xref: /dragonfly/sys/net/ipfw3_nat/ip_fw3_nat.h (revision 1b11ea06) 
1 /*
2  * Copyright (c) 2014 - 2018 The DragonFly Project.  All rights reserved.
3  *
4  * This code is derived from software contributed to The DragonFly Project
5  * by Bill Yuan <bycn82@dragonflybsd.org>
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  *
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in
15  *    the documentation and/or other materials provided with the
16  *    distribution.
17  * 3. Neither the name of The DragonFly Project nor the names of its
18  *    contributors may be used to endorse or promote products derived
19  *    from this software without specific, prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
25  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26  * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32  * SUCH DAMAGE.
33  */
34 
35 #ifndef _IP_FW3_NAT_H
36 #define _IP_FW3_NAT_H
37 
38 #define MODULE_NAT_ID		4
39 #define MODULE_NAT_NAME		"nat"
40 #define NAT_ID_MAX		4
41 
42 #define LEN_IN_ADDR	sizeof(struct in_addr)
43 
44 enum ipfw_nat_opcodes {
45 	O_NAT_NAT,
46 };
47 
48 struct ipfw_ioc_nat_state {
49 	struct in_addr		src_addr;
50 	struct in_addr		dst_addr;
51 	struct in_addr		alias_addr;
52 	u_short			src_port;
53 	u_short			dst_port;
54 	u_short			alias_port;
55 
56 	int			link_type;
57 	int			timestamp;
58 	int			expire_time;
59 	int			nat_id;
60 	int			cpuid;
61 	int			is_outgoing;
62 };
63 
64 struct ioc_nat {
65 	int			id;
66 	struct in_addr 		ip;
67 };
68 #define LEN_IOC_NAT sizeof(struct ioc_nat)
69 
70 typedef struct	_ipfw_insn_nat {
71 	ipfw_insn		o;
72 	struct cfg_nat  	*nat;
73 } ipfw_insn_nat;
74 
75 
76 
77 #ifdef _KERNEL
78 
79 /*
80  * Each NAT state contains the tuple (saddr,sport,daddr,dport,proto) and a pair
81  * of alias(alias_addr & alias_port).
82  * For outgoing TCP & UDP packets, the alias will be the after NAT src
83  * For incoming TCP & UDP packets, its alias will be the original src info.
84  * For ICMP packets, the icmp_id will be stored in the alias.
85  */
86 struct nat_state {
87 	RB_ENTRY(nat_state)	entries;
88 
89 	uint32_t		saddr;
90 	uint32_t		daddr;
91 	uint32_t		alias_addr;
92 
93 	uint16_t		sport;
94 	uint16_t		dport;
95 	uint16_t		alias_port;
96 
97 	uint8_t			proto;
98 
99 	int			timestamp;
100 	int			expiry;
101 };
102 #define LEN_NAT_STATE sizeof(struct nat_state)
103 
104 int 	nat_state_cmp(struct nat_state *s1, struct nat_state *s2);
105 
106 RB_HEAD(state_tree, nat_state);
107 
108 struct cfg_nat {
109 	int			id;
110 	struct in_addr		ip;
111 
112 	struct state_tree	tree_tcp_in;
113 	struct state_tree	tree_tcp_out;
114 	struct state_tree	tree_udp_in;
115 	struct state_tree	tree_udp_out;
116 	struct state_tree	tree_icmp_in;
117 	struct state_tree	tree_icmp_out;
118 
119 	struct nat_state	tmp;
120 };
121 #define LEN_CFG_NAT sizeof(struct cfg_nat)
122 
123 
124 MALLOC_DEFINE(M_IP_FW3_NAT, "IP_FW3_NAT", "IP_FW3 NAT module");
125 
126 
127 /*
128  * Place to hold the NAT context
129  */
130 struct ip_fw3_nat_context {
131 	struct cfg_nat 		*nats[NAT_ID_MAX];
132 };
133 #define LEN_NAT_CTX sizeof(struct ip_fw3_nat_context)
134 
135 struct netmsg_nat_del {
136 	struct netmsg_base 	base;
137 	int id;
138 };
139 
140 struct netmsg_nat_add {
141 	struct netmsg_base 	base;
142 	struct ioc_nat 		ioc_nat;
143 };
144 
145 struct netmsg_alias_link_add {
146 	struct netmsg_base 	base;
147 	int 			id;
148 	int 			is_outgoing;
149 	int 			is_tcp;
150 };
151 
152 void 	check_nat(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args,
153 		struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len);
154 
155 int 	ip_fw3_nat(struct ip_fw_args *args,
156 		struct cfg_nat *nat, struct mbuf *m);
157 int	nat_state_get_alias(struct nat_state *s,
158 		struct cfg_nat *nat, struct state_tree *tree);
159 
160 void 	add_alias_link_dispatch(netmsg_t nat_del_msg);
161 void 	nat_add_dispatch(netmsg_t msg);
162 int 	ip_fw3_ctl_nat_add(struct sockopt *sopt);
163 void 	nat_del_dispatch(netmsg_t msg);
164 int 	ip_fw3_ctl_nat_del(struct sockopt *sopt);
165 int 	ip_fw3_ctl_nat_flush(struct sockopt *sopt);
166 void 	nat_init_ctx_dispatch(netmsg_t msg);
167 int 	ip_fw3_ctl_nat_sockopt(struct sockopt *sopt);
168 int 	ip_fw3_ctl_nat_get_cfg(struct sockopt *sopt);
169 int 	ip_fw3_ctl_nat_get_record(struct sockopt *sopt);
170 
171 #endif
172 #endif