[net-next-2.6.git] / include / net / netfilter / nf_nat.h

#ifndef _NF_NAT_H
#define _NF_NAT_H
#include <linux/netfilter_ipv4.h>
#include <net/netfilter/nf_conntrack_tuple.h>

#define NF_NAT_MAPPING_TYPE_MAX_NAMELEN 16

enum nf_nat_manip_type {
	IP_NAT_MANIP_SRC,
	IP_NAT_MANIP_DST
};

/* SRC manip occurs POST_ROUTING or LOCAL_IN */
#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \
			     (hooknum) != NF_INET_LOCAL_IN)

#define IP_NAT_RANGE_MAP_IPS 1
#define IP_NAT_RANGE_PROTO_SPECIFIED 2
#define IP_NAT_RANGE_PROTO_RANDOM 4
#define IP_NAT_RANGE_PERSISTENT 8

/* NAT sequence number modifications */
struct nf_nat_seq {
	/* position of the last TCP sequence number modification (if any) */
	u_int32_t correction_pos;

	/* sequence number offset before and after last modification */
	int16_t offset_before, offset_after;
};

/* Single range specification. */
struct nf_nat_range {
	/* Set to OR of flags above. */
	unsigned int flags;

	/* Inclusive: network order. */
	__be32 min_ip, max_ip;

	/* Inclusive: network order */
	union nf_conntrack_man_proto min, max;
};

/* For backwards compat: don't use in modern code. */
struct nf_nat_multi_range_compat {
	unsigned int rangesize; /* Must be 1. */

	/* hangs off end. */
	struct nf_nat_range range[1];
};

#ifdef __KERNEL__
#include <linux/list.h>
#include <linux/netfilter/nf_conntrack_pptp.h>
#include <net/netfilter/nf_conntrack_extend.h>

/* per conntrack: nat application helper private data */
union nf_conntrack_nat_help {
	/* insert nat helper private data here */
	struct nf_nat_pptp nat_pptp_info;
};

struct nf_conn;

/* The structure embedded in the conntrack structure. */
struct nf_conn_nat {
	struct hlist_node bysource;
	struct nf_nat_seq seq[IP_CT_DIR_MAX];
	struct nf_conn *ct;
	union nf_conntrack_nat_help help;
#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \
    defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)
	int masq_index;
#endif
};

/* Set up the info structure to map into this range. */
extern unsigned int nf_nat_setup_info(struct nf_conn *ct,
				      const struct nf_nat_range *range,
				      enum nf_nat_manip_type maniptype);

/* Is this tuple already taken? (not by us)*/
extern int nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple,
			     const struct nf_conn *ignored_conntrack);

static inline struct nf_conn_nat *nfct_nat(const struct nf_conn *ct)
{
	return nf_ct_ext_find(ct, NF_CT_EXT_NAT);
}

#else  /* !__KERNEL__: iptables wants this to compile. */
#define nf_nat_multi_range nf_nat_multi_range_compat
#endif /*__KERNEL__*/
#endif
Commit	Line	Data
5b1158e9 JK	1	#ifndef _NF_NAT_H
	2	#define _NF_NAT_H
	3	#include <linux/netfilter_ipv4.h>
	4	#include <net/netfilter/nf_conntrack_tuple.h>
	5
	6	#define NF_NAT_MAPPING_TYPE_MAX_NAMELEN 16
	7
fd2c3ef7	8	enum nf_nat_manip_type {
5b1158e9 JK	9	IP_NAT_MANIP_SRC,
	10	IP_NAT_MANIP_DST
	11	};
	12
	13	/* SRC manip occurs POST_ROUTING or LOCAL_IN */
6e23ae2a PM	14	#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \
6e23ae2a PM	15	(hooknum) != NF_INET_LOCAL_IN)
5b1158e9 JK	16
	17	#define IP_NAT_RANGE_MAP_IPS 1
	18	#define IP_NAT_RANGE_PROTO_SPECIFIED 2
41f4689a	19	#define IP_NAT_RANGE_PROTO_RANDOM 4
98d500d6	20	#define IP_NAT_RANGE_PERSISTENT 8
5b1158e9 JK	21
	22	/* NAT sequence number modifications */
	23	struct nf_nat_seq {
	24	/* position of the last TCP sequence number modification (if any) */
	25	u_int32_t correction_pos;
	26
	27	/* sequence number offset before and after last modification */
	28	int16_t offset_before, offset_after;
	29	};
	30
	31	/* Single range specification. */
fd2c3ef7	32	struct nf_nat_range {
5b1158e9 JK	33	/* Set to OR of flags above. */
	34	unsigned int flags;
	35
	36	/* Inclusive: network order. */
	37	__be32 min_ip, max_ip;
	38
	39	/* Inclusive: network order */
	40	union nf_conntrack_man_proto min, max;
	41	};
	42
	43	/* For backwards compat: don't use in modern code. */
fd2c3ef7	44	struct nf_nat_multi_range_compat {
5b1158e9 JK	45	unsigned int rangesize; /* Must be 1. */
	46
	47	/* hangs off end. */
	48	struct nf_nat_range range[1];
	49	};
	50
	51	#ifdef __KERNEL__
	52	#include <linux/list.h>
4ba88779	53	#include <linux/netfilter/nf_conntrack_pptp.h>
2d59e5ca	54	#include <net/netfilter/nf_conntrack_extend.h>
5b1158e9	55
4ba88779	56	/* per conntrack: nat application helper private data */
fd2c3ef7	57	union nf_conntrack_nat_help {
4ba88779 YK	58	/* insert nat helper private data here */
	59	struct nf_nat_pptp nat_pptp_info;
	60	};
	61
b6b84d4a YK	62	struct nf_conn;
	63
	64	/* The structure embedded in the conntrack structure. */
fd2c3ef7	65	struct nf_conn_nat {
53aba597	66	struct hlist_node bysource;
b6b84d4a YK	67	struct nf_nat_seq seq[IP_CT_DIR_MAX];
b6b84d4a YK	68	struct nf_conn *ct;
4ba88779 YK	69	union nf_conntrack_nat_help help;
	70	#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) \|\| \
	71	defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)
	72	int masq_index;
	73	#endif
	74	};
	75
5b1158e9 JK	76	/* Set up the info structure to map into this range. */
	77	extern unsigned int nf_nat_setup_info(struct nf_conn *ct,
	78	const struct nf_nat_range *range,
cc01dcbd	79	enum nf_nat_manip_type maniptype);
5b1158e9 JK	80
	81	/* Is this tuple already taken? (not by us)*/
	82	extern int nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple,
	83	const struct nf_conn *ignored_conntrack);
	84
2d59e5ca YK	85	static inline struct nf_conn_nat nfct_nat(const struct nf_conn ct)
	86	{
	87	return nf_ct_ext_find(ct, NF_CT_EXT_NAT);
	88	}
	89
5b1158e9 JK	90	#else /* !__KERNEL__: iptables wants this to compile. */
	91	#define nf_nat_multi_range nf_nat_multi_range_compat
	92	#endif /__KERNEL__/
	93	#endif