Home | History | Annotate | Download | only in npf

Lines Matching refs:nat

32  * NPF network address port translation (NAPT) and other forms of NAT.
37  *	There are a few mechanisms: NAT policy, port map and translation.
38  *	The NAT module has a separate ruleset where rules always have an
39  *	associated NAT policy.
46  *	addresses are rewritten.  The bi-directional NAT is a combined
50  * NAT policies and port maps
52  *	The NAT (translation) policy is applied when packet matches the
53  *	rule.  Apart from the filter criteria, the NAT policy always has
55  *	then NAT mechanism relies on port map mechanism.
59  *	NAT relies on the connection tracking module.  Each translated
63  *	from the port map.  Each NAT entry is associated with the policy,
65  *	to the port map and NAT entry is destroyed when connection expires.
87  * NAT policy structure.
128  * NAT entry for a connection.
131 	/* Associated NAT policy. */
147 	/* ALG (if any) associated with this NAT entry. */
158  * npf_nat_sys{init,fini}: initialize/destroy NAT subsystem structures.
172 	/* All NAT policies should already be destroyed. */
177  * npf_natpolicy_create: create a new NAT policy.
180 npf_natpolicy_create(npf_t *npf, const nvlist_t *nat, npf_ruleset_t *rset)
191 	np->n_type = dnvlist_get_number(nat, "type", 0);
192 	np->n_flags = dnvlist_get_number(nat, "flags", 0) & ~NPF_NAT_PRIVMASK;
193 	np->n_id = dnvlist_get_number(nat, "nat-policy", 0);
195 	/* Should be exclusively either inbound or outbound NAT. */
204 	 * the table, specified by the ID, then the nat-addr/nat-mask will
207 	if (nvlist_exists_number(nat, "nat-table-id")) {
211 		np->n_tid = nvlist_get_number(nat, "nat-table-id");
215 		addr = dnvlist_get_binary(nat, "nat-addr", &len, NULL, 0);
221 		np->n_tmask = dnvlist_get_number(nat, "nat-mask", NPF_NO_NETMASK);
226 	np->n_tport = dnvlist_get_number(nat, "nat-port", 0);
229 	 * NAT algorithm.
231 	np->n_algo = dnvlist_get_number(nat, "nat-algo", 0);
234 		np->n_npt66_adj = dnvlist_get_number(nat, "npt66-adj", 0);
254 npf_natpolicy_export(const npf_natpolicy_t *np, nvlist_t *nat)
256 	nvlist_add_number(nat, "nat-policy", np->n_id);
257 	nvlist_add_number(nat, "type", np->n_type);
258 	nvlist_add_number(nat, "flags", np->n_flags);
261 		nvlist_add_number(nat, "nat-table-id", np->n_tid);
263 		nvlist_add_binary(nat, "nat-addr", &np->n_taddr, np->n_alen);
264 		nvlist_add_number(nat, "nat-mask", np->n_tmask);
266 	nvlist_add_number(nat, "nat-port", np->n_tport);
267 	nvlist_add_number(nat, "nat-algo", np->n_algo);
271 		nvlist_add_number(nat, "npt66-adj", np->n_npt66_adj);
293  * npf_natpolicy_destroy: free the NAT policy.
296  * => At this point, NAT policy cannot acquire new references.
302 	 * Drain the references.  If there are active NAT connections,
344  * npf_natpolicy_cmp: compare two NAT policies.
354 	 * Compare the relevant NAT policy information (in its raw form)
377  * rewritten given the combination of the NAT type and flow direction.
394 	 * Outbound NAT rewrites:
399 	 * Inbound NAT is other way round.
407  * npf_nat_inspect: inspect packet against NAT ruleset and return a policy.
410  * => NAT lookup is protected by EBR.
472  * npf_nat_create: create a new NAT translation entry.
474  * => The caller must pass the NAT policy with a reference acquired for us.
489 	/* Construct a new NAT entry and associate it with the connection. */
536 		/* Outbound NAT: source (think internal) address. */
539 		/* Inbound NAT: destination (think external) address. */
645  * Associate NAT policy with an existing connection state.
654 	/* Create a new NAT entry. */
661 	/* Associate the NAT translation entry with the connection. */
672  * npf_nat_lookup: lookup the (dynamic) NAT state and return its entry,
674  * => Checks that the packet is on the interface where NAT policy is applied.
675  * => Determines the flow direction in the context of the NAT policy.
706  *	- Inspect packet for a NAT policy, unless a connection with a NAT
713  *	- Associate a NAT policy with a connection (may establish a new).
732 	 * Return the NAT entry associated with the connection, if any.
742 	 * Inspect the packet for a NAT policy, if there is no connection.
752 	/* Static NAT - just perform the translation. */
778 	 * Create a new NAT entry and associate with the connection.
793 	/* Associate the NAT translation entry with the connection. */
812 			/* It was created for NAT - just expire. */
841  * npf_nat_setalg: associate an ALG with the NAT entry.
863  * npf_nat_destroy: destroy NAT structure (performed on connection expiration).
887 	 * the NAT policy.  Note: this might trigger its destruction.
898  * npf_nat_export: serialize the NAT entry with a NAT policy ID.
921 	nvlist_add_number(nat_nv, "nat-policy", np->n_id);
922 	nvlist_move_nvlist(con_nv, "nat", nat_nv);
926  * npf_nat_import: find the NAT policy and unserialize the NAT entry.
929 npf_nat_import(npf_t *npf, const nvlist_t *nat,
939 	np_id = dnvlist_get_number(nat, "nat-policy", UINT64_MAX);
946 	ifname = dnvlist_get_string(nat, "ifname", NULL);
951 	alen = dnvlist_get_number(nat, "alen", 0);
956 	taddr = dnvlist_get_binary(nat, "taddr", &len, NULL, 0);
962 	oaddr = dnvlist_get_binary(nat, "oaddr", &len, NULL, 0);
968 	nt->nt_oport = dnvlist_get_number(nat, "oport", 0);
969 	nt->nt_tport = dnvlist_get_number(nat, "tport", 0);