Add support for the libalias redirect functionality.

Submitted by:   Vadim Goncharov <vadim_nuclight@mail.ru>

1 files changed, 188 insertions, 2 deletions

diff --git a/share/man/man4/ng_nat.4 b/share/man/man4/ng_nat.4
index dcb521f..cc89703 100644
--- a/share/man/man4/ng_nat.4
+++ b/share/man/man4/ng_nat.4
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd May 6, 2005
+.Dd March 1, 2008
 .Dt NG_NAT 4
 .Os
 .Sh NAME
@@ -42,7 +42,6 @@ A
 node uses
 .Xr libalias 3
 engine for packet aliasing.
-At this moment it supports only the basic functionality of the library.
 .Sh HOOKS
 This node type has two hooks:
 .Bl -tag -width indent
@@ -81,7 +80,194 @@ struct ng_nat_mode {
 Configure target address for a node.
 When an incoming packet not associated with any pre-existing aliasing 
 link arrives at the host machine, it will be sent to the specified address.
+.It Dv NGM_NAT_REDIRECT_PORT Pq Li redirectport
+Redirect incoming connections arriving to given port(s) to
+another host and port(s).
+The following
+.Vt "struct ng_nat_redirect_port"
+must be supplied as argument.
+.Bd -literal
+#define NG_NAT_DESC_LENGTH	64
+struct ng_nat_redirect_port {
+	struct in_addr	local_addr;
+	struct in_addr	alias_addr;
+	struct in_addr	remote_addr;
+	uint16_t	local_port;
+	uint16_t	alias_port;
+	uint16_t	remote_port;
+	uint8_t		proto;
+	char		description[NG_NAT_DESC_LENGTH];
+};
+.Ed
+.Pp
+Redirection is assigned an unique ID which is returned as
+response to this message, and
+information about redirection added to
+list of static redirects which later can be retrieved by
+.Dv NGM_NAT_LIST_REDIRECTS
+message.
+.It Dv NGM_NAT_REDIRECT_ADDR Pq Li redirectaddr
+Redirect traffic for public IP address to a machine on the
+local network.
+This function is known as
+.Em static NAT .
+The following
+.Vt "struct ng_nat_redirect_addr"
+must be supplied as argument.
+.Bd -literal
+struct ng_nat_redirect_addr {
+	struct in_addr	local_addr;
+	struct in_addr	alias_addr;
+	char		description[NG_NAT_DESC_LENGTH];
+};
+.Ed
+.Pp
+Unique ID for this redirection is returned as response to this message.
+.It Dv NGM_NAT_REDIRECT_PROTO Pq Li redirectproto
+Redirect incoming IP packets of protocol
+.Va proto
+(see
+.Xr protocols 5 )
+to a machine on the local network.
+The following
+.Vt "struct ng_nat_redirect_proto"
+must be supplied as argument.
+.Bd -literal
+struct ng_nat_redirect_proto {
+	struct in_addr	local_addr;
+	struct in_addr	alias_addr;
+	struct in_addr	remote_addr;
+	uint8_t		proto;
+	char		description[NG_NAT_DESC_LENGTH];
+};
+.Ed
+.Pp
+Unique ID for this redirection is returned as response to this message.
+.It Dv NGM_NAT_REDIRECT_DYNAMIC Pq Li redirectdynamic
+Mark redirection with specified ID as dynamic, i.e., it will serve
+for exactly one next connection and then will be automatically
+deleted from internal links table.
+Only fully specified links can be made dynamic.
+The redirection with this ID is also immediately deleted from
+user-visible list of static redirects (available through
+.Dv NGM_NAT_LIST_REDIRECTS
+message).
+.It Dv NGM_NAT_REDIRECT_DELETE Pq Li redirectdelete
+Delete redirection with specified ID (currently active
+connections are not affected).
+.It Dv NGM_NAT_ADD_SERVER Pq Li addserver
+Add another server to a pool.
+This is used to transparently offload network load on a single server
+and distribute the load across a pool of servers, also known as
+.Em LSNAT
+(RFC 2391).
+The following
+.Vt "struct ng_nat_add_server"
+must be supplied as argument.
+.Bd -literal
+struct ng_nat_add_server {
+	uint32_t	id;
+	struct in_addr	addr;
+	uint16_t	port;
+};
+.Ed
+.Pp
+First, the redirection is set up by
+.Dv NGM_NAT_REDIRECT_PORT
+or
+.Dv NGM_NAT_REDIRECT_ADDR .
+Then, ID of that redirection is used in multiple
+.Dv NGM_NAT_ADD_SERVER
+messages to add necessary number of servers.
+For redirections created by
+.Dv NGM_NAT_REDIRECT_ADDR ,
+the
+.Va port
+is ignored and could have any value.
+Original redirection's parameters
+.Va local_addr
+and
+.Va local_port
+are also ignored after
+.Dv NGM_NAT_ADD_SERVER
+was used (they are effectively replaced by server pool).
+.It Dv NGM_NAT_LIST_REDIRECTS Pq Li listredirects
+Return list of configured static redirects as
+.Vt "struct ng_nat_list_redirects".
+.Bd -literal
+struct ng_nat_listrdrs_entry {
+	uint32_t	id;		/* Anything except zero */
+	struct in_addr	local_addr;
+	struct in_addr	alias_addr;
+	struct in_addr	remote_addr;
+	uint16_t	local_port;
+	uint16_t	alias_port;
+	uint16_t	remote_port;
+	uint16_t	proto;		/* Valid proto or NG_NAT_REDIRPROTO_ADDR */
+	uint16_t	lsnat;		/* LSNAT servers count */
+	char		description[NG_NAT_DESC_LENGTH];
+};
+struct ng_nat_list_redirects {
+	uint32_t		total_count;
+	struct ng_nat_listrdrs_entry redirects[];
+};
+#define NG_NAT_REDIRPROTO_ADDR	(IPPROTO_MAX + 3)
+.Ed
+.Pp
+Entries of the
+.Va redirects
+array returned in the unified format for all redirect types.
+Ports are meaningful only if protocol is either TCP or UDP
+and
+.Em static NAT
+redirection (created by
+.Dv NGM_NAT_REDIRECT_ADDR )
+is indicated by
+.Va proto
+set to
+.Dv NG_NAT_REDIRPROTO_ADDR .
+If
+.Va lsnat
+servers counter is greater than zero, then
+.Va local_addr
+and
+.Va local_port
+are also meaningless.
+.It Dv NGM_NAT_PROXY_RULE Pq Li proxyrule
+Specify a transparent proxying rule (string must be
+supplied as argument).
+See
+.Xr libalias 3
+for details.
 .El
+.Pp
+In all redirection messages
+.Va local_addr
+and
+.Va local_port
+mean address and port of target machine in the internal network,
+respectively.
+If
+.Va alias_addr
+is zero, then default aliasing address (set by
+.Dv NGM_NAT_SET_IPADDR )
+is used.
+Connections can also be restricted to be accepted only
+from specific external machines by using non-zero
+.Va remote_addr
+and/or
+.Va remote_port .
+Each redirection assigned an ID which can be later used for
+redirection manipulation on individual basis (e.g., removal).
+This ID guaranteed to be unique until the node shuts down
+(it will not be reused after deletion), and is returned to
+user after making each new redirection or can be found in
+the stored list of all redirections.
+The
+.Va description
+passed to and from node unchanged, together with ID providing
+a way for several entities to concurrently manipulate
+redirections in automated way.
 .Sh SHUTDOWN
 This node shuts down upon receipt of a
 .Dv NGM_SHUTDOWN