You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1184 lines
33 KiB
1184 lines
33 KiB
/*++
|
|
|
|
Copyright (c) 1997, Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
ipnat.h
|
|
|
|
Abstract:
|
|
|
|
Contains semi-public IOCTLS and data-structures related to
|
|
the IP Network Address Translator.
|
|
|
|
For kernel-mode load-balancing support, see the director-registration
|
|
declarations below (IOCTL_IP_NAT_REGISTER_DIRECTOR).
|
|
|
|
For kernel-mode data-stream editing support, see the editor-registration
|
|
declarations below (IOCTL_IP_NAT_REGISTER_EDITOR).
|
|
|
|
Author:
|
|
|
|
Abolade Gbadegesin (t-abolag) 11-July-1997
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
#ifndef _ROUTING_IP_NAT_H_
|
|
#define _ROUTING_IP_NAT_H_
|
|
|
|
#include <rtinfo.h> // for RTR_INFO_BLOCK_HEADER
|
|
#include <ipinfoid.h> // for IP_GENERAL_INFO_BASE
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
//
|
|
// MISCELLANEOUS DECLARATIONS
|
|
//
|
|
|
|
#define IP_NAT_VERSION 1
|
|
|
|
#define IP_NAT_SERVICE_NAME "IPNAT"
|
|
|
|
#define DD_IP_NAT_DEVICE_NAME L"\\Device\\IPNAT"
|
|
|
|
//
|
|
// IP header protocol-field constants
|
|
//
|
|
|
|
#define NAT_PROTOCOL_ICMP 0x01
|
|
#define NAT_PROTOCOL_IGMP 0x02
|
|
#define NAT_PROTOCOL_TCP 0x06
|
|
#define NAT_PROTOCOL_UDP 0x11
|
|
#define NAT_PROTOCOL_IP6IN4 0x29
|
|
#define NAT_PROTOCOL_PPTP 0x2F
|
|
#define NAT_PROTOCOL_IPSEC_ESP 0x32
|
|
#define NAT_PROTOCOL_IPSEC_AH 0x33
|
|
|
|
typedef enum {
|
|
NatInboundDirection = 0,
|
|
NatOutboundDirection,
|
|
NatMaximumDirection
|
|
} IP_NAT_DIRECTION, *PIP_NAT_DIRECTION;
|
|
|
|
typedef enum {
|
|
NatForwardPath = 0,
|
|
NatReversePath,
|
|
NatMaximumPath
|
|
} IP_NAT_PATH, *PIP_NAT_PATH;
|
|
|
|
typedef enum {
|
|
NatCreateFailureDeleteReason = 0,
|
|
NatCleanupSessionDeleteReason,
|
|
NatCleanupDirectorDeleteReason,
|
|
NatDissociateDirectorDeleteReason,
|
|
NatMaximumDeleteReason
|
|
} IP_NAT_DELETE_REASON, *PIP_NAT_DELETE_REASON;
|
|
|
|
|
|
//
|
|
// IOCTL DECLARATIONS
|
|
//
|
|
|
|
#define FSCTL_IP_NAT_BASE FILE_DEVICE_NETWORK
|
|
|
|
#define _IP_NAT_CTL_CODE(function, method, access) \
|
|
CTL_CODE(FSCTL_IP_NAT_BASE, function, method, access)
|
|
|
|
//
|
|
// NAT-supported IOCTL constant declarations
|
|
//
|
|
|
|
#define IOCTL_IP_NAT_SET_GLOBAL_INFO \
|
|
_IP_NAT_CTL_CODE(0, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_REQUEST_NOTIFICATION \
|
|
_IP_NAT_CTL_CODE(1, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_CREATE_INTERFACE \
|
|
_IP_NAT_CTL_CODE(2, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_DELETE_INTERFACE \
|
|
_IP_NAT_CTL_CODE(3, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
// Unused: Functions 4-5
|
|
|
|
#define IOCTL_IP_NAT_SET_INTERFACE_INFO \
|
|
_IP_NAT_CTL_CODE(6, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_GET_INTERFACE_INFO \
|
|
_IP_NAT_CTL_CODE(7, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_REGISTER_EDITOR \
|
|
_IP_NAT_CTL_CODE(8, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_GET_INTERFACE_STATISTICS \
|
|
_IP_NAT_CTL_CODE(9, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_GET_MAPPING_TABLE \
|
|
_IP_NAT_CTL_CODE(10, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_REGISTER_DIRECTOR \
|
|
_IP_NAT_CTL_CODE(11, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_CREATE_REDIRECT \
|
|
_IP_NAT_CTL_CODE(12, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_CANCEL_REDIRECT \
|
|
_IP_NAT_CTL_CODE(13, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_GET_INTERFACE_MAPPING_TABLE \
|
|
_IP_NAT_CTL_CODE(14, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_GET_REDIRECT_STATISTICS \
|
|
_IP_NAT_CTL_CODE(15, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_CREATE_DYNAMIC_TICKET \
|
|
_IP_NAT_CTL_CODE(16, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_DELETE_DYNAMIC_TICKET \
|
|
_IP_NAT_CTL_CODE(17, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_GET_REDIRECT_SOURCE_MAPPING \
|
|
_IP_NAT_CTL_CODE(18, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_GET_EDITOR_TABLE \
|
|
_IP_NAT_CTL_CODE(19, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_GET_DIRECTOR_TABLE \
|
|
_IP_NAT_CTL_CODE(20, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_GET_REDIRECT_DESTINATION_MAPPING \
|
|
_IP_NAT_CTL_CODE(21, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_LOOKUP_SESSION_MAPPING_KEY \
|
|
_IP_NAT_CTL_CODE(22, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_LOOKUP_SESSION_MAPPING_STATISTICS \
|
|
_IP_NAT_CTL_CODE(23, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_LOOKUP_SESSION_MAPPING_KEY_EX \
|
|
_IP_NAT_CTL_CODE(24, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_CREATE_REDIRECT_EX \
|
|
_IP_NAT_CTL_CODE(25, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_CREATE_TICKET \
|
|
_IP_NAT_CTL_CODE(26, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_DELETE_TICKET \
|
|
_IP_NAT_CTL_CODE(27, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
#define IOCTL_IP_NAT_LOOKUP_TICKET \
|
|
_IP_NAT_CTL_CODE(28, METHOD_BUFFERED, FILE_WRITE_ACCESS)
|
|
|
|
|
|
//
|
|
// IOCTL_IP_NAT_SET_GLOBAL_INFO
|
|
//
|
|
// Invoked to supply the NAT with its configuration.
|
|
//
|
|
// InputBuffer: IP_NAT_GLOBAL_INFO
|
|
// OutputBuffer: none.
|
|
//
|
|
|
|
//
|
|
// IOCTL_IP_NAT_GET_GLOBAL_INFO
|
|
//
|
|
// Invoked to retrieve the NAT's configuration.
|
|
//
|
|
// InputBuffer: none.
|
|
// OutputBuffer: IP_NAT_GLOBAL_INFO
|
|
//
|
|
|
|
//
|
|
// IOCTL_IP_NAT_CREATE_INTERFACE
|
|
//
|
|
// Invoked to add router-interfaces to the NAT.
|
|
//
|
|
// InputBuffer: IP_NAT_CREATE_INTERFACE
|
|
// OutputBuffer: none.
|
|
//
|
|
|
|
//
|
|
// IOCTL_IP_NAT_DELETE_INTERFACE
|
|
//
|
|
// Invoked to delete router-interfaces from the NAT.
|
|
//
|
|
// InputBuffer: the 32-bit index of the interface to be deleted.
|
|
// OutputBuffer: none.
|
|
//
|
|
|
|
//
|
|
// IOCTL_IP_NAT_SET_INTERFACE_INFO
|
|
//
|
|
// Invoked to set configuration information for an interface.
|
|
//
|
|
// InputBuffer: 'IP_NAT_INTERFACE_INFO' holding the interface's configuration
|
|
// OutputBuffer: none.
|
|
//
|
|
|
|
//
|
|
// IOCTL_IP_NAT_GET_INTERFACE_INFO
|
|
//
|
|
// Invoked to retrieve the configuration information of an interface.
|
|
//
|
|
// InputBuffer: the 32-bit index of the interface in question
|
|
// OutputBuffer: 'IP_NAT_INTERFACE_INFO' holding the interface's configuration
|
|
//
|
|
|
|
//
|
|
// IOCTL_IP_NAT_GET_INTERFACE_STATISTICS
|
|
//
|
|
// This IOCTL is invoked to retrieve per-interface statistics.
|
|
//
|
|
// InputBuffer: the 32-bit index of the interface in question
|
|
// OutputBuffer: 'IP_NAT_INTERFACE_STATISTICS' with the interface's statistics
|
|
//
|
|
|
|
//
|
|
// IOCTL_IP_NAT_GET_MAPPING_TABLE
|
|
// IOCTL_IP_NAT_GET_INTERFACE_MAPPING_TABLE
|
|
//
|
|
// This IOCTL is invoked to enumerate the dynamic TCP and UDP mappings
|
|
// globally, and for each interface.
|
|
//
|
|
// InputBuffer: 'IP_NAT_ENUMERATE_SESSION_MAPPINGS' with input parameters set
|
|
// OutputBuffer: 'IP_NAT_ENUMERATE_SESSION_MAPPINGS' with output parameters
|
|
// filled in.
|
|
//
|
|
|
|
//
|
|
// IOCTL_IP_NAT_REGISTER_EDITOR
|
|
//
|
|
// This IOCTL is invoked by a kernel-mode component which wishes to act
|
|
// as an editor for packets which match a particular session-description.
|
|
//
|
|
// InputBuffer: 'IP_NAT_REGISTER_EDITOR' with input parameters set
|
|
// OutputBuffer: 'IP_NAT_REGISTER_EDITOR' with output parameters filled in
|
|
//
|
|
|
|
//
|
|
// IOCTL_IP_NAT_GET_EDITOR_TABLE
|
|
//
|
|
// This IOCTL is invoked to enumerate the editors which are currently
|
|
// registered.
|
|
//
|
|
// InputBuffer: 'IP_NAT_ENUMERATE_EDITORS' with input parameters set
|
|
// OutputBuffer: 'Ip_NAT_ENUMERATE_EDITORS' with output parameters filled in.
|
|
//
|
|
|
|
//
|
|
// IOCTL_IP_NAT_REGISTER_DIRECTOR
|
|
//
|
|
// This IOCTL is invoked by a kernel-mode component that wishes to be consulted
|
|
// about the direction of incoming TCP/UDP sessions.
|
|
//
|
|
// InputBuffer: 'IP_NAT_REGISTER_DIRECTOR' with input parameters set
|
|
// OutputBuffer: 'IP_NAT_REGISTER_DIRECTOR' with output parameters filled in
|
|
//
|
|
|
|
//
|
|
// IOCTL_IP_NAT_GET_DIRECTOR_TABLE
|
|
//
|
|
// This IOCTL is invoked to enumerate the directors which are currently
|
|
// registered.
|
|
//
|
|
// InputBuffer: 'IP_NAT_ENUMERATE_DIRECTORS' with input parameters set
|
|
// OutputBuffer: 'Ip_NAT_ENUMERATE_DIRECTORS' with output parameters filled in.
|
|
//
|
|
|
|
//
|
|
// IOCTL_IP_NAT_CREATE_REDIRECT
|
|
//
|
|
// Invoked to cancel or query a 'redirect' which instructs the NAT
|
|
// to modify a specific session.
|
|
//
|
|
// InputBuffer: 'IP_NAT_CREATE_REDIRECT'
|
|
// OutputBuffer: 'IP_NAT_REDIRECT_STATISTICS'
|
|
//
|
|
|
|
//
|
|
// IOCTL_IP_NAT_CREATE_REDIRECT_EX
|
|
//
|
|
// Invoked to cancel or query a 'redirect' which instructs the NAT
|
|
// to modify a specific session. Can include an optional adapter restriction.
|
|
//
|
|
// InputBuffer: 'IP_NAT_CREATE_REDIRECT_EX'
|
|
// OutputBuffer: 'IP_NAT_REDIRECT_STATISTICS'
|
|
//
|
|
|
|
//
|
|
// IOCTL_IP_NAT_CANCEL_REDIRECT
|
|
// IOCTL_IP_NAT_GET_REDIRECT_STATISTICS
|
|
// IOCTL_IP_NAT_GET_REDIRECT_SOURCE_MAPPING
|
|
// IOCTL_IP_NAT_GET_REDIRECT_DESTINATION_MAPPING
|
|
//
|
|
// Invoked to cancel or query a 'redirect' which instructs the NAT
|
|
// to modify a specific session.
|
|
//
|
|
// InputBuffer: 'IP_NAT_LOOKUP_REDIRECT'
|
|
// OutputBuffer:
|
|
// cancel: Unused
|
|
// statistics: 'IP_NAT_REDIRECT_STATISTICS'
|
|
// source mapping: 'IP_NAT_REDIRECT_SOURCE_MAPPING'
|
|
// destination mapping: 'IP_NAT_REDIRECT_DESTINATION_MAPPING'
|
|
//
|
|
|
|
//
|
|
// IOCTL_IP_NAT_REQUEST_NOTIFICATION
|
|
//
|
|
// Invoked to request notification of a specific event from the NAT.
|
|
//
|
|
// InputBuffer: 'IP_NAT_NOTIFICATION' indicating the notification required
|
|
// OutputBuffer: depends on 'IP_NAT_NOTIFICATION'.
|
|
//
|
|
|
|
//
|
|
// IOCTL_IP_NAT_CREATE_DYNAMIC_TICKET
|
|
//
|
|
// Invoked to create a dynamic ticket, which becomes active when specific
|
|
// outbound session is seen.
|
|
//
|
|
// InputBuffer: 'IP_NAT_CREATE_DYNAMIC_TICKET' describes the ticket
|
|
// OutputBuffer: none.
|
|
//
|
|
|
|
//
|
|
// IOCTL_IP_NAT_DELETE_DYNAMIC_TICKET
|
|
//
|
|
// Invoked to delete a dynamic ticket.
|
|
//
|
|
// InputBuffer: 'IP_NAT_DELETE_DYNAMIC_TICKET' describes the ticket.
|
|
// OutputBuffer: none.
|
|
//
|
|
|
|
//
|
|
// IOCTL_IP_NAT_LOOKUP_SESSION_MAPPING_KEY
|
|
// IOCTL_IP_NAT_LOOKUP_SESSION_MAPPING_KEY_EX
|
|
// IOCTL_IP_NAT_LOOKUP_SESSION_MAPPING_STATISTICS
|
|
//
|
|
// Invoked to search for a mapping and retrieve information about it.
|
|
// InputBuffer: 'IP_NAT_LOOKUP_SESSION_MAPPING'
|
|
// OutputBuffer:
|
|
// key: 'IP_NAT_SESSION_MAPPING_KEY'
|
|
// key_ex: 'IP_NAT_SESSION_MAPPING_KEY_EX'
|
|
// statistics: 'IP_NAT_SESSION_MAPPING_STATISTICS'
|
|
//
|
|
|
|
//
|
|
// IOCTL_IP_NAT_CREATE_TICKET
|
|
//
|
|
// Invoked to create a ticket on an interface.
|
|
//
|
|
// InputBuffer: 'IP_NAT_CREATE_TICKET' describes the ticket.
|
|
// OutputBuffer: none.
|
|
//
|
|
|
|
//
|
|
// IOCTL_IP_NAT_DELETE_TICKET
|
|
//
|
|
// Invoked to create a ticket on an interface.
|
|
//
|
|
// InputBuffer: 'IP_NAT_CREATE_TICKET' describes the ticket.
|
|
// OutputBuffer: none.
|
|
//
|
|
|
|
//
|
|
// IOCTL_IP_NAT_LOOKUP_TICKET
|
|
//
|
|
// Invoked to lookup a ticket on an interface.
|
|
//
|
|
// InputBuffer: 'IP_NAT_CREATE_TICKET' describes the ticket. The private
|
|
// parameters are ignored.
|
|
// OutputBuffer: IP_NAT_PORT_MAPPING.
|
|
//
|
|
|
|
|
|
|
|
//
|
|
// Structure: IP_NAT_GLOBAL_INFO
|
|
//
|
|
// Holds global configuration information for the NAT.
|
|
//
|
|
|
|
typedef struct _IP_NAT_GLOBAL_INFO {
|
|
ULONG LoggingLevel; // see IPNATHLP.H (IPNATHLP_LOGGING_*).
|
|
ULONG Flags;
|
|
RTR_INFO_BLOCK_HEADER Header;
|
|
} IP_NAT_GLOBAL_INFO, *PIP_NAT_GLOBAL_INFO;
|
|
|
|
#define IP_NAT_ALLOW_RAS_CLIENTS 0x00000001
|
|
|
|
//
|
|
// Type-codes for the IP_NAT_GLOBAL_INFO.Header.TocEntry[] array.
|
|
//
|
|
// The structures which correspond to each info-type are given below.
|
|
//
|
|
|
|
#define IP_NAT_TIMEOUT_TYPE IP_GENERAL_INFO_BASE + 1
|
|
#define IP_NAT_PROTOCOLS_ALLOWED_TYPE IP_GENERAL_INFO_BASE + 2
|
|
|
|
//
|
|
// Structure: IP_NAT_TIMEOUT
|
|
//
|
|
// Used to amend the default timeouts for TCP and UDP session mappings.
|
|
//
|
|
|
|
typedef struct _IP_NAT_TIMEOUT {
|
|
ULONG TCPTimeoutSeconds;
|
|
ULONG UDPTimeoutSeconds;
|
|
} IP_NAT_TIMEOUT, *PIP_NAT_TIMEOUT;
|
|
|
|
|
|
//
|
|
// Structure: IP_NAT_PROTOCOLS_ALLOWED
|
|
//
|
|
// Used to define which IP-layer protocols (other than TCP/UDP/ICMP/PPTP)
|
|
// may be translated by the NAT. Only one session for each such protocol
|
|
// is supported for each remote destination.
|
|
//
|
|
|
|
typedef struct _IP_NAT_PROTOCOLS_ALLOWED {
|
|
ULONG Bitmap[256 / (sizeof(ULONG) * 8)];
|
|
} IP_NAT_PROTOCOLS_ALLOWED, *PIP_NAT_PROTOCOLS_ALLOWED;
|
|
|
|
|
|
//
|
|
// Structure: IP_NAT_CREATE_INTERFACE
|
|
//
|
|
// 'Index' must correspond to a valid IP adapter-index.
|
|
// This implies that addition of a demand-dial interface can only occur
|
|
// when such an interface is connected.
|
|
//
|
|
// The field 'BindingInfo' should be the beginning of
|
|
// an IP_ADAPTER_BINDING_INFO structure (see routprot.h) which
|
|
// contains the interface's binding.
|
|
//
|
|
|
|
#pragma warning(disable:4200) // 0-element array
|
|
|
|
typedef struct _IP_NAT_CREATE_INTERFACE {
|
|
IN ULONG Index;
|
|
IN ULONG BindingInfo[0];
|
|
} IP_NAT_CREATE_INTERFACE, *PIP_NAT_CREATE_INTERFACE;
|
|
|
|
#pragma warning(default:4200)
|
|
|
|
//
|
|
// Structure: IP_NAT_INTERFACE_INFO
|
|
//
|
|
// 'Index' identifies the interface to be configured.
|
|
//
|
|
// The configuration information uses the RTR_INFO_BLOCK_HEADER structure
|
|
// of rtinfo.h. See below for the type-codes for structures which may appear
|
|
// after IP_NAT_INTERFACE_INFO.Header within the RTR_TOC_ENTRY.InfoType field.
|
|
//
|
|
|
|
typedef struct _IP_NAT_INTERFACE_INFO {
|
|
ULONG Index;
|
|
ULONG Flags;
|
|
RTR_INFO_BLOCK_HEADER Header;
|
|
} IP_NAT_INTERFACE_INFO, *PIP_NAT_INTERFACE_INFO;
|
|
|
|
//
|
|
// Flags for IP_NAT_INTERFACE_INFO.Flags
|
|
//
|
|
// _BOUNDARY: set to mark interface as boundary-interface.
|
|
//
|
|
// _NAPT: set to enable address-sharing via port-translation.
|
|
//
|
|
// _FW: set to enable firewall mode on the interface. This works with all
|
|
// other flags. An interface in firewall mode is much more strict on what
|
|
// inbound packets it will allow to propogate up the stack; in general,
|
|
// it will only allow packets that are part of a locally-initiated connection
|
|
// flow (i.e., packets for which a mapping or ticket exists)
|
|
//
|
|
|
|
#define IP_NAT_INTERFACE_FLAGS_BOUNDARY 0x00000001
|
|
#define IP_NAT_INTERFACE_FLAGS_NAPT 0x00000002
|
|
#define IP_NAT_INTERFACE_FLAGS_DISABLE_PPTP 0x00000004
|
|
#define IP_NAT_INTERFACE_FLAGS_FW 0x00000010
|
|
#define IP_NAT_INTERFACE_FLAGS_ALL 0x0000001f
|
|
|
|
//
|
|
// Type-codes for the IP_NAT_INTERFACE_INFO.Header.TocEntry[] array.
|
|
//
|
|
// The structures which correspond to each info-type are given below.
|
|
//
|
|
|
|
#define IP_NAT_ADDRESS_RANGE_TYPE IP_GENERAL_INFO_BASE + 2
|
|
#define IP_NAT_PORT_MAPPING_TYPE IP_GENERAL_INFO_BASE + 3
|
|
#define IP_NAT_ADDRESS_MAPPING_TYPE IP_GENERAL_INFO_BASE + 4
|
|
#define IP_NAT_ICMP_CONFIG_TYPE IP_GENERAL_INFO_BASE + 5
|
|
|
|
//
|
|
// Structure: IP_NAT_ADDRESS_RANGE
|
|
//
|
|
// Holds a range of addresses which are part of the address-pool
|
|
// for a boundary interface.
|
|
//
|
|
// An address-pool consists of a list of these structures.
|
|
//
|
|
// N.B. Overlapping address-ranges are not supported;
|
|
// discontiguous subnet masks are also unsupported.
|
|
//
|
|
|
|
typedef struct _IP_NAT_ADDRESS_RANGE {
|
|
ULONG StartAddress;
|
|
ULONG EndAddress;
|
|
ULONG SubnetMask;
|
|
} IP_NAT_ADDRESS_RANGE, *PIP_NAT_ADDRESS_RANGE;
|
|
|
|
//
|
|
// Structure: IP_NAT_PORT_MAPPING
|
|
//
|
|
// Holds a static mapping which ties a public-side port on this NAT interface
|
|
// to a particular private machine's address/port.
|
|
//
|
|
// In the case of an interface with a pool of addresses, 'PublicAddress'
|
|
// should specify which of those addresses this static-mapping applies to.
|
|
//
|
|
|
|
typedef struct _IP_NAT_PORT_MAPPING {
|
|
UCHAR Protocol;
|
|
USHORT PublicPort;
|
|
ULONG PublicAddress; // OPTIONAL - see IP_NAT_ADDRESS_UNSPECIFIED
|
|
USHORT PrivatePort;
|
|
ULONG PrivateAddress;
|
|
} IP_NAT_PORT_MAPPING, *PIP_NAT_PORT_MAPPING;
|
|
|
|
//
|
|
// Constant for 'PublicAddress' in IP_NAT_PORT_RANGE and IP_NAT_PORT_MAPPING;
|
|
// may be specified for boundary-interfaces which have no address-pool, in
|
|
// which case the range/mapping is for the boundary-interface's sole address.
|
|
//
|
|
|
|
#define IP_NAT_ADDRESS_UNSPECIFIED ((ULONG)0)
|
|
|
|
//
|
|
// Structure: IP_NAT_ADDRESS_MAPPING
|
|
//
|
|
// Holds a static mapping which ties an address from this NAT interface's
|
|
// address pool to a particular private-machine's address.
|
|
//
|
|
// Note that this address must fall within one of the ranges comprising
|
|
// the pool as specified by the IP_NAT_ADDRESS_RANGE structures.
|
|
//
|
|
|
|
typedef struct _IP_NAT_ADDRESS_MAPPING {
|
|
ULONG PrivateAddress;
|
|
ULONG PublicAddress;
|
|
BOOLEAN AllowInboundSessions;
|
|
} IP_NAT_ADDRESS_MAPPING, *PIP_NAT_ADDRESS_MAPPING;
|
|
|
|
//
|
|
// There is no structure for IP_NAT_ICMP_CONFIG -- it's just a ULONG,
|
|
// with the following flags defining the behavior. These flags are
|
|
// only for exceptions to our default (very strict) security policy.
|
|
//
|
|
// IB == inbound, OB == outbound. Redirect is for either direction.
|
|
//
|
|
// The numerical values for the flags are derived from the ICMP
|
|
// message type code -- 1 << MessageType.
|
|
//
|
|
//
|
|
|
|
#define IP_NAT_ICMP_ALLOW_OB_DEST_UNREACH 0x00000008
|
|
#define IP_NAT_ICMP_ALLOW_OB_SOURCE_QUENCH 0x00000010
|
|
#define IP_NAT_ICMP_ALLOW_REDIRECT 0x00000020
|
|
#define IP_NAT_ICMP_ALLOW_IB_ECHO 0x00000100
|
|
#define IP_NAT_ICMP_ALLOW_IB_ROUTER 0x00000200
|
|
#define IP_NAT_ICMP_ALLOW_OB_TIME_EXCEEDED 0x00000800
|
|
#define IP_NAT_ICMP_ALLOW_OB_PARAM_PROBLEM 0x00001000
|
|
#define IP_NAT_ICMP_ALLOW_IB_TIMESTAMP 0x00002000
|
|
#define IP_NAT_ICMP_ALLOW_IB_MASK 0x00020000
|
|
|
|
//
|
|
// Structure: IP_NAT_INTERFACE_STATISTICS
|
|
//
|
|
// This structure holds statistics for an interface
|
|
//
|
|
|
|
typedef struct _IP_NAT_INTERFACE_STATISTICS {
|
|
OUT ULONG TotalMappings;
|
|
OUT ULONG InboundMappings;
|
|
OUT ULONG64 BytesForward;
|
|
OUT ULONG64 BytesReverse;
|
|
OUT ULONG64 PacketsForward;
|
|
OUT ULONG64 PacketsReverse;
|
|
OUT ULONG64 RejectsForward;
|
|
OUT ULONG64 RejectsReverse;
|
|
} IP_NAT_INTERFACE_STATISTICS, *PIP_NAT_INTERFACE_STATISTICS;
|
|
|
|
//
|
|
// Structure: IP_NAT_SESSION_MAPPING
|
|
//
|
|
// This structure holds information for a single mapping
|
|
//
|
|
|
|
typedef struct _IP_NAT_SESSION_MAPPING {
|
|
UCHAR Protocol; // see NAT_PROTOCOL_* above
|
|
ULONG PrivateAddress;
|
|
USHORT PrivatePort;
|
|
ULONG PublicAddress;
|
|
USHORT PublicPort;
|
|
ULONG RemoteAddress;
|
|
USHORT RemotePort;
|
|
IP_NAT_DIRECTION Direction;
|
|
ULONG IdleTime; // in seconds
|
|
} IP_NAT_SESSION_MAPPING, *PIP_NAT_SESSION_MAPPING;
|
|
|
|
//
|
|
// Structure: IP_NAT_SESSION_MAPPING_STATISTICS
|
|
//
|
|
// Holds statistics for a single session-mapping.
|
|
//
|
|
|
|
typedef struct _IP_NAT_SESSION_MAPPING_STATISTICS {
|
|
ULONG64 BytesForward;
|
|
ULONG64 BytesReverse;
|
|
ULONG64 PacketsForward;
|
|
ULONG64 PacketsReverse;
|
|
ULONG64 RejectsForward;
|
|
ULONG64 RejectsReverse;
|
|
} IP_NAT_SESSION_MAPPING_STATISTICS, *PIP_NAT_SESSION_MAPPING_STATISTICS;
|
|
|
|
//
|
|
// Structure: IP_NAT_SESSION_MAPPING_KEY
|
|
//
|
|
// Holds key-information for a single session-mapping.
|
|
//
|
|
|
|
typedef struct _IP_NAT_SESSION_MAPPING_KEY {
|
|
UCHAR Protocol;
|
|
ULONG DestinationAddress;
|
|
USHORT DestinationPort;
|
|
ULONG SourceAddress;
|
|
USHORT SourcePort;
|
|
ULONG NewDestinationAddress;
|
|
USHORT NewDestinationPort;
|
|
ULONG NewSourceAddress;
|
|
USHORT NewSourcePort;
|
|
} IP_NAT_SESSION_MAPPING_KEY, *PIP_NAT_SESSION_MAPPING_KEY;
|
|
|
|
//
|
|
// Structure: IP_NAT_SESSION_MAPPING_KEY_EX
|
|
//
|
|
// Holds key-information for a single session-mapping, including
|
|
// the AdapterIndex if this session was created by the redirector.
|
|
//
|
|
|
|
typedef struct _IP_NAT_SESSION_MAPPING_KEY_EX {
|
|
UCHAR Protocol;
|
|
ULONG DestinationAddress;
|
|
USHORT DestinationPort;
|
|
ULONG SourceAddress;
|
|
USHORT SourcePort;
|
|
ULONG NewDestinationAddress;
|
|
USHORT NewDestinationPort;
|
|
ULONG NewSourceAddress;
|
|
USHORT NewSourcePort;
|
|
ULONG AdapterIndex;
|
|
} IP_NAT_SESSION_MAPPING_KEY_EX, *PIP_NAT_SESSION_MAPPING_KEY_EX;
|
|
|
|
//
|
|
// Structure: IP_NAT_ENUMERATE_SESSION_MAPPINGS
|
|
//
|
|
// Used for enumerating session mappings.
|
|
// On the first call to this routine, 'EnumerateContext' should be zeroed out;
|
|
// it will be filled by the NAT with information to be passed back down
|
|
// as the enumeration continues. To indicate there are no items remaining,
|
|
// the NAT will set EnumerateContext[0] to 0.
|
|
//
|
|
|
|
typedef struct _IP_NAT_ENUMERATE_SESSION_MAPPINGS {
|
|
IN ULONG Index;
|
|
IN OUT ULONG EnumerateContext[4];
|
|
OUT ULONG EnumerateCount;
|
|
OUT ULONG EnumerateTotalHint;
|
|
OUT IP_NAT_SESSION_MAPPING EnumerateTable[1];
|
|
} IP_NAT_ENUMERATE_SESSION_MAPPINGS, *PIP_NAT_ENUMERATE_SESSION_MAPPINGS;
|
|
|
|
//
|
|
// Structure: IP_NAT_LOOKUP_SESSION_MAPPING
|
|
//
|
|
// Used to search for and query a specified session mapping.
|
|
// On input, the address/port fields are initialized either to
|
|
// pre-translation values or post-translation values.
|
|
// The NAT attempts to find a session mapping with matching values,
|
|
// and retrieves the requested information for that session mapping, if found.
|
|
//
|
|
|
|
typedef struct _IP_NAT_LOOKUP_SESSION_MAPPING {
|
|
UCHAR Protocol;
|
|
ULONG DestinationAddress;
|
|
USHORT DestinationPort;
|
|
ULONG SourceAddress;
|
|
USHORT SourcePort;
|
|
} IP_NAT_LOOKUP_SESSION_MAPPING, *PIP_NAT_LOOKUP_SESSION_MAPPING;
|
|
|
|
|
|
//
|
|
// Editor function prototypes
|
|
//
|
|
|
|
//
|
|
// For synchronization reasons, 'CreateHandler' and 'DeleteHandler'
|
|
// CANNOT invoke any helper functions other than 'QueryInfoSession'.
|
|
//
|
|
|
|
typedef NTSTATUS
|
|
(*PNAT_EDITOR_CREATE_HANDLER)(
|
|
IN PVOID EditorContext,
|
|
IN ULONG PrivateAddress,
|
|
IN USHORT PrivatePort,
|
|
IN ULONG PublicAddress,
|
|
IN USHORT PublicPort,
|
|
IN ULONG RemoteAddress,
|
|
IN USHORT RemotePort,
|
|
OUT PVOID* EditorSessionContextp OPTIONAL
|
|
);
|
|
|
|
typedef NTSTATUS
|
|
(*PNAT_EDITOR_DELETE_HANDLER)(
|
|
IN PVOID InterfaceHandle,
|
|
IN PVOID SessionHandle,
|
|
IN PVOID EditorContext,
|
|
IN PVOID EditorSessionContext
|
|
);
|
|
|
|
typedef NTSTATUS
|
|
(*PNAT_EDITOR_DATA_HANDLER)(
|
|
IN PVOID InterfaceHandle,
|
|
IN PVOID SessionHandle,
|
|
IN PVOID DataHandle,
|
|
IN PVOID EditorContext,
|
|
IN PVOID EditorSessionContext,
|
|
IN PVOID RecvBuffer,
|
|
IN ULONG DataOffset
|
|
);
|
|
|
|
//
|
|
// Helper function prototypes
|
|
//
|
|
|
|
typedef NTSTATUS
|
|
(*PNAT_EDITOR_CREATE_TICKET)(
|
|
IN PVOID InterfaceHandle,
|
|
IN UCHAR Protocol,
|
|
IN ULONG PrivateAddress,
|
|
IN USHORT PrivatePort,
|
|
IN ULONG RemoteAddress OPTIONAL,
|
|
IN USHORT RemotePort OPTIONAL,
|
|
OUT PULONG PublicAddress,
|
|
OUT PUSHORT PublicPort
|
|
);
|
|
|
|
typedef NTSTATUS
|
|
(*PNAT_EDITOR_DELETE_TICKET)(
|
|
IN PVOID InterfaceHandle,
|
|
IN ULONG PublicAddress,
|
|
IN UCHAR Protocol,
|
|
IN USHORT PublicPort,
|
|
IN ULONG RemoteAddress OPTIONAL,
|
|
IN USHORT RemotePort OPTIONAL
|
|
);
|
|
|
|
typedef NTSTATUS
|
|
(*PNAT_EDITOR_DEREGISTER)(
|
|
IN PVOID EditorHandle
|
|
);
|
|
|
|
typedef NTSTATUS
|
|
(*PNAT_EDITOR_DISSOCIATE_SESSION)(
|
|
IN PVOID EditorHandle,
|
|
IN PVOID SessionHandle
|
|
);
|
|
|
|
typedef NTSTATUS
|
|
(*PNAT_EDITOR_EDIT_SESSION)(
|
|
IN PVOID DataHandle,
|
|
IN PVOID RecvBuffer,
|
|
IN ULONG OldDataOffset,
|
|
IN ULONG OldDataLength,
|
|
IN PUCHAR NewData,
|
|
IN ULONG NewDataLength
|
|
);
|
|
|
|
typedef VOID
|
|
(*PNAT_EDITOR_QUERY_INFO_SESSION)(
|
|
IN PVOID SessionHandle,
|
|
OUT PULONG PrivateAddress OPTIONAL,
|
|
OUT PUSHORT PrivatePort OPTIONAL,
|
|
OUT PULONG RemoteAddress OPTIONAL,
|
|
OUT PUSHORT RemotePort OPTIONAL,
|
|
OUT PULONG PublicAddress OPTIONAL,
|
|
OUT PUSHORT PublicPort OPTIONAL,
|
|
OUT PIP_NAT_SESSION_MAPPING_STATISTICS Statistics OPTIONAL
|
|
);
|
|
|
|
typedef VOID
|
|
(*PNAT_EDITOR_TIMEOUT_SESSION)(
|
|
IN PVOID EditorHandle,
|
|
IN PVOID SessionHandle
|
|
);
|
|
|
|
//
|
|
// Structure: IP_NAT_REGISTER_EDITOR
|
|
//
|
|
// The editor uses this structure to register itself with the NAT,
|
|
// and to obtain entrypoints of helper-functions provided by the NAT.
|
|
//
|
|
// On input, 'EditorContext' should contain a value which the NAT will
|
|
// pass to the editor's provided functions to serve as identification.
|
|
//
|
|
// On output, 'EditorHandle' contains the handle which the editor should
|
|
// pass to the NAT's helper functions to identify itself.
|
|
//
|
|
|
|
typedef struct _IP_NAT_REGISTER_EDITOR {
|
|
IN ULONG Version;
|
|
IN ULONG Flags;
|
|
IN UCHAR Protocol;
|
|
IN USHORT Port;
|
|
IN IP_NAT_DIRECTION Direction;
|
|
IN PVOID EditorContext;
|
|
IN PNAT_EDITOR_CREATE_HANDLER CreateHandler; // OPTIONAL
|
|
IN PNAT_EDITOR_DELETE_HANDLER DeleteHandler; // OPTIONAL
|
|
IN PNAT_EDITOR_DATA_HANDLER ForwardDataHandler; // OPTIONAL
|
|
IN PNAT_EDITOR_DATA_HANDLER ReverseDataHandler; // OPTIONAL
|
|
OUT PVOID EditorHandle;
|
|
OUT PNAT_EDITOR_CREATE_TICKET CreateTicket;
|
|
OUT PNAT_EDITOR_DELETE_TICKET DeleteTicket;
|
|
OUT PNAT_EDITOR_DEREGISTER Deregister;
|
|
OUT PNAT_EDITOR_DISSOCIATE_SESSION DissociateSession;
|
|
OUT PNAT_EDITOR_EDIT_SESSION EditSession;
|
|
OUT PNAT_EDITOR_QUERY_INFO_SESSION QueryInfoSession;
|
|
OUT PNAT_EDITOR_TIMEOUT_SESSION TimeoutSession;
|
|
} IP_NAT_REGISTER_EDITOR, *PIP_NAT_REGISTER_EDITOR;
|
|
|
|
#define IP_NAT_EDITOR_FLAGS_RESIZE 0x00000001
|
|
|
|
//
|
|
// Structure: IP_NAT_EDITOR
|
|
//
|
|
// This structure contains information describing a registered editor.
|
|
//
|
|
|
|
typedef struct _IP_NAT_EDITOR {
|
|
IP_NAT_DIRECTION Direction;
|
|
UCHAR Protocol;
|
|
USHORT Port;
|
|
} IP_NAT_EDITOR, *PIP_NAT_EDITOR;
|
|
|
|
//
|
|
// Structure: IP_NAT_ENUMERATE_EDITORS
|
|
//
|
|
// Used for enumerating editors.
|
|
// On the first call to this routine, 'EnumerateContext' should be zeroed out;
|
|
// it will be filled by the NAT with information to be passed back down
|
|
// as the enumeration continues. To indicate there are no items remaining,
|
|
// the NAT will set EnumerateContext[0] to 0.
|
|
//
|
|
|
|
typedef struct _IP_NAT_ENUMERATE_EDITORS {
|
|
IN OUT ULONG EnumerateContext;
|
|
OUT ULONG EnumerateCount;
|
|
OUT ULONG EnumerateTotalHint;
|
|
OUT IP_NAT_EDITOR EnumerateTable[1];
|
|
} IP_NAT_ENUMERATE_EDITORS, *PIP_NAT_ENUMERATE_EDITORS;
|
|
|
|
|
|
//
|
|
// Director function prototypes
|
|
//
|
|
|
|
typedef struct _IP_NAT_DIRECTOR_QUERY {
|
|
IN PVOID DirectorContext;
|
|
IN ULONG ReceiveIndex;
|
|
IN ULONG SendIndex;
|
|
IN UCHAR Protocol;
|
|
IN ULONG DestinationAddress;
|
|
IN USHORT DestinationPort;
|
|
IN ULONG SourceAddress;
|
|
IN USHORT SourcePort;
|
|
IN OUT ULONG Flags;
|
|
OUT ULONG NewDestinationAddress;
|
|
OUT USHORT NewDestinationPort;
|
|
OUT ULONG NewSourceAddress OPTIONAL;
|
|
OUT USHORT NewSourcePort OPTIONAL;
|
|
OUT PVOID DirectorSessionContext;
|
|
} IP_NAT_DIRECTOR_QUERY, *PIP_NAT_DIRECTOR_QUERY;
|
|
|
|
#define IP_NAT_DIRECTOR_QUERY_FLAG_LOOPBACK 0x00000001
|
|
#define IP_NAT_DIRECTOR_QUERY_FLAG_DROP 0x80000000
|
|
#define IP_NAT_DIRECTOR_QUERY_FLAG_STATISTICS 0x40000000
|
|
#define IP_NAT_DIRECTOR_QUERY_FLAG_NO_TIMEOUT 0x20000000
|
|
#define IP_NAT_DIRECTOR_QUERY_FLAG_UNIDIRECTIONAL 0x10000000
|
|
#define IP_NAT_DIRECTOR_QUERY_FLAG_DELETE_ON_DISSOCIATE 0x08000000
|
|
|
|
typedef NTSTATUS
|
|
(*PNAT_DIRECTOR_QUERY_SESSION)(
|
|
PIP_NAT_DIRECTOR_QUERY DirectorQuery
|
|
);
|
|
|
|
typedef VOID
|
|
(*PNAT_DIRECTOR_CREATE_SESSION)(
|
|
IN PVOID SessionHandle,
|
|
IN PVOID DirectorContext,
|
|
IN PVOID DirectorSessionContext
|
|
);
|
|
|
|
typedef VOID
|
|
(*PNAT_DIRECTOR_DELETE_SESSION)(
|
|
IN PVOID SessionHandle,
|
|
IN PVOID DirectorContext,
|
|
IN PVOID DirectorSessionContext,
|
|
IN IP_NAT_DELETE_REASON DeleteReason
|
|
);
|
|
|
|
typedef VOID
|
|
(*PNAT_DIRECTOR_UNLOAD)(
|
|
IN PVOID DirectorContext
|
|
);
|
|
|
|
//
|
|
// Director-helper function prototypes
|
|
//
|
|
|
|
typedef NTSTATUS
|
|
(*PNAT_DIRECTOR_DEREGISTER)(
|
|
IN PVOID DirectorHandle
|
|
);
|
|
|
|
typedef NTSTATUS
|
|
(*PNAT_DIRECTOR_DISSOCIATE_SESSION)(
|
|
IN PVOID DirectorHandle,
|
|
IN PVOID SessionHandle
|
|
);
|
|
|
|
typedef VOID
|
|
(*PNAT_DIRECTOR_QUERY_INFO_SESSION)(
|
|
IN PVOID SessionHandle,
|
|
OUT PIP_NAT_SESSION_MAPPING_STATISTICS Statistics OPTIONAL
|
|
);
|
|
|
|
//
|
|
// Structure: IP_NAT_REGISTER_DIRECTOR
|
|
//
|
|
// The director uses this structure to register itself with the NAT.
|
|
//
|
|
|
|
typedef struct _IP_NAT_REGISTER_DIRECTOR {
|
|
IN ULONG Version;
|
|
IN ULONG Flags;
|
|
IN UCHAR Protocol;
|
|
IN USHORT Port;
|
|
IN PVOID DirectorContext;
|
|
IN PNAT_DIRECTOR_QUERY_SESSION QueryHandler;
|
|
IN PNAT_DIRECTOR_CREATE_SESSION CreateHandler;
|
|
IN PNAT_DIRECTOR_DELETE_SESSION DeleteHandler;
|
|
IN PNAT_DIRECTOR_UNLOAD UnloadHandler;
|
|
OUT PVOID DirectorHandle;
|
|
OUT PNAT_DIRECTOR_QUERY_INFO_SESSION QueryInfoSession;
|
|
OUT PNAT_DIRECTOR_DEREGISTER Deregister;
|
|
OUT PNAT_DIRECTOR_DISSOCIATE_SESSION DissociateSession;
|
|
} IP_NAT_REGISTER_DIRECTOR, *PIP_NAT_REGISTER_DIRECTOR;
|
|
|
|
//
|
|
// Structure: IP_NAT_DIRECTOR
|
|
//
|
|
// This structure contains information describing a registered director.
|
|
//
|
|
|
|
typedef struct _IP_NAT_DIRECTOR {
|
|
UCHAR Protocol;
|
|
USHORT Port;
|
|
} IP_NAT_DIRECTOR, *PIP_NAT_DIRECTOR;
|
|
|
|
//
|
|
// Structure: IP_NAT_ENUMERATE_DIRECTORS
|
|
//
|
|
// Used for enumerating directors.
|
|
// On the first call to this routine, 'EnumerateContext' should be zeroed out;
|
|
// it will be filled by the NAT with information to be passed back down
|
|
// as the enumeration continues. To indicate there are no items remaining,
|
|
// the NAT will set EnumerateContext[0] to 0.
|
|
//
|
|
|
|
typedef struct _IP_NAT_ENUMERATE_DIRECTORS {
|
|
IN OUT ULONG EnumerateContext;
|
|
OUT ULONG EnumerateCount;
|
|
OUT ULONG EnumerateTotalHint;
|
|
OUT IP_NAT_DIRECTOR EnumerateTable[1];
|
|
} IP_NAT_ENUMERATE_DIRECTORS, *PIP_NAT_ENUMERATE_DIRECTORS;
|
|
|
|
//
|
|
// Structure: IP_NAT_REDIRECT
|
|
//
|
|
// Describes the manner in which a specific session is to be modified.
|
|
//
|
|
|
|
typedef struct _IP_NAT_REDIRECT {
|
|
UCHAR Protocol;
|
|
ULONG SourceAddress;
|
|
USHORT SourcePort;
|
|
ULONG DestinationAddress;
|
|
USHORT DestinationPort;
|
|
ULONG NewSourceAddress;
|
|
USHORT NewSourcePort;
|
|
ULONG NewDestinationAddress;
|
|
USHORT NewDestinationPort;
|
|
} IP_NAT_REDIRECT, *PIP_NAT_REDIRECT;
|
|
|
|
typedef struct _IP_NAT_CREATE_REDIRECT {
|
|
IN ULONG Flags;
|
|
IN HANDLE NotifyEvent OPTIONAL;
|
|
IN ULONG RestrictSourceAddress OPTIONAL;
|
|
#ifdef __cplusplus
|
|
IN IP_NAT_REDIRECT Redirect;
|
|
#else
|
|
IN IP_NAT_REDIRECT;
|
|
#endif
|
|
} IP_NAT_CREATE_REDIRECT, *PIP_NAT_CREATE_REDIRECT;
|
|
|
|
typedef struct _IP_NAT_CREATE_REDIRECT_EX {
|
|
IN ULONG Flags;
|
|
IN HANDLE NotifyEvent OPTIONAL;
|
|
IN ULONG RestrictSourceAddress OPTIONAL;
|
|
ULONG RestrictAdapterIndex OPTIONAL;
|
|
#ifdef __cplusplus
|
|
IN IP_NAT_REDIRECT Redirect;
|
|
#else
|
|
IN IP_NAT_REDIRECT;
|
|
#endif
|
|
} IP_NAT_CREATE_REDIRECT_EX, *PIP_NAT_CREATE_REDIRECT_EX;
|
|
|
|
#define IP_NAT_REDIRECT_FLAG_ASYNCHRONOUS 0x00000001
|
|
#define IP_NAT_REDIRECT_FLAG_STATISTICS 0x00000002
|
|
#define IP_NAT_REDIRECT_FLAG_NO_TIMEOUT 0x00000004
|
|
#define IP_NAT_REDIRECT_FLAG_UNIDIRECTIONAL 0x00000008
|
|
#define IP_NAT_REDIRECT_FLAG_RESTRICT_SOURCE 0x00000010
|
|
#define IP_NAT_REDIRECT_FLAG_IO_COMPLETION 0x00000020
|
|
#define IP_NAT_REDIRECT_FLAG_PORT_REDIRECT 0x00000040
|
|
#define IP_NAT_REDIRECT_FLAG_RECEIVE_ONLY 0x00000080
|
|
#define IP_NAT_REDIRECT_FLAG_LOOPBACK 0x00000100
|
|
#define IP_NAT_REDIRECT_FLAG_SEND_ONLY 0x00000200
|
|
#define IP_NAT_REDIRECT_FLAG_RESTRICT_ADAPTER 0x00000400
|
|
#define IP_NAT_REDIRECT_FLAG_SOURCE_REDIRECT 0x00000800
|
|
|
|
typedef struct _IP_NAT_LOOKUP_REDIRECT {
|
|
IN ULONG Flags;
|
|
IN PVOID RedirectApcContext;
|
|
#ifdef __cplusplus
|
|
IN IP_NAT_REDIRECT Redirect;
|
|
#else
|
|
IN IP_NAT_REDIRECT;
|
|
#endif
|
|
} IP_NAT_LOOKUP_REDIRECT, *PIP_NAT_LOOKUP_REDIRECT;
|
|
|
|
#define IP_NAT_LOOKUP_REDIRECT_FLAG_MATCH_APC_CONTEXT 0x00000001
|
|
|
|
typedef struct _IP_NAT_SESSION_MAPPING_STATISTICS
|
|
IP_NAT_REDIRECT_STATISTICS, *PIP_NAT_REDIRECT_STATISTICS;
|
|
|
|
typedef struct _IP_NAT_REDIRECT_SOURCE_MAPPING {
|
|
ULONG SourceAddress;
|
|
USHORT SourcePort;
|
|
ULONG NewSourceAddress;
|
|
USHORT NewSourcePort;
|
|
} IP_NAT_REDIRECT_SOURCE_MAPPING, *PIP_NAT_REDIRECT_SOURCE_MAPPING;
|
|
|
|
typedef struct _IP_NAT_REDIRECT_DESTINATION_MAPPING {
|
|
ULONG DestinationAddress;
|
|
USHORT DestinationPort;
|
|
ULONG NewDestinationAddress;
|
|
USHORT NewDestinationPort;
|
|
} IP_NAT_REDIRECT_DESTINATION_MAPPING, *PIP_NAT_REDIRECT_DESTINATION_MAPPING;
|
|
|
|
|
|
//
|
|
// Enumeration: IP_NAT_NOTIFICATION
|
|
//
|
|
// Lists the forms of notification supported by the NAT.
|
|
//
|
|
|
|
typedef enum {
|
|
NatRoutingFailureNotification = 0,
|
|
NatMaximumNotification
|
|
} IP_NAT_NOTIFICATION, *PIP_NAT_NOTIFICATION;
|
|
|
|
//
|
|
// Structure: IP_NAT_REQUEST_NOTIFICATION
|
|
//
|
|
// Used to request notification from the NAT.
|
|
//
|
|
|
|
typedef struct _IP_NAT_REQUEST_NOTIFICATION {
|
|
IP_NAT_NOTIFICATION Code;
|
|
} IP_NAT_REQUEST_NOTIFICATION, *PIP_NAT_REQUEST_NOTIFICATION;
|
|
|
|
//
|
|
// Structure: IP_NAT_ROUTING_FAILURE_NOTIFICATION
|
|
//
|
|
// Supplies information on a packet which could not be routed.
|
|
//
|
|
|
|
typedef struct _IP_NAT_ROUTING_FAILURE_NOTIFICATION {
|
|
ULONG DestinationAddress;
|
|
ULONG SourceAddress;
|
|
} IP_NAT_ROUTING_FAILURE_NOTIFICATION, *PIP_NAT_ROUTING_FAILURE_NOTIFICATION;
|
|
|
|
|
|
//
|
|
// Structure: IP_NAT_CREATE_DYNAMIC_TICKET
|
|
//
|
|
// Used to describe a dynamic ticket to be created.
|
|
//
|
|
|
|
#pragma warning(disable:4200) // 0-element array
|
|
|
|
typedef struct _IP_NAT_CREATE_DYNAMIC_TICKET {
|
|
UCHAR Protocol;
|
|
USHORT Port;
|
|
ULONG ResponseCount;
|
|
struct {
|
|
UCHAR Protocol;
|
|
USHORT StartPort;
|
|
USHORT EndPort;
|
|
} ResponseArray[0];
|
|
} IP_NAT_CREATE_DYNAMIC_TICKET, *PIP_NAT_CREATE_DYNAMIC_TICKET;
|
|
|
|
#pragma warning(default:4200)
|
|
|
|
//
|
|
// Structure: IP_NAT_DELETE_DYNAMIC_TICKET
|
|
//
|
|
// Used to describe a dynamic ticket to be deleted.
|
|
//
|
|
|
|
typedef struct _IP_NAT_DELETE_DYNAMIC_TICKET {
|
|
UCHAR Protocol;
|
|
USHORT Port;
|
|
} IP_NAT_DELETE_DYNAMIC_TICKET, *PIP_NAT_DELETE_DYNAMIC_TICKET;
|
|
|
|
//
|
|
// Structure: IP_NAT_CREATE_TICKET
|
|
//
|
|
// Used to describe a ticket to be created or deleted.
|
|
//
|
|
|
|
typedef struct _IP_NAT_CREATE_TICKET {
|
|
IN ULONG InterfaceIndex;
|
|
IN IP_NAT_PORT_MAPPING PortMapping;
|
|
} IP_NAT_CREATE_TICKET, *PIP_NAT_CREATE_TICKET;
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif // _ROUTING_IP_NAT_H_
|