Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1184 lines
33 KiB

/*++
Copyright (c) 1997, Microsoft Corporation
Module Name:
ipnat.h
Abstract:
Contains semi-public IOCTLS and data-structures related to
the IP Network Address Translator.
For kernel-mode load-balancing support, see the director-registration
declarations below (IOCTL_IP_NAT_REGISTER_DIRECTOR).
For kernel-mode data-stream editing support, see the editor-registration
declarations below (IOCTL_IP_NAT_REGISTER_EDITOR).
Author:
Abolade Gbadegesin (t-abolag) 11-July-1997
Revision History:
--*/
#ifndef _ROUTING_IP_NAT_H_
#define _ROUTING_IP_NAT_H_
#include <rtinfo.h> // for RTR_INFO_BLOCK_HEADER
#include <ipinfoid.h> // for IP_GENERAL_INFO_BASE
#ifdef __cplusplus
extern "C" {
#endif
//
// MISCELLANEOUS DECLARATIONS
//
#define IP_NAT_VERSION 1
#define IP_NAT_SERVICE_NAME "IPNAT"
#define DD_IP_NAT_DEVICE_NAME L"\\Device\\IPNAT"
//
// IP header protocol-field constants
//
#define NAT_PROTOCOL_ICMP 0x01
#define NAT_PROTOCOL_IGMP 0x02
#define NAT_PROTOCOL_TCP 0x06
#define NAT_PROTOCOL_UDP 0x11
#define NAT_PROTOCOL_IP6IN4 0x29
#define NAT_PROTOCOL_PPTP 0x2F
#define NAT_PROTOCOL_IPSEC_ESP 0x32
#define NAT_PROTOCOL_IPSEC_AH 0x33
typedef enum {
NatInboundDirection = 0,
NatOutboundDirection,
NatMaximumDirection
} IP_NAT_DIRECTION, *PIP_NAT_DIRECTION;
typedef enum {
NatForwardPath = 0,
NatReversePath,
NatMaximumPath
} IP_NAT_PATH, *PIP_NAT_PATH;
typedef enum {
NatCreateFailureDeleteReason = 0,
NatCleanupSessionDeleteReason,
NatCleanupDirectorDeleteReason,
NatDissociateDirectorDeleteReason,
NatMaximumDeleteReason
} IP_NAT_DELETE_REASON, *PIP_NAT_DELETE_REASON;
//
// IOCTL DECLARATIONS
//
#define FSCTL_IP_NAT_BASE FILE_DEVICE_NETWORK
#define _IP_NAT_CTL_CODE(function, method, access) \
CTL_CODE(FSCTL_IP_NAT_BASE, function, method, access)
//
// NAT-supported IOCTL constant declarations
//
#define IOCTL_IP_NAT_SET_GLOBAL_INFO \
_IP_NAT_CTL_CODE(0, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_REQUEST_NOTIFICATION \
_IP_NAT_CTL_CODE(1, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_CREATE_INTERFACE \
_IP_NAT_CTL_CODE(2, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_DELETE_INTERFACE \
_IP_NAT_CTL_CODE(3, METHOD_BUFFERED, FILE_WRITE_ACCESS)
// Unused: Functions 4-5
#define IOCTL_IP_NAT_SET_INTERFACE_INFO \
_IP_NAT_CTL_CODE(6, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_GET_INTERFACE_INFO \
_IP_NAT_CTL_CODE(7, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_REGISTER_EDITOR \
_IP_NAT_CTL_CODE(8, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_GET_INTERFACE_STATISTICS \
_IP_NAT_CTL_CODE(9, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_GET_MAPPING_TABLE \
_IP_NAT_CTL_CODE(10, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_REGISTER_DIRECTOR \
_IP_NAT_CTL_CODE(11, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_CREATE_REDIRECT \
_IP_NAT_CTL_CODE(12, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_CANCEL_REDIRECT \
_IP_NAT_CTL_CODE(13, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_GET_INTERFACE_MAPPING_TABLE \
_IP_NAT_CTL_CODE(14, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_GET_REDIRECT_STATISTICS \
_IP_NAT_CTL_CODE(15, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_CREATE_DYNAMIC_TICKET \
_IP_NAT_CTL_CODE(16, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_DELETE_DYNAMIC_TICKET \
_IP_NAT_CTL_CODE(17, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_GET_REDIRECT_SOURCE_MAPPING \
_IP_NAT_CTL_CODE(18, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_GET_EDITOR_TABLE \
_IP_NAT_CTL_CODE(19, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_GET_DIRECTOR_TABLE \
_IP_NAT_CTL_CODE(20, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_GET_REDIRECT_DESTINATION_MAPPING \
_IP_NAT_CTL_CODE(21, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_LOOKUP_SESSION_MAPPING_KEY \
_IP_NAT_CTL_CODE(22, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_LOOKUP_SESSION_MAPPING_STATISTICS \
_IP_NAT_CTL_CODE(23, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_LOOKUP_SESSION_MAPPING_KEY_EX \
_IP_NAT_CTL_CODE(24, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_CREATE_REDIRECT_EX \
_IP_NAT_CTL_CODE(25, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_CREATE_TICKET \
_IP_NAT_CTL_CODE(26, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_DELETE_TICKET \
_IP_NAT_CTL_CODE(27, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_IP_NAT_LOOKUP_TICKET \
_IP_NAT_CTL_CODE(28, METHOD_BUFFERED, FILE_WRITE_ACCESS)
//
// IOCTL_IP_NAT_SET_GLOBAL_INFO
//
// Invoked to supply the NAT with its configuration.
//
// InputBuffer: IP_NAT_GLOBAL_INFO
// OutputBuffer: none.
//
//
// IOCTL_IP_NAT_GET_GLOBAL_INFO
//
// Invoked to retrieve the NAT's configuration.
//
// InputBuffer: none.
// OutputBuffer: IP_NAT_GLOBAL_INFO
//
//
// IOCTL_IP_NAT_CREATE_INTERFACE
//
// Invoked to add router-interfaces to the NAT.
//
// InputBuffer: IP_NAT_CREATE_INTERFACE
// OutputBuffer: none.
//
//
// IOCTL_IP_NAT_DELETE_INTERFACE
//
// Invoked to delete router-interfaces from the NAT.
//
// InputBuffer: the 32-bit index of the interface to be deleted.
// OutputBuffer: none.
//
//
// IOCTL_IP_NAT_SET_INTERFACE_INFO
//
// Invoked to set configuration information for an interface.
//
// InputBuffer: 'IP_NAT_INTERFACE_INFO' holding the interface's configuration
// OutputBuffer: none.
//
//
// IOCTL_IP_NAT_GET_INTERFACE_INFO
//
// Invoked to retrieve the configuration information of an interface.
//
// InputBuffer: the 32-bit index of the interface in question
// OutputBuffer: 'IP_NAT_INTERFACE_INFO' holding the interface's configuration
//
//
// IOCTL_IP_NAT_GET_INTERFACE_STATISTICS
//
// This IOCTL is invoked to retrieve per-interface statistics.
//
// InputBuffer: the 32-bit index of the interface in question
// OutputBuffer: 'IP_NAT_INTERFACE_STATISTICS' with the interface's statistics
//
//
// IOCTL_IP_NAT_GET_MAPPING_TABLE
// IOCTL_IP_NAT_GET_INTERFACE_MAPPING_TABLE
//
// This IOCTL is invoked to enumerate the dynamic TCP and UDP mappings
// globally, and for each interface.
//
// InputBuffer: 'IP_NAT_ENUMERATE_SESSION_MAPPINGS' with input parameters set
// OutputBuffer: 'IP_NAT_ENUMERATE_SESSION_MAPPINGS' with output parameters
// filled in.
//
//
// IOCTL_IP_NAT_REGISTER_EDITOR
//
// This IOCTL is invoked by a kernel-mode component which wishes to act
// as an editor for packets which match a particular session-description.
//
// InputBuffer: 'IP_NAT_REGISTER_EDITOR' with input parameters set
// OutputBuffer: 'IP_NAT_REGISTER_EDITOR' with output parameters filled in
//
//
// IOCTL_IP_NAT_GET_EDITOR_TABLE
//
// This IOCTL is invoked to enumerate the editors which are currently
// registered.
//
// InputBuffer: 'IP_NAT_ENUMERATE_EDITORS' with input parameters set
// OutputBuffer: 'Ip_NAT_ENUMERATE_EDITORS' with output parameters filled in.
//
//
// IOCTL_IP_NAT_REGISTER_DIRECTOR
//
// This IOCTL is invoked by a kernel-mode component that wishes to be consulted
// about the direction of incoming TCP/UDP sessions.
//
// InputBuffer: 'IP_NAT_REGISTER_DIRECTOR' with input parameters set
// OutputBuffer: 'IP_NAT_REGISTER_DIRECTOR' with output parameters filled in
//
//
// IOCTL_IP_NAT_GET_DIRECTOR_TABLE
//
// This IOCTL is invoked to enumerate the directors which are currently
// registered.
//
// InputBuffer: 'IP_NAT_ENUMERATE_DIRECTORS' with input parameters set
// OutputBuffer: 'Ip_NAT_ENUMERATE_DIRECTORS' with output parameters filled in.
//
//
// IOCTL_IP_NAT_CREATE_REDIRECT
//
// Invoked to cancel or query a 'redirect' which instructs the NAT
// to modify a specific session.
//
// InputBuffer: 'IP_NAT_CREATE_REDIRECT'
// OutputBuffer: 'IP_NAT_REDIRECT_STATISTICS'
//
//
// IOCTL_IP_NAT_CREATE_REDIRECT_EX
//
// Invoked to cancel or query a 'redirect' which instructs the NAT
// to modify a specific session. Can include an optional adapter restriction.
//
// InputBuffer: 'IP_NAT_CREATE_REDIRECT_EX'
// OutputBuffer: 'IP_NAT_REDIRECT_STATISTICS'
//
//
// IOCTL_IP_NAT_CANCEL_REDIRECT
// IOCTL_IP_NAT_GET_REDIRECT_STATISTICS
// IOCTL_IP_NAT_GET_REDIRECT_SOURCE_MAPPING
// IOCTL_IP_NAT_GET_REDIRECT_DESTINATION_MAPPING
//
// Invoked to cancel or query a 'redirect' which instructs the NAT
// to modify a specific session.
//
// InputBuffer: 'IP_NAT_LOOKUP_REDIRECT'
// OutputBuffer:
// cancel: Unused
// statistics: 'IP_NAT_REDIRECT_STATISTICS'
// source mapping: 'IP_NAT_REDIRECT_SOURCE_MAPPING'
// destination mapping: 'IP_NAT_REDIRECT_DESTINATION_MAPPING'
//
//
// IOCTL_IP_NAT_REQUEST_NOTIFICATION
//
// Invoked to request notification of a specific event from the NAT.
//
// InputBuffer: 'IP_NAT_NOTIFICATION' indicating the notification required
// OutputBuffer: depends on 'IP_NAT_NOTIFICATION'.
//
//
// IOCTL_IP_NAT_CREATE_DYNAMIC_TICKET
//
// Invoked to create a dynamic ticket, which becomes active when specific
// outbound session is seen.
//
// InputBuffer: 'IP_NAT_CREATE_DYNAMIC_TICKET' describes the ticket
// OutputBuffer: none.
//
//
// IOCTL_IP_NAT_DELETE_DYNAMIC_TICKET
//
// Invoked to delete a dynamic ticket.
//
// InputBuffer: 'IP_NAT_DELETE_DYNAMIC_TICKET' describes the ticket.
// OutputBuffer: none.
//
//
// IOCTL_IP_NAT_LOOKUP_SESSION_MAPPING_KEY
// IOCTL_IP_NAT_LOOKUP_SESSION_MAPPING_KEY_EX
// IOCTL_IP_NAT_LOOKUP_SESSION_MAPPING_STATISTICS
//
// Invoked to search for a mapping and retrieve information about it.
// InputBuffer: 'IP_NAT_LOOKUP_SESSION_MAPPING'
// OutputBuffer:
// key: 'IP_NAT_SESSION_MAPPING_KEY'
// key_ex: 'IP_NAT_SESSION_MAPPING_KEY_EX'
// statistics: 'IP_NAT_SESSION_MAPPING_STATISTICS'
//
//
// IOCTL_IP_NAT_CREATE_TICKET
//
// Invoked to create a ticket on an interface.
//
// InputBuffer: 'IP_NAT_CREATE_TICKET' describes the ticket.
// OutputBuffer: none.
//
//
// IOCTL_IP_NAT_DELETE_TICKET
//
// Invoked to create a ticket on an interface.
//
// InputBuffer: 'IP_NAT_CREATE_TICKET' describes the ticket.
// OutputBuffer: none.
//
//
// IOCTL_IP_NAT_LOOKUP_TICKET
//
// Invoked to lookup a ticket on an interface.
//
// InputBuffer: 'IP_NAT_CREATE_TICKET' describes the ticket. The private
// parameters are ignored.
// OutputBuffer: IP_NAT_PORT_MAPPING.
//
//
// Structure: IP_NAT_GLOBAL_INFO
//
// Holds global configuration information for the NAT.
//
typedef struct _IP_NAT_GLOBAL_INFO {
ULONG LoggingLevel; // see IPNATHLP.H (IPNATHLP_LOGGING_*).
ULONG Flags;
RTR_INFO_BLOCK_HEADER Header;
} IP_NAT_GLOBAL_INFO, *PIP_NAT_GLOBAL_INFO;
#define IP_NAT_ALLOW_RAS_CLIENTS 0x00000001
//
// Type-codes for the IP_NAT_GLOBAL_INFO.Header.TocEntry[] array.
//
// The structures which correspond to each info-type are given below.
//
#define IP_NAT_TIMEOUT_TYPE IP_GENERAL_INFO_BASE + 1
#define IP_NAT_PROTOCOLS_ALLOWED_TYPE IP_GENERAL_INFO_BASE + 2
//
// Structure: IP_NAT_TIMEOUT
//
// Used to amend the default timeouts for TCP and UDP session mappings.
//
typedef struct _IP_NAT_TIMEOUT {
ULONG TCPTimeoutSeconds;
ULONG UDPTimeoutSeconds;
} IP_NAT_TIMEOUT, *PIP_NAT_TIMEOUT;
//
// Structure: IP_NAT_PROTOCOLS_ALLOWED
//
// Used to define which IP-layer protocols (other than TCP/UDP/ICMP/PPTP)
// may be translated by the NAT. Only one session for each such protocol
// is supported for each remote destination.
//
typedef struct _IP_NAT_PROTOCOLS_ALLOWED {
ULONG Bitmap[256 / (sizeof(ULONG) * 8)];
} IP_NAT_PROTOCOLS_ALLOWED, *PIP_NAT_PROTOCOLS_ALLOWED;
//
// Structure: IP_NAT_CREATE_INTERFACE
//
// 'Index' must correspond to a valid IP adapter-index.
// This implies that addition of a demand-dial interface can only occur
// when such an interface is connected.
//
// The field 'BindingInfo' should be the beginning of
// an IP_ADAPTER_BINDING_INFO structure (see routprot.h) which
// contains the interface's binding.
//
#pragma warning(disable:4200) // 0-element array
typedef struct _IP_NAT_CREATE_INTERFACE {
IN ULONG Index;
IN ULONG BindingInfo[0];
} IP_NAT_CREATE_INTERFACE, *PIP_NAT_CREATE_INTERFACE;
#pragma warning(default:4200)
//
// Structure: IP_NAT_INTERFACE_INFO
//
// 'Index' identifies the interface to be configured.
//
// The configuration information uses the RTR_INFO_BLOCK_HEADER structure
// of rtinfo.h. See below for the type-codes for structures which may appear
// after IP_NAT_INTERFACE_INFO.Header within the RTR_TOC_ENTRY.InfoType field.
//
typedef struct _IP_NAT_INTERFACE_INFO {
ULONG Index;
ULONG Flags;
RTR_INFO_BLOCK_HEADER Header;
} IP_NAT_INTERFACE_INFO, *PIP_NAT_INTERFACE_INFO;
//
// Flags for IP_NAT_INTERFACE_INFO.Flags
//
// _BOUNDARY: set to mark interface as boundary-interface.
//
// _NAPT: set to enable address-sharing via port-translation.
//
// _FW: set to enable firewall mode on the interface. This works with all
// other flags. An interface in firewall mode is much more strict on what
// inbound packets it will allow to propogate up the stack; in general,
// it will only allow packets that are part of a locally-initiated connection
// flow (i.e., packets for which a mapping or ticket exists)
//
#define IP_NAT_INTERFACE_FLAGS_BOUNDARY 0x00000001
#define IP_NAT_INTERFACE_FLAGS_NAPT 0x00000002
#define IP_NAT_INTERFACE_FLAGS_DISABLE_PPTP 0x00000004
#define IP_NAT_INTERFACE_FLAGS_FW 0x00000010
#define IP_NAT_INTERFACE_FLAGS_ALL 0x0000001f
//
// Type-codes for the IP_NAT_INTERFACE_INFO.Header.TocEntry[] array.
//
// The structures which correspond to each info-type are given below.
//
#define IP_NAT_ADDRESS_RANGE_TYPE IP_GENERAL_INFO_BASE + 2
#define IP_NAT_PORT_MAPPING_TYPE IP_GENERAL_INFO_BASE + 3
#define IP_NAT_ADDRESS_MAPPING_TYPE IP_GENERAL_INFO_BASE + 4
#define IP_NAT_ICMP_CONFIG_TYPE IP_GENERAL_INFO_BASE + 5
//
// Structure: IP_NAT_ADDRESS_RANGE
//
// Holds a range of addresses which are part of the address-pool
// for a boundary interface.
//
// An address-pool consists of a list of these structures.
//
// N.B. Overlapping address-ranges are not supported;
// discontiguous subnet masks are also unsupported.
//
typedef struct _IP_NAT_ADDRESS_RANGE {
ULONG StartAddress;
ULONG EndAddress;
ULONG SubnetMask;
} IP_NAT_ADDRESS_RANGE, *PIP_NAT_ADDRESS_RANGE;
//
// Structure: IP_NAT_PORT_MAPPING
//
// Holds a static mapping which ties a public-side port on this NAT interface
// to a particular private machine's address/port.
//
// In the case of an interface with a pool of addresses, 'PublicAddress'
// should specify which of those addresses this static-mapping applies to.
//
typedef struct _IP_NAT_PORT_MAPPING {
UCHAR Protocol;
USHORT PublicPort;
ULONG PublicAddress; // OPTIONAL - see IP_NAT_ADDRESS_UNSPECIFIED
USHORT PrivatePort;
ULONG PrivateAddress;
} IP_NAT_PORT_MAPPING, *PIP_NAT_PORT_MAPPING;
//
// Constant for 'PublicAddress' in IP_NAT_PORT_RANGE and IP_NAT_PORT_MAPPING;
// may be specified for boundary-interfaces which have no address-pool, in
// which case the range/mapping is for the boundary-interface's sole address.
//
#define IP_NAT_ADDRESS_UNSPECIFIED ((ULONG)0)
//
// Structure: IP_NAT_ADDRESS_MAPPING
//
// Holds a static mapping which ties an address from this NAT interface's
// address pool to a particular private-machine's address.
//
// Note that this address must fall within one of the ranges comprising
// the pool as specified by the IP_NAT_ADDRESS_RANGE structures.
//
typedef struct _IP_NAT_ADDRESS_MAPPING {
ULONG PrivateAddress;
ULONG PublicAddress;
BOOLEAN AllowInboundSessions;
} IP_NAT_ADDRESS_MAPPING, *PIP_NAT_ADDRESS_MAPPING;
//
// There is no structure for IP_NAT_ICMP_CONFIG -- it's just a ULONG,
// with the following flags defining the behavior. These flags are
// only for exceptions to our default (very strict) security policy.
//
// IB == inbound, OB == outbound. Redirect is for either direction.
//
// The numerical values for the flags are derived from the ICMP
// message type code -- 1 << MessageType.
//
//
#define IP_NAT_ICMP_ALLOW_OB_DEST_UNREACH 0x00000008
#define IP_NAT_ICMP_ALLOW_OB_SOURCE_QUENCH 0x00000010
#define IP_NAT_ICMP_ALLOW_REDIRECT 0x00000020
#define IP_NAT_ICMP_ALLOW_IB_ECHO 0x00000100
#define IP_NAT_ICMP_ALLOW_IB_ROUTER 0x00000200
#define IP_NAT_ICMP_ALLOW_OB_TIME_EXCEEDED 0x00000800
#define IP_NAT_ICMP_ALLOW_OB_PARAM_PROBLEM 0x00001000
#define IP_NAT_ICMP_ALLOW_IB_TIMESTAMP 0x00002000
#define IP_NAT_ICMP_ALLOW_IB_MASK 0x00020000
//
// Structure: IP_NAT_INTERFACE_STATISTICS
//
// This structure holds statistics for an interface
//
typedef struct _IP_NAT_INTERFACE_STATISTICS {
OUT ULONG TotalMappings;
OUT ULONG InboundMappings;
OUT ULONG64 BytesForward;
OUT ULONG64 BytesReverse;
OUT ULONG64 PacketsForward;
OUT ULONG64 PacketsReverse;
OUT ULONG64 RejectsForward;
OUT ULONG64 RejectsReverse;
} IP_NAT_INTERFACE_STATISTICS, *PIP_NAT_INTERFACE_STATISTICS;
//
// Structure: IP_NAT_SESSION_MAPPING
//
// This structure holds information for a single mapping
//
typedef struct _IP_NAT_SESSION_MAPPING {
UCHAR Protocol; // see NAT_PROTOCOL_* above
ULONG PrivateAddress;
USHORT PrivatePort;
ULONG PublicAddress;
USHORT PublicPort;
ULONG RemoteAddress;
USHORT RemotePort;
IP_NAT_DIRECTION Direction;
ULONG IdleTime; // in seconds
} IP_NAT_SESSION_MAPPING, *PIP_NAT_SESSION_MAPPING;
//
// Structure: IP_NAT_SESSION_MAPPING_STATISTICS
//
// Holds statistics for a single session-mapping.
//
typedef struct _IP_NAT_SESSION_MAPPING_STATISTICS {
ULONG64 BytesForward;
ULONG64 BytesReverse;
ULONG64 PacketsForward;
ULONG64 PacketsReverse;
ULONG64 RejectsForward;
ULONG64 RejectsReverse;
} IP_NAT_SESSION_MAPPING_STATISTICS, *PIP_NAT_SESSION_MAPPING_STATISTICS;
//
// Structure: IP_NAT_SESSION_MAPPING_KEY
//
// Holds key-information for a single session-mapping.
//
typedef struct _IP_NAT_SESSION_MAPPING_KEY {
UCHAR Protocol;
ULONG DestinationAddress;
USHORT DestinationPort;
ULONG SourceAddress;
USHORT SourcePort;
ULONG NewDestinationAddress;
USHORT NewDestinationPort;
ULONG NewSourceAddress;
USHORT NewSourcePort;
} IP_NAT_SESSION_MAPPING_KEY, *PIP_NAT_SESSION_MAPPING_KEY;
//
// Structure: IP_NAT_SESSION_MAPPING_KEY_EX
//
// Holds key-information for a single session-mapping, including
// the AdapterIndex if this session was created by the redirector.
//
typedef struct _IP_NAT_SESSION_MAPPING_KEY_EX {
UCHAR Protocol;
ULONG DestinationAddress;
USHORT DestinationPort;
ULONG SourceAddress;
USHORT SourcePort;
ULONG NewDestinationAddress;
USHORT NewDestinationPort;
ULONG NewSourceAddress;
USHORT NewSourcePort;
ULONG AdapterIndex;
} IP_NAT_SESSION_MAPPING_KEY_EX, *PIP_NAT_SESSION_MAPPING_KEY_EX;
//
// Structure: IP_NAT_ENUMERATE_SESSION_MAPPINGS
//
// Used for enumerating session mappings.
// On the first call to this routine, 'EnumerateContext' should be zeroed out;
// it will be filled by the NAT with information to be passed back down
// as the enumeration continues. To indicate there are no items remaining,
// the NAT will set EnumerateContext[0] to 0.
//
typedef struct _IP_NAT_ENUMERATE_SESSION_MAPPINGS {
IN ULONG Index;
IN OUT ULONG EnumerateContext[4];
OUT ULONG EnumerateCount;
OUT ULONG EnumerateTotalHint;
OUT IP_NAT_SESSION_MAPPING EnumerateTable[1];
} IP_NAT_ENUMERATE_SESSION_MAPPINGS, *PIP_NAT_ENUMERATE_SESSION_MAPPINGS;
//
// Structure: IP_NAT_LOOKUP_SESSION_MAPPING
//
// Used to search for and query a specified session mapping.
// On input, the address/port fields are initialized either to
// pre-translation values or post-translation values.
// The NAT attempts to find a session mapping with matching values,
// and retrieves the requested information for that session mapping, if found.
//
typedef struct _IP_NAT_LOOKUP_SESSION_MAPPING {
UCHAR Protocol;
ULONG DestinationAddress;
USHORT DestinationPort;
ULONG SourceAddress;
USHORT SourcePort;
} IP_NAT_LOOKUP_SESSION_MAPPING, *PIP_NAT_LOOKUP_SESSION_MAPPING;
//
// Editor function prototypes
//
//
// For synchronization reasons, 'CreateHandler' and 'DeleteHandler'
// CANNOT invoke any helper functions other than 'QueryInfoSession'.
//
typedef NTSTATUS
(*PNAT_EDITOR_CREATE_HANDLER)(
IN PVOID EditorContext,
IN ULONG PrivateAddress,
IN USHORT PrivatePort,
IN ULONG PublicAddress,
IN USHORT PublicPort,
IN ULONG RemoteAddress,
IN USHORT RemotePort,
OUT PVOID* EditorSessionContextp OPTIONAL
);
typedef NTSTATUS
(*PNAT_EDITOR_DELETE_HANDLER)(
IN PVOID InterfaceHandle,
IN PVOID SessionHandle,
IN PVOID EditorContext,
IN PVOID EditorSessionContext
);
typedef NTSTATUS
(*PNAT_EDITOR_DATA_HANDLER)(
IN PVOID InterfaceHandle,
IN PVOID SessionHandle,
IN PVOID DataHandle,
IN PVOID EditorContext,
IN PVOID EditorSessionContext,
IN PVOID RecvBuffer,
IN ULONG DataOffset
);
//
// Helper function prototypes
//
typedef NTSTATUS
(*PNAT_EDITOR_CREATE_TICKET)(
IN PVOID InterfaceHandle,
IN UCHAR Protocol,
IN ULONG PrivateAddress,
IN USHORT PrivatePort,
IN ULONG RemoteAddress OPTIONAL,
IN USHORT RemotePort OPTIONAL,
OUT PULONG PublicAddress,
OUT PUSHORT PublicPort
);
typedef NTSTATUS
(*PNAT_EDITOR_DELETE_TICKET)(
IN PVOID InterfaceHandle,
IN ULONG PublicAddress,
IN UCHAR Protocol,
IN USHORT PublicPort,
IN ULONG RemoteAddress OPTIONAL,
IN USHORT RemotePort OPTIONAL
);
typedef NTSTATUS
(*PNAT_EDITOR_DEREGISTER)(
IN PVOID EditorHandle
);
typedef NTSTATUS
(*PNAT_EDITOR_DISSOCIATE_SESSION)(
IN PVOID EditorHandle,
IN PVOID SessionHandle
);
typedef NTSTATUS
(*PNAT_EDITOR_EDIT_SESSION)(
IN PVOID DataHandle,
IN PVOID RecvBuffer,
IN ULONG OldDataOffset,
IN ULONG OldDataLength,
IN PUCHAR NewData,
IN ULONG NewDataLength
);
typedef VOID
(*PNAT_EDITOR_QUERY_INFO_SESSION)(
IN PVOID SessionHandle,
OUT PULONG PrivateAddress OPTIONAL,
OUT PUSHORT PrivatePort OPTIONAL,
OUT PULONG RemoteAddress OPTIONAL,
OUT PUSHORT RemotePort OPTIONAL,
OUT PULONG PublicAddress OPTIONAL,
OUT PUSHORT PublicPort OPTIONAL,
OUT PIP_NAT_SESSION_MAPPING_STATISTICS Statistics OPTIONAL
);
typedef VOID
(*PNAT_EDITOR_TIMEOUT_SESSION)(
IN PVOID EditorHandle,
IN PVOID SessionHandle
);
//
// Structure: IP_NAT_REGISTER_EDITOR
//
// The editor uses this structure to register itself with the NAT,
// and to obtain entrypoints of helper-functions provided by the NAT.
//
// On input, 'EditorContext' should contain a value which the NAT will
// pass to the editor's provided functions to serve as identification.
//
// On output, 'EditorHandle' contains the handle which the editor should
// pass to the NAT's helper functions to identify itself.
//
typedef struct _IP_NAT_REGISTER_EDITOR {
IN ULONG Version;
IN ULONG Flags;
IN UCHAR Protocol;
IN USHORT Port;
IN IP_NAT_DIRECTION Direction;
IN PVOID EditorContext;
IN PNAT_EDITOR_CREATE_HANDLER CreateHandler; // OPTIONAL
IN PNAT_EDITOR_DELETE_HANDLER DeleteHandler; // OPTIONAL
IN PNAT_EDITOR_DATA_HANDLER ForwardDataHandler; // OPTIONAL
IN PNAT_EDITOR_DATA_HANDLER ReverseDataHandler; // OPTIONAL
OUT PVOID EditorHandle;
OUT PNAT_EDITOR_CREATE_TICKET CreateTicket;
OUT PNAT_EDITOR_DELETE_TICKET DeleteTicket;
OUT PNAT_EDITOR_DEREGISTER Deregister;
OUT PNAT_EDITOR_DISSOCIATE_SESSION DissociateSession;
OUT PNAT_EDITOR_EDIT_SESSION EditSession;
OUT PNAT_EDITOR_QUERY_INFO_SESSION QueryInfoSession;
OUT PNAT_EDITOR_TIMEOUT_SESSION TimeoutSession;
} IP_NAT_REGISTER_EDITOR, *PIP_NAT_REGISTER_EDITOR;
#define IP_NAT_EDITOR_FLAGS_RESIZE 0x00000001
//
// Structure: IP_NAT_EDITOR
//
// This structure contains information describing a registered editor.
//
typedef struct _IP_NAT_EDITOR {
IP_NAT_DIRECTION Direction;
UCHAR Protocol;
USHORT Port;
} IP_NAT_EDITOR, *PIP_NAT_EDITOR;
//
// Structure: IP_NAT_ENUMERATE_EDITORS
//
// Used for enumerating editors.
// On the first call to this routine, 'EnumerateContext' should be zeroed out;
// it will be filled by the NAT with information to be passed back down
// as the enumeration continues. To indicate there are no items remaining,
// the NAT will set EnumerateContext[0] to 0.
//
typedef struct _IP_NAT_ENUMERATE_EDITORS {
IN OUT ULONG EnumerateContext;
OUT ULONG EnumerateCount;
OUT ULONG EnumerateTotalHint;
OUT IP_NAT_EDITOR EnumerateTable[1];
} IP_NAT_ENUMERATE_EDITORS, *PIP_NAT_ENUMERATE_EDITORS;
//
// Director function prototypes
//
typedef struct _IP_NAT_DIRECTOR_QUERY {
IN PVOID DirectorContext;
IN ULONG ReceiveIndex;
IN ULONG SendIndex;
IN UCHAR Protocol;
IN ULONG DestinationAddress;
IN USHORT DestinationPort;
IN ULONG SourceAddress;
IN USHORT SourcePort;
IN OUT ULONG Flags;
OUT ULONG NewDestinationAddress;
OUT USHORT NewDestinationPort;
OUT ULONG NewSourceAddress OPTIONAL;
OUT USHORT NewSourcePort OPTIONAL;
OUT PVOID DirectorSessionContext;
} IP_NAT_DIRECTOR_QUERY, *PIP_NAT_DIRECTOR_QUERY;
#define IP_NAT_DIRECTOR_QUERY_FLAG_LOOPBACK 0x00000001
#define IP_NAT_DIRECTOR_QUERY_FLAG_DROP 0x80000000
#define IP_NAT_DIRECTOR_QUERY_FLAG_STATISTICS 0x40000000
#define IP_NAT_DIRECTOR_QUERY_FLAG_NO_TIMEOUT 0x20000000
#define IP_NAT_DIRECTOR_QUERY_FLAG_UNIDIRECTIONAL 0x10000000
#define IP_NAT_DIRECTOR_QUERY_FLAG_DELETE_ON_DISSOCIATE 0x08000000
typedef NTSTATUS
(*PNAT_DIRECTOR_QUERY_SESSION)(
PIP_NAT_DIRECTOR_QUERY DirectorQuery
);
typedef VOID
(*PNAT_DIRECTOR_CREATE_SESSION)(
IN PVOID SessionHandle,
IN PVOID DirectorContext,
IN PVOID DirectorSessionContext
);
typedef VOID
(*PNAT_DIRECTOR_DELETE_SESSION)(
IN PVOID SessionHandle,
IN PVOID DirectorContext,
IN PVOID DirectorSessionContext,
IN IP_NAT_DELETE_REASON DeleteReason
);
typedef VOID
(*PNAT_DIRECTOR_UNLOAD)(
IN PVOID DirectorContext
);
//
// Director-helper function prototypes
//
typedef NTSTATUS
(*PNAT_DIRECTOR_DEREGISTER)(
IN PVOID DirectorHandle
);
typedef NTSTATUS
(*PNAT_DIRECTOR_DISSOCIATE_SESSION)(
IN PVOID DirectorHandle,
IN PVOID SessionHandle
);
typedef VOID
(*PNAT_DIRECTOR_QUERY_INFO_SESSION)(
IN PVOID SessionHandle,
OUT PIP_NAT_SESSION_MAPPING_STATISTICS Statistics OPTIONAL
);
//
// Structure: IP_NAT_REGISTER_DIRECTOR
//
// The director uses this structure to register itself with the NAT.
//
typedef struct _IP_NAT_REGISTER_DIRECTOR {
IN ULONG Version;
IN ULONG Flags;
IN UCHAR Protocol;
IN USHORT Port;
IN PVOID DirectorContext;
IN PNAT_DIRECTOR_QUERY_SESSION QueryHandler;
IN PNAT_DIRECTOR_CREATE_SESSION CreateHandler;
IN PNAT_DIRECTOR_DELETE_SESSION DeleteHandler;
IN PNAT_DIRECTOR_UNLOAD UnloadHandler;
OUT PVOID DirectorHandle;
OUT PNAT_DIRECTOR_QUERY_INFO_SESSION QueryInfoSession;
OUT PNAT_DIRECTOR_DEREGISTER Deregister;
OUT PNAT_DIRECTOR_DISSOCIATE_SESSION DissociateSession;
} IP_NAT_REGISTER_DIRECTOR, *PIP_NAT_REGISTER_DIRECTOR;
//
// Structure: IP_NAT_DIRECTOR
//
// This structure contains information describing a registered director.
//
typedef struct _IP_NAT_DIRECTOR {
UCHAR Protocol;
USHORT Port;
} IP_NAT_DIRECTOR, *PIP_NAT_DIRECTOR;
//
// Structure: IP_NAT_ENUMERATE_DIRECTORS
//
// Used for enumerating directors.
// On the first call to this routine, 'EnumerateContext' should be zeroed out;
// it will be filled by the NAT with information to be passed back down
// as the enumeration continues. To indicate there are no items remaining,
// the NAT will set EnumerateContext[0] to 0.
//
typedef struct _IP_NAT_ENUMERATE_DIRECTORS {
IN OUT ULONG EnumerateContext;
OUT ULONG EnumerateCount;
OUT ULONG EnumerateTotalHint;
OUT IP_NAT_DIRECTOR EnumerateTable[1];
} IP_NAT_ENUMERATE_DIRECTORS, *PIP_NAT_ENUMERATE_DIRECTORS;
//
// Structure: IP_NAT_REDIRECT
//
// Describes the manner in which a specific session is to be modified.
//
typedef struct _IP_NAT_REDIRECT {
UCHAR Protocol;
ULONG SourceAddress;
USHORT SourcePort;
ULONG DestinationAddress;
USHORT DestinationPort;
ULONG NewSourceAddress;
USHORT NewSourcePort;
ULONG NewDestinationAddress;
USHORT NewDestinationPort;
} IP_NAT_REDIRECT, *PIP_NAT_REDIRECT;
typedef struct _IP_NAT_CREATE_REDIRECT {
IN ULONG Flags;
IN HANDLE NotifyEvent OPTIONAL;
IN ULONG RestrictSourceAddress OPTIONAL;
#ifdef __cplusplus
IN IP_NAT_REDIRECT Redirect;
#else
IN IP_NAT_REDIRECT;
#endif
} IP_NAT_CREATE_REDIRECT, *PIP_NAT_CREATE_REDIRECT;
typedef struct _IP_NAT_CREATE_REDIRECT_EX {
IN ULONG Flags;
IN HANDLE NotifyEvent OPTIONAL;
IN ULONG RestrictSourceAddress OPTIONAL;
ULONG RestrictAdapterIndex OPTIONAL;
#ifdef __cplusplus
IN IP_NAT_REDIRECT Redirect;
#else
IN IP_NAT_REDIRECT;
#endif
} IP_NAT_CREATE_REDIRECT_EX, *PIP_NAT_CREATE_REDIRECT_EX;
#define IP_NAT_REDIRECT_FLAG_ASYNCHRONOUS 0x00000001
#define IP_NAT_REDIRECT_FLAG_STATISTICS 0x00000002
#define IP_NAT_REDIRECT_FLAG_NO_TIMEOUT 0x00000004
#define IP_NAT_REDIRECT_FLAG_UNIDIRECTIONAL 0x00000008
#define IP_NAT_REDIRECT_FLAG_RESTRICT_SOURCE 0x00000010
#define IP_NAT_REDIRECT_FLAG_IO_COMPLETION 0x00000020
#define IP_NAT_REDIRECT_FLAG_PORT_REDIRECT 0x00000040
#define IP_NAT_REDIRECT_FLAG_RECEIVE_ONLY 0x00000080
#define IP_NAT_REDIRECT_FLAG_LOOPBACK 0x00000100
#define IP_NAT_REDIRECT_FLAG_SEND_ONLY 0x00000200
#define IP_NAT_REDIRECT_FLAG_RESTRICT_ADAPTER 0x00000400
#define IP_NAT_REDIRECT_FLAG_SOURCE_REDIRECT 0x00000800
typedef struct _IP_NAT_LOOKUP_REDIRECT {
IN ULONG Flags;
IN PVOID RedirectApcContext;
#ifdef __cplusplus
IN IP_NAT_REDIRECT Redirect;
#else
IN IP_NAT_REDIRECT;
#endif
} IP_NAT_LOOKUP_REDIRECT, *PIP_NAT_LOOKUP_REDIRECT;
#define IP_NAT_LOOKUP_REDIRECT_FLAG_MATCH_APC_CONTEXT 0x00000001
typedef struct _IP_NAT_SESSION_MAPPING_STATISTICS
IP_NAT_REDIRECT_STATISTICS, *PIP_NAT_REDIRECT_STATISTICS;
typedef struct _IP_NAT_REDIRECT_SOURCE_MAPPING {
ULONG SourceAddress;
USHORT SourcePort;
ULONG NewSourceAddress;
USHORT NewSourcePort;
} IP_NAT_REDIRECT_SOURCE_MAPPING, *PIP_NAT_REDIRECT_SOURCE_MAPPING;
typedef struct _IP_NAT_REDIRECT_DESTINATION_MAPPING {
ULONG DestinationAddress;
USHORT DestinationPort;
ULONG NewDestinationAddress;
USHORT NewDestinationPort;
} IP_NAT_REDIRECT_DESTINATION_MAPPING, *PIP_NAT_REDIRECT_DESTINATION_MAPPING;
//
// Enumeration: IP_NAT_NOTIFICATION
//
// Lists the forms of notification supported by the NAT.
//
typedef enum {
NatRoutingFailureNotification = 0,
NatMaximumNotification
} IP_NAT_NOTIFICATION, *PIP_NAT_NOTIFICATION;
//
// Structure: IP_NAT_REQUEST_NOTIFICATION
//
// Used to request notification from the NAT.
//
typedef struct _IP_NAT_REQUEST_NOTIFICATION {
IP_NAT_NOTIFICATION Code;
} IP_NAT_REQUEST_NOTIFICATION, *PIP_NAT_REQUEST_NOTIFICATION;
//
// Structure: IP_NAT_ROUTING_FAILURE_NOTIFICATION
//
// Supplies information on a packet which could not be routed.
//
typedef struct _IP_NAT_ROUTING_FAILURE_NOTIFICATION {
ULONG DestinationAddress;
ULONG SourceAddress;
} IP_NAT_ROUTING_FAILURE_NOTIFICATION, *PIP_NAT_ROUTING_FAILURE_NOTIFICATION;
//
// Structure: IP_NAT_CREATE_DYNAMIC_TICKET
//
// Used to describe a dynamic ticket to be created.
//
#pragma warning(disable:4200) // 0-element array
typedef struct _IP_NAT_CREATE_DYNAMIC_TICKET {
UCHAR Protocol;
USHORT Port;
ULONG ResponseCount;
struct {
UCHAR Protocol;
USHORT StartPort;
USHORT EndPort;
} ResponseArray[0];
} IP_NAT_CREATE_DYNAMIC_TICKET, *PIP_NAT_CREATE_DYNAMIC_TICKET;
#pragma warning(default:4200)
//
// Structure: IP_NAT_DELETE_DYNAMIC_TICKET
//
// Used to describe a dynamic ticket to be deleted.
//
typedef struct _IP_NAT_DELETE_DYNAMIC_TICKET {
UCHAR Protocol;
USHORT Port;
} IP_NAT_DELETE_DYNAMIC_TICKET, *PIP_NAT_DELETE_DYNAMIC_TICKET;
//
// Structure: IP_NAT_CREATE_TICKET
//
// Used to describe a ticket to be created or deleted.
//
typedef struct _IP_NAT_CREATE_TICKET {
IN ULONG InterfaceIndex;
IN IP_NAT_PORT_MAPPING PortMapping;
} IP_NAT_CREATE_TICKET, *PIP_NAT_CREATE_TICKET;
#ifdef __cplusplus
}
#endif
#endif // _ROUTING_IP_NAT_H_