1#ifndef _NF_NAT_H 2#define _NF_NAT_H 3#include <linux/netfilter_ipv4.h> 4#include <net/netfilter/nf_conntrack_tuple.h> 5 6#define NF_NAT_MAPPING_TYPE_MAX_NAMELEN 16 7 8enum nf_nat_manip_type { 9 IP_NAT_MANIP_SRC, 10 IP_NAT_MANIP_DST 11}; 12 13/* SRC manip occurs POST_ROUTING or LOCAL_IN */ 14#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \ 15 (hooknum) != NF_INET_LOCAL_IN) 16 17#define IP_NAT_RANGE_MAP_IPS 1 18#define IP_NAT_RANGE_PROTO_SPECIFIED 2 19#define IP_NAT_RANGE_PROTO_RANDOM 4 20#define IP_NAT_RANGE_PERSISTENT 8 21 22/* NAT sequence number modifications */ 23struct nf_nat_seq { 24 /* position of the last TCP sequence number modification (if any) */ 25 u_int32_t correction_pos; 26 27 /* sequence number offset before and after last modification */ 28 int16_t offset_before, offset_after; 29}; 30 31/* Single range specification. */ 32struct nf_nat_range { 33 /* Set to OR of flags above. */ 34 unsigned int flags; 35 36 /* Inclusive: network order. */ 37 __be32 min_ip, max_ip; 38 39 /* Inclusive: network order */ 40 union nf_conntrack_man_proto min, max; 41}; 42 43/* For backwards compat: don't use in modern code. */ 44struct nf_nat_multi_range_compat { 45 unsigned int rangesize; /* Must be 1. */ 46 47 /* hangs off end. */ 48 struct nf_nat_range range[1]; 49}; 50 51#ifdef __KERNEL__ 52#include <linux/list.h> 53#include <linux/netfilter/nf_conntrack_pptp.h> 54#include <net/netfilter/nf_conntrack_extend.h> 55 56/* per conntrack: nat application helper private data */ 57union nf_conntrack_nat_help { 58 /* insert nat helper private data here */ 59 struct nf_nat_pptp nat_pptp_info; 60}; 61 62struct nf_conn; 63 64/* The structure embedded in the conntrack structure. */ 65struct nf_conn_nat { 66 struct hlist_node bysource; 67#ifdef CONFIG_IP_NF_TARGET_CONE 68 /* cone NAT or Symmetric NAT */ 69 struct hlist_node bycone; 70#endif /* CONFIG_IP_NF_TARGET_CONE */ 71 u_int32_t nat_type; 72 struct nf_nat_seq seq[IP_CT_DIR_MAX]; 73 struct nf_conn *ct; 74 union nf_conntrack_nat_help help; 75#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \ 76 defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE) 77 int masq_index; 78#endif 79}; 80 81/* Set up the info structure to map into this range. */ 82extern unsigned int nf_nat_setup_info(struct nf_conn *ct, 83 const struct nf_nat_range *range, 84 enum nf_nat_manip_type maniptype); 85 86/* Is this tuple already taken? (not by us)*/ 87extern int nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple, 88 const struct nf_conn *ignored_conntrack); 89 90static inline struct nf_conn_nat *nfct_nat(const struct nf_conn *ct) 91{ 92 return nf_ct_ext_find(ct, NF_CT_EXT_NAT); 93} 94 95#else /* !__KERNEL__: iptables wants this to compile. */ 96#define nf_nat_multi_range nf_nat_multi_range_compat 97#endif /*__KERNEL__*/ 98#endif 99