Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-4]: src/sys/netinet Pull up revision 1.16 (requested by darrenr):
details: https://anonhg.NetBSD.org/src/rev/2cd73509856f
branches: netbsd-1-4
changeset: 469943:2cd73509856f
user: he <he%NetBSD.org@localhost>
date: Mon Dec 20 21:07:16 1999 +0000
description:
Pull up revision 1.16 (requested by darrenr):
Update IPF to version 3.3.5.
diffstat:
sys/netinet/ip_nat.h | 115 +++++++++++++++++++++++++++++++++++++++-----------
1 files changed, 90 insertions(+), 25 deletions(-)
diffs (212 lines):
diff -r 19161cabea54 -r 2cd73509856f sys/netinet/ip_nat.h
--- a/sys/netinet/ip_nat.h Mon Dec 20 21:07:13 1999 +0000
+++ b/sys/netinet/ip_nat.h Mon Dec 20 21:07:16 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_nat.h,v 1.15 1998/11/22 15:17:20 mrg Exp $ */
+/* $NetBSD: ip_nat.h,v 1.15.4.1 1999/12/20 21:07:16 he Exp $ */
/*
* Copyright (C) 1995-1998 by Darren Reed.
@@ -8,7 +8,7 @@
* to the original author and the contributors.
*
* @(#)ip_nat.h 1.5 2/4/96
- * Id: ip_nat.h,v 2.0.2.23.2.6 1998/11/22 01:50:29 darrenr Exp
+ * Id: ip_nat.h,v 2.1.2.2 1999/11/28 11:01:51 darrenr Exp
*/
#ifndef _NETINET_IP_NAT_H_
@@ -38,18 +38,39 @@
#define SIOCCNATL _IOWR(r, 87, int)
#endif
-#define NAT_SIZE 367
+#undef LARGE_NAT /* define this if you're setting up a system to NAT
+ * LARGE numbers of networks/hosts - i.e. in the
+ * hundreds or thousands. In such a case, you should
+ * also change the RDR_SIZE and NAT_SIZE below to more
+ * appropriate sizes. The figures below were used for
+ * a setup with 1000-2000 networks to NAT.
+ */
+#define NAT_SIZE 127
+#define RDR_SIZE 127
+#define NAT_TABLE_SZ 127
+#ifdef LARGE_NAT
+#undef NAT_SIZE
+#undef RDR_SIZE
+#undef NAT_TABLE_SZ
+#define NAT_SIZE 2047
+#define RDR_SIZE 2047
+#define NAT_TABLE_SZ 16383
+#endif
#ifndef APR_LABELLEN
#define APR_LABELLEN 16
#endif
+#define NAT_HW_CKSUM 0x80000000
+
+#define DEF_NAT_AGE 1200 /* 10 minutes (600 seconds) */
typedef struct nat {
u_long nat_age;
int nat_flags;
- u_32_t nat_sumd;
+ u_32_t nat_sumd[2];
u_32_t nat_ipsumd;
void *nat_data;
void *nat_aps; /* proxy session */
+ frentry_t *nat_fr; /* filter rule ptr if appropriate */
struct in_addr nat_inip;
struct in_addr nat_outip;
struct in_addr nat_oip; /* other ip */
@@ -59,7 +80,8 @@
u_short nat_inport;
u_short nat_outport;
u_short nat_use;
- u_char nat_state[2];
+ u_char nat_tcpstate[2];
+ u_char nat_p; /* protocol for NAT */
struct ipnat *nat_ptr; /* pointer back to the rule */
struct nat *nat_next;
struct nat *nat_hnext[2];
@@ -70,16 +92,22 @@
typedef struct ipnat {
struct ipnat *in_next;
- void *in_ifp; /* interface pointer */
- void *in_apr; /* proxy structure ptr */
- u_int in_space;
+ struct ipnat *in_rnext;
+ struct ipnat *in_mnext;
+ void *in_ifp;
+ void *in_apr;
+ u_long in_space;
u_int in_use;
+ u_int in_hits;
struct in_addr in_nextip;
u_short in_pnext;
- u_short in_flags;
- u_short in_port[2];
+ u_short in_ppip; /* ports per IP */
+ u_short in_ippip; /* IP #'s per IP# */
+ u_short in_flags; /* From here to in_dport must be reflected */
+ u_short in_port[2]; /* correctly in IPN_CMPSIZ */
struct in_addr in_in[2];
struct in_addr in_out[2];
+ struct in_addr in_src[2];
int in_redir; /* 0 if it's a mapping, 1 if it's a hard redir */
char in_ifname[IFNAMSIZ];
char in_plabel[APR_LABELLEN]; /* proxy label */
@@ -94,6 +122,8 @@
#define in_inmsk in_in[1].s_addr
#define in_outip in_out[0].s_addr
#define in_outmsk in_out[1].s_addr
+#define in_srcip in_src[0].s_addr
+#define in_srcmsk in_src[1].s_addr
#define NAT_OUTBOUND 0
#define NAT_INBOUND 1
@@ -101,6 +131,10 @@
#define NAT_MAP 0x01
#define NAT_REDIRECT 0x02
#define NAT_BIMAP (NAT_MAP|NAT_REDIRECT)
+#define NAT_MAPBLK 0x04
+
+#define MAPBLK_MINPORT 1024 /* don't use reserved ports for src port */
+#define USABLE_PORTS (65536 - MAPBLK_MINPORT)
#define IPN_CMPSIZ (sizeof(ipnat_t) - offsetof(ipnat_t, in_flags))
@@ -125,14 +159,22 @@
nat_t **ns_table[2];
ipnat_t *ns_list;
void *ns_apslist;
+ u_int ns_nattab_sz;
+ u_int ns_rultab_sz;
+ u_int ns_rdrtab_sz;
+ nat_t *ns_instances;
} natstat_t;
#define IPN_ANY 0x00
#define IPN_TCP 0x01
#define IPN_UDP 0x02
-#define IPN_TCPUDP 0x03
+#define IPN_TCPUDP (IPN_TCP|IPN_UDP)
#define IPN_DELETE 0x04
#define IPN_ICMPERR 0x08
+#define IPN_RF (IPN_TCPUDP|IPN_DELETE|IPN_ICMPERR)
+#define IPN_AUTOPORTMAP 0x10
+#define IPN_RANGE 0x20
+#define IPN_USERFLAGS (IPN_TCPUDP|IPN_AUTOPORTMAP|IPN_RANGE)
typedef struct natlog {
@@ -153,32 +195,55 @@
#define NL_NEWRDR NAT_REDIRECT
#define NL_EXPIRE 0xffff
+#define NAT_HASH_FN(k,m) (((k) + ((k) >> 12)) % (m))
+#define LONG_SUM(in) (((in) & 0xffff) + ((in) >> 16))
+
+#define CALC_SUMD(s1, s2, sd) { \
+ (s1) = ((s1) & 0xffff) + ((s1) >> 16); \
+ (s2) = ((s2) & 0xffff) + ((s2) >> 16); \
+ /* Do it twice */ \
+ (s1) = ((s1) & 0xffff) + ((s1) >> 16); \
+ (s2) = ((s2) & 0xffff) + ((s2) >> 16); \
+ /* Because ~1 == -2, We really need ~1 == -1 */ \
+ if ((s1) > (s2)) (s2)--; \
+ (sd) = (s2) - (s1); \
+ (sd) = ((sd) & 0xffff) + ((sd) >> 16); }
+
+
+extern u_int ipf_nattable_sz;
+extern u_int ipf_natrules_sz;
+extern u_int ipf_rdrrules_sz;
extern void ip_natsync __P((void *));
extern u_long fr_defnatage;
extern u_long fr_defnaticmpage;
-extern nat_t *nat_table[2][NAT_SIZE];
+extern nat_t **nat_table[2];
+extern nat_t *nat_instances;
+extern ipnat_t **nat_rules;
+extern ipnat_t **rdr_rules;
+extern natstat_t nat_stats;
#if defined(__NetBSD__) || defined(__OpenBSD__)
extern int nat_ioctl __P((caddr_t, u_long, int));
#else
extern int nat_ioctl __P((caddr_t, int, int));
#endif
-extern nat_t *nat_new __P((ipnat_t *, ip_t *, fr_info_t *, u_short, int));
-extern nat_t *nat_outlookup __P((void *, int, struct in_addr, u_short,
- struct in_addr, u_short));
-extern nat_t *nat_inlookup __P((void *, int, struct in_addr, u_short,
- struct in_addr, u_short));
+extern int nat_init __P((void));
+extern nat_t *nat_new __P((ipnat_t *, ip_t *, fr_info_t *, u_int, int));
+extern nat_t *nat_outlookup __P((void *, u_int, u_int, struct in_addr,
+ struct in_addr, u_32_t));
+extern nat_t *nat_inlookup __P((void *, u_int, u_int, struct in_addr,
+ struct in_addr, u_32_t));
+extern nat_t *nat_maplookup __P((void *, u_int, struct in_addr,
+ struct in_addr));
extern nat_t *nat_lookupredir __P((natlookup_t *));
-extern nat_t *nat_lookupmapip __P((void *, int, struct in_addr, u_short,
- struct in_addr, u_short));
extern nat_t *nat_icmpinlookup __P((ip_t *, fr_info_t *));
-extern nat_t *nat_icmpin __P((ip_t *, fr_info_t *, int *));
+extern nat_t *nat_icmpin __P((ip_t *, fr_info_t *, u_int *));
-extern int ip_natout __P((ip_t *, int, fr_info_t *));
-extern int ip_natin __P((ip_t *, int, fr_info_t *));
+extern int ip_natout __P((ip_t *, fr_info_t *));
+extern int ip_natin __P((ip_t *, fr_info_t *));
extern void ip_natunload __P((void)), ip_natexpire __P((void));
-extern void nat_log __P((struct nat *, u_short));
-extern void fix_incksum __P((u_short *, u_32_t));
-extern void fix_outcksum __P((u_short *, u_32_t));
+extern void nat_log __P((struct nat *, u_int));
+extern void fix_incksum __P((u_short *, u_32_t, int));
+extern void fix_outcksum __P((u_short *, u_32_t, int));
#endif /* _NETINET_IP_NAT_H_ */
Home |
Main Index |
Thread Index |
Old Index