1#ifndef _NF_NAT_H 2#define _NF_NAT_H 3#include <linux/netfilter_ipv4.h> 4#include <net/netfilter/nf_conntrack_tuple.h> 5 6#define NF_NAT_MAPPING_TYPE_MAX_NAMELEN 16 7 8enum nf_nat_manip_type 9{ 10 IP_NAT_MANIP_SRC, 11 IP_NAT_MANIP_DST 12}; 13 14/* SRC manip occurs POST_ROUTING or LOCAL_IN */ 15#define HOOK2MANIP(hooknum) ((hooknum) != NF_IP_POST_ROUTING && (hooknum) != NF_IP_LOCAL_IN) 16 17#define IP_NAT_RANGE_MAP_IPS 1 18#define IP_NAT_RANGE_PROTO_SPECIFIED 2 19#define IP_NAT_RANGE_PROTO_RANDOM 4 20 21/* NAT sequence number modifications */ 22struct nf_nat_seq { 23 /* position of the last TCP sequence number modification (if any) */ 24 u_int32_t correction_pos; 25 26 /* sequence number offset before and after last modification */ 27 int16_t offset_before, offset_after; 28}; 29 30/* Single range specification. */ 31struct nf_nat_range 32{ 33 /* Set to OR of flags above. */ 34 unsigned int flags; 35 36 /* Inclusive: network order. */ 37 __be32 min_ip, max_ip; 38 39 /* Inclusive: network order */ 40 union nf_conntrack_man_proto min, max; 41}; 42 43/* For backwards compat: don't use in modern code. */ 44struct nf_nat_multi_range_compat 45{ 46 unsigned int rangesize; /* Must be 1. */ 47 48 /* hangs off end. */ 49 struct nf_nat_range range[1]; 50}; 51 52#ifdef __KERNEL__ 53#include <linux/list.h> 54#include <linux/netfilter/nf_conntrack_pptp.h> 55#include <net/netfilter/nf_conntrack_extend.h> 56 57/* per conntrack: nat application helper private data */ 58union nf_conntrack_nat_help 59{ 60 /* insert nat helper private data here */ 61 struct nf_nat_pptp nat_pptp_info; 62}; 63 64struct nf_conn; 65 66/* The structure embedded in the conntrack structure. */ 67struct nf_conn_nat 68{ 69 struct hlist_node bysource; 70 struct nf_nat_seq seq[IP_CT_DIR_MAX]; 71 struct nf_conn *ct; 72 union nf_conntrack_nat_help help; 73#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \ 74 defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE) 75 int masq_index; 76#endif 77}; 78 79/* Set up the info structure to map into this range. */ 80extern unsigned int nf_nat_setup_info(struct nf_conn *ct, 81 const struct nf_nat_range *range, 82 unsigned int hooknum); 83 84/* Is this tuple already taken? (not by us)*/ 85extern int nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple, 86 const struct nf_conn *ignored_conntrack); 87 88static inline struct nf_conn_nat *nfct_nat(const struct nf_conn *ct) 89{ 90 return nf_ct_ext_find(ct, NF_CT_EXT_NAT); 91} 92 93#else /* !__KERNEL__: iptables wants this to compile. */ 94#define nf_nat_multi_range nf_nat_multi_range_compat 95#endif /*__KERNEL__*/ 96#endif 97