/*++ Copyright (c) 1997, Microsoft Corporation Module Name: ipnat.h Abstract: Contains semi-public IOCTLS and data-structures related to the IP Network Address Translator. Author: Abolade Gbadegesin (t-abolag) 11-July-1997 Revision History: --*/ #ifndef _ROUTING_IP_NAT_H_ #define _ROUTING_IP_NAT_H_ #include // for RTR_INFO_BLOCK_HEADER #include // for IP_GENERAL_INFO_BASE // // Moved to ipinfoid.h // // #define IP_NAT_INFO IP_GENERAL_INFO_BASE + 8 // // MISCELLANEOUS DECLARATIONS // #define IP_NAT_VERSION 1 #define IP_NAT_SERVICE_NAME "IPNAT" #define DD_IP_NAT_DEVICE_NAME L"\\Device\\IPNAT" // // IP header protocol-field constants // #define NAT_PROTOCOL_ICMP 0x01 #define NAT_PROTOCOL_IGMP 0x02 #define NAT_PROTOCOL_TCP 0x06 #define NAT_PROTOCOL_UDP 0x11 #define NAT_PROTOCOL_PPTP 0x2F // // IOCTL DECLARATIONS // #define FSCTL_IP_NAT_BASE FILE_DEVICE_NETWORK #define _IP_NAT_CTL_CODE(function, method, access) \ CTL_CODE(FSCTL_IP_NAT_BASE, function, method, access) // // NAT-supported IOCTL constant declarations // #define IOCTL_IP_NAT_SET_GLOBAL_INFO \ _IP_NAT_CTL_CODE(0, METHOD_BUFFERED, FILE_WRITE_ACCESS) #define IOCTL_IP_NAT_GET_GLOBAL_INFO \ _IP_NAT_CTL_CODE(1, METHOD_BUFFERED, FILE_WRITE_ACCESS) #define IOCTL_IP_NAT_CREATE_INTERFACE \ _IP_NAT_CTL_CODE(2, METHOD_BUFFERED, FILE_WRITE_ACCESS) #define IOCTL_IP_NAT_DELETE_INTERFACE \ _IP_NAT_CTL_CODE(3, METHOD_BUFFERED, FILE_WRITE_ACCESS) #define IOCTL_IP_NAT_BIND_INTERFACE \ _IP_NAT_CTL_CODE(4, METHOD_BUFFERED, FILE_WRITE_ACCESS) #define IOCTL_IP_NAT_UNBIND_INTERFACE \ _IP_NAT_CTL_CODE(5, METHOD_BUFFERED, FILE_WRITE_ACCESS) #define IOCTL_IP_NAT_SET_INTERFACE_INFO \ _IP_NAT_CTL_CODE(6, METHOD_BUFFERED, FILE_WRITE_ACCESS) #define IOCTL_IP_NAT_GET_INTERFACE_INFO \ _IP_NAT_CTL_CODE(7, METHOD_BUFFERED, FILE_WRITE_ACCESS) #define IOCTL_IP_NAT_REGISTER_EDITOR \ _IP_NAT_CTL_CODE(8, METHOD_BUFFERED, FILE_WRITE_ACCESS) #define IOCTL_IP_NAT_GET_INTERFACE_STATISTICS \ _IP_NAT_CTL_CODE(9, METHOD_BUFFERED, FILE_WRITE_ACCESS) #define IOCTL_IP_NAT_ENUMERATE_SESSION_MAPPINGS \ _IP_NAT_CTL_CODE(10, METHOD_BUFFERED, FILE_WRITE_ACCESS) #define IOCTL_IP_NAT_REGISTER_DIRECTOR \ _IP_NAT_CTL_CODE(11, METHOD_BUFFERED, FILE_WRITE_ACCESS) // // IOCTL_IP_NAT_SET_GLOBAL_INFO // // Invoked by the IP router-manager to supply the NAT with its configuration. // // // IOCTL_IP_NAT_GET_GLOBAL_INFO // // Invoked by the IP router-manager to retrieve the NAT's configuration. // // // Structure: IP_NAT_GLOBAL_INFO // // Holds global configuration information for the NAT. // typedef struct _IP_NAT_GLOBAL_INFO { BOOL NATEnabled; // used by IPRTRMGR ULONG TCPTimeoutSeconds; ULONG UDPTimeoutSeconds; } IP_NAT_GLOBAL_INFO, *PIP_NAT_GLOBAL_INFO; // // IOCTL_IP_NAT_CREATE_INTERFACE // // Invoked by the IP router-manager to add router-interfaces to the NAT. // // // Structure: IP_NAT_CREATE_INTERFACE // // On output, 'NatInterfaceContext' contains the new interface's NAT-created // context. // typedef struct _IP_NAT_CREATE_INTERFACE { IN ULONG RtrMgrIndex; IN PVOID RtrMgrContext; OUT PVOID NatInterfaceContext; } IP_NAT_CREATE_INTERFACE, *PIP_NAT_CREATE_INTERFACE; // // IOCTL_IP_NAT_DELETE_INTERFACE // // Invoked by the IP router-manager to delete router-interfaces from the NAT. // // // Structure: IP_NAT_DELETE_INTERFACE // // On input, 'NatInterfaceContext' should contain the context for the interface // to be deleted, as obtained from IOCTL_IP_NAT_CREATE_INTERFACE. // typedef struct _IP_NAT_DELETE_INTERFACE { IN PVOID NatInterfaceContext; } IP_NAT_DELETE_INTERFACE, *PIP_NAT_DELETE_INTERFACE; // // IOCTL_IP_NAT_BIND_INTERFACE // // Invoked by the IP router-manager to set the interface's binding. // // // Structure: IP_NAT_BIND_INTERFACE // // Holds the binding for the specified interface. // The field 'BindingInfo' should be the beginning of // an IP_ADAPTER_BINDING_INFO structure (see routprot.h) which // contains the interface's binding. // typedef struct _IP_NAT_BIND_INTERFACE { IN PVOID NatInterfaceContext; IN ULONG BindingInfo[1]; } IP_NAT_BIND_INTERFACE, *PIP_NAT_BIND_INTERFACE; // // IOCTL_NAT_UNBIND_INTERFACE // // Invoked by the IP router-manager to remove binding from an interface. // // // Structure: IP_NAT_UNBIND_INTERFACE // // Used to indicate to the NAT which interface should be unbound. // typedef struct _IP_NAT_UNBIND_INTERFACE { IN PVOID NatInterfaceContext; } IP_NAT_UNBIND_INTERFACE, *PIP_NAT_UNBIND_INTERFACE; // // IOCTL_IP_NAT_SET_INTERFACE_INFO // // Invoked by the IP router-manager to set configuration information // on boundary-interfaces, i.e. interfaces over which translation takes place. // // Uses 'IP_NAT_INTERFACE_INFO' for input. // // // IOCTL_IP_NAT_GET_INTERFACE_INFO // // Invoked by the IP router-manager to get configuration information on // boundary interfaces. // // uses 'IP_NAT_INTERFACE_INFO' for input and output. // // // Structure: IP_NAT_INTERFACE_INFO // // 'NatInterfaceContext' identifies the interface to be configured or whose // configuration is being retrieved, and is the context supplied on output from // 'IOCTL_IP_NAT_CREATE_INTERFACE'. // // The configuration information uses the RTR_INFO_BLOCK_HEADER structure // of rtinfo.h. See below for the type-codes for structures which may appear // after IP_NAT_INTERFACE_INFO.Header within the RTR_TOC_ENTRY.InfoType field. // typedef struct _IP_NAT_INTERFACE_INFO { IN PVOID NatInterfaceContext; IN ULONG Flags; IN RTR_INFO_BLOCK_HEADER Header; } IP_NAT_INTERFACE_INFO, *PIP_NAT_INTERFACE_INFO; // // Flags for IP_NAT_INTERFACE_INFO.Flags // // _BOUNDARY: set to mark interface as boundary-interface. // _NAPT: set to enable address-sharing via port-translation. // #define IP_NAT_INTERFACE_FLAGS_BOUNDARY 0x00000001 #define IP_NAT_INTERFACE_FLAGS_NAPT 0x00000002 #define IP_NAT_INTERFACE_FLAGS_ALL 0x00000003 // // Type-codes for the IP_NAT_INTERFACE_INFO.Header.TocEntry[] array. // // The structures which correspond to each info-type are given below. // #define IP_NAT_PORT_RANGE_TYPE IP_GENERAL_INFO_BASE + 1 #define IP_NAT_ADDRESS_RANGE_TYPE IP_GENERAL_INFO_BASE + 2 #define IP_NAT_PORT_MAPPING_TYPE IP_GENERAL_INFO_BASE + 3 #define IP_NAT_ADDRESS_MAPPING_TYPE IP_GENERAL_INFO_BASE + 4 // // Structure: IP_NAT_PORT_RANGE // // Holds a range of port numbers which the NAT is allowed to use // on a boundary interface. // // In the case of an interface with a pool of addresses, 'PublicAddress' // should specify which of those addresses this static-mapping applies to. // typedef struct _IP_NAT_PORT_RANGE { UCHAR Protocol; ULONG PublicAddress; // OPTIONAL - see IP_NAT_ADDRESS_UNSPECIFIED USHORT StartPort; USHORT EndPort; } IP_NAT_PORT_RANGE, *PIP_NAT_PORT_RANGE; // // Structure: IP_NAT_ADDRESS_RANGE // // Holds a range of addresses which are part of the address-pool // for a boundary interface. // // An address-pool consists of a list of these structures. // // Note: overlapping address-ranges are not supported; // discontiguous subnet masks are also unsupported. // typedef struct _IP_NAT_ADDRESS_RANGE { ULONG StartAddress; ULONG EndAddress; ULONG SubnetMask; } IP_NAT_ADDRESS_RANGE, *PIP_NAT_ADDRESS_RANGE; // // Structure: IP_NAT_PORT_MAPPING // // Holds a static mapping which ties a public-side port on this NAT interface // to a particular private machine's address/port. // // In the case of an interface with a pool of addresses, 'PublicAddress' // should specify which of those addresses this static-mapping applies to. // typedef struct _IP_NAT_PORT_MAPPING { UCHAR Protocol; USHORT PublicPort; ULONG PublicAddress; // OPTIONAL - see IP_NAT_ADDRESS_UNSPECIFIED USHORT PrivatePort; ULONG PrivateAddress; } IP_NAT_PORT_MAPPING, *PIP_NAT_PORT_MAPPING; // // Constant for 'PublicAddress' in IP_NAT_PORT_RANGE and IP_NAT_PORT_MAPPING; // may be specified for boundary-interfaces which have no address-pool, in // which case the range/mapping is for the boundary-interface's sole address. // #define IP_NAT_ADDRESS_UNSPECIFIED ((ULONG)0) // // Structure: IP_NAT_ADDRESS_MAPPING // // Holds a static mapping which ties an address from this NAT interface's // address pool to a particular private-machine's address. // // Note that this address must fall within one of the ranges comprising // the pool as specified by the IP_NAT_ADDRESS_RANGE structures. // typedef struct _IP_NAT_ADDRESS_MAPPING { ULONG PrivateAddress; ULONG PublicAddress; BOOL AllowInboundSessions; } IP_NAT_ADDRESS_MAPPING, *PIP_NAT_ADDRESS_MAPPING; // // IOCTL_IP_NAT_REGISTER_EDITOR // // This IOCTL is invoked by a kernel-mode component which wishes to act // as an editor for packets which match a particular session-description. // // // Enum: IP_NAT_DIRECTION // // Lists the session-flow directions for which an editor may register. // IpNatInbound refers to the 'public-to-private' flow, while // IpNatOutbound refers to the 'private-to-public' flow. // typedef enum _IP_NAT_DIRECTION { IpNatInbound = 0, IpNatOutbound = 1 } IP_NAT_DIRECTION, *PIP_NAT_DIRECTION; // // Editor function prototypes // // // For synchronization reasons, 'CreateHandler' and 'DeleteHandler' // CANNOT invoke any helper functions other than 'QueryInfoSession'. // typedef NTSTATUS (*PNAT_EDITOR_CREATE_HANDLER)( IN PVOID EditorContext, IN ULONG PrivateAddress, IN USHORT PrivatePort, IN ULONG PublicAddress, IN USHORT PublicPort, IN ULONG RemoteAddress, IN USHORT RemotePort, OUT PVOID* EditorSessionContextp OPTIONAL ); typedef NTSTATUS (*PNAT_EDITOR_DELETE_HANDLER)( IN PVOID InterfaceHandle, IN PVOID SessionHandle, IN PVOID EditorContext, IN PVOID EditorSessionContext ); typedef NTSTATUS (*PNAT_EDITOR_DATA_HANDLER)( IN PVOID InterfaceHandle, IN PVOID SessionHandle, IN PVOID DataHandle, IN PVOID EditorContext, IN PVOID EditorSessionContext, IN PVOID RecvBuffer, IN ULONG DataOffset ); // // Helper function prototypes // typedef NTSTATUS (*PNAT_HELPER_CREATE_TICKET)( IN PVOID InterfaceHandle, IN UCHAR Protocol, IN ULONG PrivateAddress, IN USHORT PrivatePort, IN ULONG TimeoutSeconds, OUT PULONG PublicAddress, OUT PUSHORT PublicPort ); typedef NTSTATUS (*PNAT_HELPER_DELETE_TICKET)( IN PVOID InterfaceHandle, IN ULONG PublicAddress, IN UCHAR Protocol, IN USHORT PublicPort ); typedef NTSTATUS (*PNAT_HELPER_DEREGISTER_EDITOR)( IN PVOID EditorHandle ); typedef NTSTATUS (*PNAT_HELPER_DISSOCIATE_SESSION)( IN PVOID EditorHandle, IN PVOID SessionHandle ); typedef NTSTATUS (*PNAT_HELPER_EDIT_SESSION)( IN PVOID DataHandle, IN PVOID RecvBuffer, IN ULONG OldDataOffset, IN ULONG OldDataLength, IN PUCHAR NewData, IN ULONG NewDataLength ); typedef VOID (*PNAT_HELPER_QUERY_INFO_SESSION)( IN PVOID SessionHandle, IN PULONG PrivateAddress OPTIONAL, IN PUSHORT PrivatePort OPTIONAL, IN PULONG RemoteAddress OPTIONAL, IN PUSHORT RemotePort OPTIONAL, IN PULONG PublicAddress OPTIONAL, IN PUSHORT PublicPort OPTIONAL ); typedef VOID (*PNAT_HELPER_TIMEOUT_SESSION)( IN PVOID EditorHandle, IN PVOID SessionHandle ); // // Structure: IP_NAT_REGISTER_EDITOR // // The editor uses this structure to register itself with the NAT, // and to obtain entrypoints of helper-functions provided by the NAT. // // On input, 'EditorContext' should contain a value which the NAT will // pass to the editor's provided functions to serve as identification. // // On output, 'EditorHandle' contains the handle which the editor should // pass to the NAT's helper functions to identify itself. // typedef struct _IP_NAT_REGISTER_EDITOR { IN ULONG Version; IN ULONG Flags; IN UCHAR Protocol; IN USHORT Port; IN IP_NAT_DIRECTION Direction; IN PVOID EditorContext; IN PNAT_EDITOR_CREATE_HANDLER CreateHandler; // OPTIONAL IN PNAT_EDITOR_DELETE_HANDLER DeleteHandler; // OPTIONAL IN PNAT_EDITOR_DATA_HANDLER InboundDataHandler; // OPTIONAL IN PNAT_EDITOR_DATA_HANDLER OutboundDataHandler; // OPTIONAL OUT PVOID EditorHandle; OUT PNAT_HELPER_CREATE_TICKET CreateTicket; OUT PNAT_HELPER_DELETE_TICKET DeleteTicket; OUT PNAT_HELPER_DEREGISTER_EDITOR Deregister; OUT PNAT_HELPER_DISSOCIATE_SESSION DissociateSession; OUT PNAT_HELPER_EDIT_SESSION EditSession; OUT PNAT_HELPER_QUERY_INFO_SESSION QueryInfoSession; OUT PNAT_HELPER_TIMEOUT_SESSION TimeoutSession; } IP_NAT_REGISTER_EDITOR, *PIP_NAT_REGISTER_EDITOR; #define IP_NAT_EDITOR_FLAGS_RESIZE 0x00000001 // // IOCTL_IP_NAT_REGISTER_DIRECTOR // // This IOCTL is invoked by a kernel-mode component that wishes to be consulted // about the direction of incoming TCP/UDP sessions. // // Such a component, if installed, is consulted by the NAT // to determine dynamically how to direct inbound sessions. The module // could, for instance, be installed to direct sessions destined for // a cluster of HTTP servers in such a way as to balance the load across // the servers via round-robin or other means. // // // Director function prototypes // typedef NTSTATUS (*PNAT_DIRECTOR_QUERY_SESSION)( IN PVOID DirectorContext, IN UCHAR Protocol, IN ULONG PublicAddress, IN USHORT PublicPort, IN ULONG RemoteAddress, IN USHORT RemotePort, OUT PULONG PrivateAddress, OUT PUSHORT PrivatePort, OUT PVOID* Contextp OPTIONAL ); typedef NTSTATUS (*PNAT_DIRECTOR_DELETE_SESSION)( IN PVOID SessionHandle, IN PVOID DirectorContext, IN PVOID DirectorSessionContext ); // // Director-helper function prototypes // typedef NTSTATUS (*PNAT_HELPER_DEREGISTER_DIRECTOR)( IN PVOID DirectorHandle ); // // Structure: IP_NAT_REGISTER_DIRECTOR // // The director uses this structure to register itself with the NAT. // typedef struct _IP_NAT_REGISTER_DIRECTOR { IN ULONG Version; IN ULONG Flags; IN UCHAR Protocol; IN USHORT Port; IN PVOID DirectorContext; IN PNAT_DIRECTOR_QUERY_SESSION QueryHandler; IN PNAT_DIRECTOR_DELETE_SESSION DeleteHandler; OUT PVOID DirectorHandle; OUT PNAT_HELPER_QUERY_INFO_SESSION QueryInfoSession; OUT PNAT_HELPER_DEREGISTER_DIRECTOR Deregister; } IP_NAT_REGISTER_DIRECTOR, *PIP_NAT_REGISTER_DIRECTOR; // // IOCTL_IP_NAT_GET_INTERFACE_STATISTICS // // This IOCTL is invoked to retrieve per-interface statistics. // // // Structure: IP_NAT_INTERFACE_STATISTICS // // Used for retrieving statistics. On input, 'NatInterfaceContext' // should contain the context of the NAT interface whose statistics // are to be obtained. // typedef struct _IP_NAT_INTERFACE_STATISTICS { IN PVOID NatInterfaceContext; OUT ULONG TotalMappings; OUT ULONG InboundMappings; OUT ULONG InboundPacketsRejected; OUT ULONG OutboundPacketsRejected; } IP_NAT_INTERFACE_STATISTICS, *PIP_NAT_INTERFACE_STATISTICS; // // IOCTL_IP_NAT_ENUMERATE_SESSION_MAPPINGS // // This IOCTL is invoked to enumerate the dynamic TCP and UDP mappings // for an interface. // // // Structure: IP_NAT_SESSION_MAPPING // // This structure holds information for a single mapping // typedef struct _IP_NAT_SESSION_MAPPING { IP_NAT_DIRECTION Direction; UCHAR Protocol; // see NAT_PROTOCOL_* above ULONG PrivateAddress; USHORT PrivatePort; ULONG PublicAddress; USHORT PublicPort; ULONG RemoteAddress; USHORT RemotePort; ULONG IdleTime; // in seconds } IP_NAT_SESSION_MAPPING, *PIP_NAT_SESSION_MAPPING; // // Structure: IP_NAT_ENUMERATE_SESSION_MAPPINGS // // Used for enumerate session mappings. On input, 'NatInterfaceContext' // should hold the context for the interface whose mappings are to be // enumerated. On the first call to this routine, 'EnumerateContext' // should be zeroed out; it will be filled by the NAT with information // to be passed back down as the enumeration continues. To indicate // there are no items remaining, the NAT will set EnumerateContext[0] to 0. // typedef struct _IP_NAT_ENUMERATE_SESSION_MAPPINGS { IN PVOID NatInterfaceContext; IN OUT ULONG EnumerateContext[4]; OUT ULONG EnumerateCount; OUT IP_NAT_SESSION_MAPPING EnumerateTable[1]; } IP_NAT_ENUMERATE_SESSION_MAPPINGS, *PIP_NAT_ENUMERATE_SESSION_MAPPINGS; #endif // _ROUTING_IP_NAT_H_