Here are structs for tuple used withNAT filter.
These structs are defined in
${linux_src}/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
struct {
u_int16_t port;
} tcp;
struct {
u_int16_t port;
} udp;
struct {
u_int16_t id;
} icmp;
};
struct {
u_int32_t ip;
union {
u_int16_t all;
struct {
u_int16_t port;
} tcp;
struct {
u_int16_t port;
} udp;
struct {
u_int8_t type, code;
} icmp;
} u;
u_int16_t protonum;
} dst;
};
tuple
union ip_conntrack_manip_proto
{
u_int16_t all;
ip_conntrack_manip
struct ip_conntrack_manip
{
u_int32_t ip;
union ip_conntrack_manip_proto u;
};
ip_conntrack_tuple
struct ip_conntrack_tuple
{
struct ip_conntrack_manip src;
Thses looks like very huge and conmlex structures.
But, in short:
struct tuple
{
src ip;
src port;
dst ip;
est port;
protonum;
}
This depict represents tuple structure.
---------------------------
In ${linux_src}/include/linux/netfilter_ipv4/ip_nat.h,
there are many structs, macro and enum definitions.
enum ip_nat_manip_type
{
IP_NAT_MANIP_SRC,
IP_NAT_MANIP_DST
};
This enum declaration is to determine which address is to be translated,
source or destination.
Here is a range structure forNAT port translation.
/* Inclusive: network order. */
u_int32_t min_ip, max_ip;
/* Inclusive: network order */
union ip_conntrack_manip_proto min, max;
};
ip_nat_rnage
struct ip_nat_range
{
unsigned int flags;
A range consists of an array of 1 or more ip_nat_range.
struct ip_nat_range range[1];
};
ip_nat_multi_range
struct ip_nat_multi_range
{
unsigned int rangesize;