proto; /* protocol: tcp/udp */ 113 struct alias_link **alink; 114 /* num of entry in spool chain */ 115 u_int16_t spool_cnt; 116 /* chain of spool instances */ 117 LIST_HEAD(spool_chain, cfg_spool) spool_chain; 118 }; 119 120 /* Nat configuration data struct. */ 121 struct cfg_nat { 122 /* chain of nat instances */ 123 LIST_ENTRY(cfg_nat) _next; 124 int id; /* nat id */ 125 struct in_addr ip; /* nat ip address */ 126 char if_name[IF_NAMESIZE]; /* interface name */ 127 int mode; /* aliasing mode */ 128 struct libalias *lib; /* libalias instance */ 129 /* number of entry in spool chain */ 130 int redir_cnt; 131 /* chain of redir instances */ 132 LIST_HEAD(redir_chain, cfg_redir) redir_chain; 133 }; 134 135 #define SOF_NAT sizeof(struct cfg_nat) 136 #define SOF_REDIR sizeof(struct cfg_redir) 137 #define SOF_SPOOL sizeof(struct cfg_spool) 138 139 /* Nat command. */ 140 typedef struct _ipfw_insn_nat { 141 ipfw_insn o; 142 struct cfg_nat *nat; 143 } ipfw_insn_nat; 144 145 #define LOOKUP_NAT(l, i, p) do { \ 146 LIST_FOREACH((p), &(l.nat), _next){ \ 147 if((p)->id == (i)){ \ 148 break; \ 149 } \ 150 } \ 151 } while (0) 152 153 #define HOOK_NAT(b, p) do { \ 154 LIST_INSERT_HEAD(b, p, _next); \ 155 } while (0) 156 157 #define UNHOOK_NAT(p) do { \ 158 LIST_REMOVE(p, _next); \ 159 } while (0) 160 161 #define HOOK_REDIR(b, p) do { \ 162 LIST_INSERT_HEAD(b, p, _next); \ 163 } while (0) 164 165 #define HOOK_SPOOL(b, p) do { \ 166 LIST_INSERT_HEAD(b, p, _next); \ 167 } while (0) 168 169 #ifdef _KERNEL 170 void check_nat(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 171 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 172 void add_alias_link_dispatch(netmsg_t nat_del_msg); 173 int ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m); 174 void nat_add_dispatch(netmsg_t msg); 175 int ipfw_ctl_nat_add(struct sockopt *sopt); 176 void nat_del_dispatch(netmsg_t msg); 177 int ipfw_ctl_nat_del(struct sockopt *sopt); 178 int ipfw_ctl_nat_flush(struct sockopt *sopt); 179 int ipfw_ctl_nat_sockopt(struct sockopt *sopt); 180 void nat_init_ctx_dispatch(netmsg_t msg); 181 int ipfw_ctl_nat_get_cfg(struct sockopt *sopt); 182 void del_redir_spool_cfg(struct cfg_nat *n, struct redir_chain *head); 183 int add_redir_spool_cfg(char *buf, struct cfg_nat *ptr); 184 int ipfw_ctl_nat_get_record(struct sockopt *sopt); 185 #endif 186 #endif 187