pfd_nat.h File Reference

Contains the declaration of functions for NAT/reverse-NAT header-rewriting functions for packets in transit, and for initializing the NAT table and monitoring thread. More...

#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <pthread.h>
#include <errno.h>

Go to the source code of this file.

Data Structures

struct  address_bundle_s

Defines

#define LOCK_MUTEX(lock)
#define UNLOCK_MUTEX(lock)

Typedefs

typedef address_bundle_s address_bundle_t

Functions

void init_nat (void)
void terminate_nat (void)
boolean nat_packet (struct ip *ip_pkt, address_bundle_t *addresses)
boolean reverse_nat_packet (struct ip *ip_pkt)
void nat_fragment (struct ip *ip_pkt, address_bundle_t *addresses)


Detailed Description

Contains the declaration of functions for NAT/reverse-NAT header-rewriting functions for packets in transit, and for initializing the NAT table and monitoring thread.

Definition in file pfd_nat.h.


Define Documentation

#define LOCK_MUTEX ( lock   ) 

Value:

{   \
    int _rc = pthread_mutex_lock((lock)); \
    if(_rc == EINVAL) { \
        LOG(LOG_EMERG, "%s:%s:%d: pthread_mutex_lock failed with EINVAL " \
         "(Mutex %s is invalid)", __FILE__, __func__, __LINE__, #lock); \
    } else if(_rc == EDEADLK) { \
        LOG(LOG_EMERG, "%s:%s:%d: pthread_mutex_lock failed with EDEADLK " \
         "(Deadlocked on mutex %s)", __FILE__, __func__, __LINE__, #lock); \
    } else if(_rc) { \
        LOG(LOG_EMERG, "%s:%s:%d: pthread_mutex_lock failed with return code " \
         "%d (Mutex %s)", __FILE__, __func__, __LINE__, _rc, #lock); \
    } \
}
Macro to lock mutex and catch errors and abort if any

Definition at line 37 of file pfd_nat.h.

Referenced by nat_packet(), pfd_process_packet(), and reverse_nat_packet().

#define UNLOCK_MUTEX ( lock   ) 

Value:

{   \
    int _rc = pthread_mutex_unlock((lock)); \
    if(_rc) { \
        LOG(LOG_EMERG, "%s:%s:%d: pthread_mutex_unlock failed. Return code " \
            "%d (Mutex %s)", __FILE__, __func__, __LINE__, _rc, #lock); \
    } \
}
Macro to unlock mutex and catch errors and abort if any

Definition at line 56 of file pfd_nat.h.

Referenced by nat_packet(), pfd_process_packet(), and reverse_nat_packet().


Typedef Documentation

typedef struct address_bundle_s address_bundle_t

Bundle to hold both addresses


Function Documentation

void init_nat ( void   ) 

Initialize the NAT table, variables, and all the mutexes used in this module

Definition at line 246 of file pfd_nat.c.

References CPD_HTTP_PORT, cpd_port, equalKeys(), hashFromKey(), INSIST_ERR, lookup_table, lookup_table_lock, NAT_MAX_ENTRIES, nat_table, and next_lport_num.

Referenced by pfd_init().

void nat_fragment ( struct ip *  ip_pkt,
address_bundle_t addresses 
)

NAT the IP-fragmented packet from the original source to the CPD making the PFD the new sender. This will not assume nor change TCP headers. This performs no lookups. It only changes the IP addresses and checksum.

Parameters:
[in] ip_pkt the packet to nat
[in] addresses PFD and CPD addresses

Definition at line 580 of file pfd_nat.c.

References checksum_adjust().

Referenced by pfd_process_packet().

boolean nat_packet ( struct ip *  ip_pkt,
address_bundle_t addresses 
)

NAT the packet from the original source to the CPD making the PFD the new sender.

Parameters:
[in] ip_pkt the packet to nat
[in] addresses PFD and CPD addresses
Returns:
TRUE if successfully NAT'd FALSE if an entry doesn't exist and we couldn't create one (full table)

Definition at line 303 of file pfd_nat.c.

References checksum_adjust(), cpd_port, current_time, nat_table_t::dstport, nat_table_t::exp_time, get_current_time(), INSIST_ERR, nat_table_t::ipdst, key_s::ipdst, nat_table_t::ipsrc, key_s::ipsrc, LOCK_MUTEX, LOG, lookup_table, lookup_table_lock, NAT_ENTRY_LIFETIME, NAT_LPORT_RANGE_MIN, NAT_MAX_ENTRIES, nat_table, next_lport_num, nat_table_t::srcport, key_s::srcport, and UNLOCK_MUTEX.

Referenced by pfd_process_packet().

boolean reverse_nat_packet ( struct ip *  ip_pkt  ) 

Reverse NAT the packet from the CPD to the original sender. (The PFD was the intermediate sender).

Parameters:
[in] ip_pkt the packet to reverse nat
Returns:
TRUE if successfully NAT'd, FALSE if cannot find an entry for dst port

Definition at line 507 of file pfd_nat.c.

References checksum_adjust(), current_time, nat_table_t::dstport, nat_table_t::exp_time, get_current_time(), nat_table_t::ipdst, nat_table_t::ipsrc, LOCK_MUTEX, NAT_ENTRY_LIFETIME, NAT_LPORT_RANGE_MAX, NAT_LPORT_RANGE_MIN, nat_table, nat_table_t::srcport, and UNLOCK_MUTEX.

Referenced by pfd_process_packet().

void terminate_nat ( void   ) 

Destroy the NAT table and all the mutexes used in this module

Definition at line 271 of file pfd_nat.c.

References lookup_table, lookup_table_lock, NAT_MAX_ENTRIES, and nat_table.

Referenced by pfd_quit(), and pfd_shutdown().


2007-2009 Juniper Networks, Inc. All rights reserved. The information contained herein is confidential information of Juniper Networks, Inc., and may not be used, disclosed, distributed, modified, or copied without the prior written consent of Juniper Networks, Inc. in an express license. This information is subject to change by Juniper Networks, Inc. Juniper Networks, the Juniper Networks logo, and JUNOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Generated on Sun May 30 20:27:07 2010 for SDK Your Net Corporation Policy Manager Example: Packet Filtering Daemon (pfd) 1.0 by Doxygen 1.5.1