Implement "global" mode for ipfw nat. It is similar to natd(8)

"globalport" option for multiple NAT instances. If ipfw rule contains "global" keyword instead of nat_number, then for each outgoing packet ipfw_nat looks up translation state in all configured nat instances. If an entry is found, packet aliased according to that entry, otherwise packet is passed unchanged. User can specify "skip_global" option in NAT configuration to exclude an instance from the lookup in global mode. PR: kern/157867 Submitted by: Alexander V. Chernikov (previous version) Tested by: Eugene Grosbein
author: ae <ae@FreeBSD.org> 2011-06-14 13:35:24 +0000
committer: ae <ae@FreeBSD.org> 2011-06-14 13:35:24 +0000
commit: a060389e5b178c7324442c0723886c8fda798998 (patch)
tree: 2c079dd50524382ccfa62d936bc012d4c0f8795b /sys/netinet/libalias
parent: 7b7c6f4e74ea94ae75d0f52366eaf6a8ccd0022e (diff)
download: FreeBSD-src-a060389e5b178c7324442c0723886c8fda798998.zip
FreeBSD-src-a060389e5b178c7324442c0723886c8fda798998.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/sys/netinet/libalias/alias.h b/sys/netinet/libalias/alias.h
index 6fe40ed..b12b353 100644
--- a/sys/netinet/libalias/alias.h
+++ b/sys/netinet/libalias/alias.h
@@ -220,6 +220,12 @@ struct mbuf    *m_megapullup(struct mbuf *, int);
 #define	PKT_ALIAS_PUNCH_FW		0x100
 #endif
 
+/*
+ * If PKT_ALIAS_SKIP_GLOBAL is set, nat instance is not checked for matching
+ * states in 'ipfw nat global' rule.
+ */
+#define	PKT_ALIAS_SKIP_GLOBAL		0x200
+
 /* Function return codes. */
 #define	PKT_ALIAS_ERROR			-1
 #define	PKT_ALIAS_OK			1
author	ae <ae@FreeBSD.org>	2011-06-14 13:35:24 +0000
committer	ae <ae@FreeBSD.org>	2011-06-14 13:35:24 +0000
commit	a060389e5b178c7324442c0723886c8fda798998 (patch)
tree	2c079dd50524382ccfa62d936bc012d4c0f8795b /sys/netinet/libalias
parent	7b7c6f4e74ea94ae75d0f52366eaf6a8ccd0022e (diff)
download	FreeBSD-src-a060389e5b178c7324442c0723886c8fda798998.zip FreeBSD-src-a060389e5b178c7324442c0723886c8fda798998.tar.gz