[linux-2.6-block.git] / include / linux / netfilter_ipv4 / ip_nat.h

#ifndef _IP_NAT_H
#define _IP_NAT_H
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter_ipv4/ip_conntrack_tuple.h>

#define IP_NAT_MAPPING_TYPE_MAX_NAMELEN 16

enum ip_nat_manip_type
{
	IP_NAT_MANIP_SRC,
	IP_NAT_MANIP_DST
};

/* SRC manip occurs POST_ROUTING or LOCAL_IN */
#define HOOK2MANIP(hooknum) ((hooknum) != NF_IP_POST_ROUTING && (hooknum) != NF_IP_LOCAL_IN)

#define IP_NAT_RANGE_MAP_IPS 1
#define IP_NAT_RANGE_PROTO_SPECIFIED 2
#define IP_NAT_RANGE_PROTO_RANDOM 4 /* add randomness to "port" selection */

/* NAT sequence number modifications */
struct ip_nat_seq {
	/* position of the last TCP sequence number 
	 * modification (if any) */
	u_int32_t correction_pos;
	/* sequence number offset before and after last modification */
	int16_t offset_before, offset_after;
};

/* Single range specification. */
struct ip_nat_range
{
	/* Set to OR of flags above. */
	unsigned int flags;

	/* Inclusive: network order. */
	__be32 min_ip, max_ip;

	/* Inclusive: network order */
	union ip_conntrack_manip_proto min, max;
};

/* For backwards compat: don't use in modern code. */
struct ip_nat_multi_range_compat
{
	unsigned int rangesize; /* Must be 1. */

	/* hangs off end. */
	struct ip_nat_range range[1];
};

#ifdef __KERNEL__
#include <linux/list.h>

/* Protects NAT hash tables, and NAT-private part of conntracks. */
extern rwlock_t ip_nat_lock;

/* The structure embedded in the conntrack structure. */
struct ip_nat_info
{
	struct list_head bysource;
	struct ip_nat_seq seq[IP_CT_DIR_MAX];
};

struct ip_conntrack;

/* Set up the info structure to map into this range. */
extern unsigned int ip_nat_setup_info(struct ip_conntrack *conntrack,
				      const struct ip_nat_range *range,
				      unsigned int hooknum);

/* Is this tuple already taken? (not by us)*/
extern int ip_nat_used_tuple(const struct ip_conntrack_tuple *tuple,
			     const struct ip_conntrack *ignored_conntrack);

#else  /* !__KERNEL__: iptables wants this to compile. */
#define ip_nat_multi_range ip_nat_multi_range_compat
#endif /*__KERNEL__*/
#endif
Commit	Line	Data
1da177e4 LT	1	#ifndef _IP_NAT_H
	2	#define _IP_NAT_H
	3	#include <linux/netfilter_ipv4.h>
	4	#include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
	5
	6	#define IP_NAT_MAPPING_TYPE_MAX_NAMELEN 16
	7
	8	enum ip_nat_manip_type
	9	{
	10	IP_NAT_MANIP_SRC,
	11	IP_NAT_MANIP_DST
	12	};
	13
	14	/* SRC manip occurs POST_ROUTING or LOCAL_IN */
	15	#define HOOK2MANIP(hooknum) ((hooknum) != NF_IP_POST_ROUTING && (hooknum) != NF_IP_LOCAL_IN)
	16
	17	#define IP_NAT_RANGE_MAP_IPS 1
	18	#define IP_NAT_RANGE_PROTO_SPECIFIED 2
41f4689a	19	#define IP_NAT_RANGE_PROTO_RANDOM 4 /* add randomness to "port" selection */
1da177e4 LT	20
	21	/* NAT sequence number modifications */
	22	struct ip_nat_seq {
	23	/* position of the last TCP sequence number
	24	* modification (if any) */
	25	u_int32_t correction_pos;
	26	/* sequence number offset before and after last modification */
5ee95612	27	int16_t offset_before, offset_after;
1da177e4 LT	28	};
	29
	30	/* Single range specification. */
	31	struct ip_nat_range
	32	{
	33	/* Set to OR of flags above. */
	34	unsigned int flags;
	35
	36	/* Inclusive: network order. */
a76b11dd	37	__be32 min_ip, max_ip;
1da177e4 LT	38
	39	/* Inclusive: network order */
	40	union ip_conntrack_manip_proto min, max;
	41	};
	42
	43	/* For backwards compat: don't use in modern code. */
	44	struct ip_nat_multi_range_compat
	45	{
	46	unsigned int rangesize; /* Must be 1. */
	47
	48	/* hangs off end. */
	49	struct ip_nat_range range[1];
	50	};
	51
	52	#ifdef __KERNEL__
	53	#include <linux/list.h>
1da177e4 LT	54
1da177e4 LT	55	/* Protects NAT hash tables, and NAT-private part of conntracks. */
e45b1be8	56	extern rwlock_t ip_nat_lock;
1da177e4 LT	57
	58	/* The structure embedded in the conntrack structure. */
	59	struct ip_nat_info
	60	{
	61	struct list_head bysource;
1da177e4 LT	62	struct ip_nat_seq seq[IP_CT_DIR_MAX];
	63	};
	64
	65	struct ip_conntrack;
	66
	67	/* Set up the info structure to map into this range. */
	68	extern unsigned int ip_nat_setup_info(struct ip_conntrack *conntrack,
	69	const struct ip_nat_range *range,
	70	unsigned int hooknum);
	71
	72	/* Is this tuple already taken? (not by us)*/
	73	extern int ip_nat_used_tuple(const struct ip_conntrack_tuple *tuple,
	74	const struct ip_conntrack *ignored_conntrack);
	75
1da177e4 LT	76	#else /* !__KERNEL__: iptables wants this to compile. */
	77	#define ip_nat_multi_range ip_nat_multi_range_compat
	78	#endif /__KERNEL__/
	79	#endif