[Xorp-hackers] XORT-NAT: Proposal for NAT interface XIF and a
config file syntaks
Kristen Nielsen
krn@krn.dk
Sun, 23 Apr 2006 16:26:23 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Pavlin
Thank you for commenting on my nat suggestion.
I answer some of your questions below
Kristen.
Pavlin Radoslavov wrote:
> [Note: a follow-up of an old email that was postponed for discussion
> after the 1.2 release].
>
>
>>After a long time of considerations and working on specifying a
>>configuratoin syntax and a XIF file for a NAT module, I am hereby
>>sending this proposal to the list for comments.
>>
>>(Re my mail from oct 16 2005 with subject: NAT support for XORP)
>>
>>
>>20060200-NAT-interface-descr.txt file contains the syntax and a few
>>samples of use of the configuration format.
>>
>>The nat.xif file has kdoc documentation documenting the various
>>functions and parameters.
>>
>>The idea is to provice a common interface for the NAT module, with a
>>defined syntax, and then use either the native (FreeBSD natd/or the
>>similar functionality in linux) daemon, or a click module, with a rule
>>of thumb something like this:
>>
>>If the nat configuration is possible to implement with the native module
>>this can be used, else the user must switch to the click nat module to
>>achieve the wanted functionality.
>
>
> The caveat with the above rule is that the user must have Click.
> Currently, kernel-mode Click works only on Linux and some versions
> of FreeBSD, and those systems already have native NAT support.
> FYI, I believe user-mode Click works on a larger variety of systems
> (I have been able to compile and use it as-is on Mac OS X), but
> obviously you will get some performance penalty if you perform NAT
> in user space Click. The upside of user-space Click NAT of course
> would be that you don't have to modify your kernel and the
> performance hit may be acceptable in most cases (you may want to do
> some measurements here to prove this of course).
OK - I later realized that the kernel module was (almost) silently left
out when I compiled click on a FreeBSD Rel 6 machine.
I have been working some time trying to port it to FreeBSD 6, as this
gives me at reason to take a look at the FreeBSD networking system. For
now I will have to leave it for some weeks.
>
>
>>I have designed with the use of IP-realms (aka different ip domains)
>>which I am aware of is not possible to use in the standard ip stack of
>>Freebsd/Linux, but if one make configurations with non overlapping ip
>>ranges it will actually be possible to implement theese in the existing
>>kernel / ip stacks. The realm stuff is kept entirely in the nat config
>>area of the config file.
>>
>>I would apreaciate comments on this, as I would like to continue
>>planning and coding soon.
>>
>>I would also like to have ideas / comments about how to add more
>>datatypes to the idl generator scripts. (for the port type, and an
>>eventually ipv4-range type (which I here has made with 2 ipv4 ip-addresses.)
>
>
> Can you clarify what you mean by "idl generator scripts".
i mean the tgt-gen and clnt-gen in the xrl/scripts directory.
>
> If you need ipv4-range type support, there is rtrmgr template type
> named "ipv4range" and "ipv6range" which has the syntax IPADDR..IPADDR.
> E.g. see the policy section inside etc/templates/bgp.tp.
I would also need some support for the "port" description language in
the scripts (as far as I understand) Is this doable?
>
> Comments continuing below.
>
>
>>Sincerely
>>Mr. Kristen Nielsen
>>University of Copenhagen
>>Copenhagen
>>Denmark
>>kristen@diku.dk / krn@krn.dk
>>phone +4540466221 (gmt -1)
>>
>>-----BEGIN PGP SIGNATURE-----
>>Version: GnuPG v1.4.2 (FreeBSD)
>>Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>>
>>iD8DBQFD+fVJe7tFxipD00wRApbiAJ9p3KmXx/FN7EUjdmMh7hi0szs4hgCgmTNb
>>fzLck6xcwnqSfqA3uYgrphA=
>>=wZHj
>>-----END PGP SIGNATURE-----
>>
>>--------------040204020303010209060700
>>Content-Type: text/plain;
>> name="20060220-NAT-interface-descr.txt"
>>Content-Transfer-Encoding: 7bit
>>Content-Disposition: inline;
>> filename="20060220-NAT-interface-descr.txt"
>>
>>* Short description of the config file format for the xorp NAT module.
>>* Examples of configurations with alike FreeBSD natd commandline.
>>* Syntax of the port statement.
>>
>>protocols {
>> nat {
>> disable {disabled:bool}
>>
>> nat-realm <text:realm-name> <description: description:txt> {
>
>
> Currently, the rtrmgr template syntax doesn't support multi-value
> statements like the one above. You would have to break it into, say:
>
> nat-realm <text:realm-name> {
> description: <description:txt>
>
>
>
>> interface <ifname> vif <vif-name> {
>> description <description:txt>
>> default-vif-address: <vif-hw-name:txt>
>> ip-address: <ip:ipv4>
>> tag: <tagid:txt>
>>
>> interface-alias {
>> description: <description:txt>
>> alias-address: <ip:ipv4list> /* alt to more interface-alias clauses */
>> tag: <tagid:txt>
>> }
>> }
>
>
> The interface/vif statements need to be specified separately:
> interface <ifname> {
> vif <vif-name> {
> ...
> }
> ...
> }
>
>
> Also, note that we don't support a list of addresses, hence you may
> want to specify all addresses with multi-value nodes like:
>
> interface <ifname> {
> vif <vif-name> {
> address <ip:ipv4> {
> description: <description:txt>
> tag: <tagid:txt>
> }
> }
> ...
> }
>
>
>
>>
>> /* Address pool maps to the create/delete/get_nat_realm4 function) */
>> address-pool {
>> description: <description:txt>
>> ip-address: <ip:ipv4>
>> ip-range: <ipfrom:ipv4> - <ipto:ipv4>
>> ipnet: <ipnet:ipv4net>
>> tag: <tag:txt>
>> }
>> }
>>
>> static-nat {
>> map {
>> description: <description:txt>
>> source {
>> realm: <srcrealm:txt>
>> ip-address: <ip:ipv4>
>> ip-range: <ipfrom:ipv4> - <ipto:ipv4>
>> ipnet: <ipnet:ipv4net>
>> tag: <tag:txt>
>> port: <ports:ipv4ports>
>> }
>> destination {
>> realm: <destrealm:txt>
>> ip-address: <ip:ipv4>
>> ip-range: <ipfrom:ipv4> - <ipto:ipv4>
>> ipnet: <ipnet:ipv4net>
>> tag: <tag:txt>
>> port: <ports:ipv4ports>
>> }
>> }
>> }
>>
>> dynamic-nat {
>> map {
>> description: <description:txt>
>> source {
>> realm: <srcrealm:txt>
>> ip-address: <ip:ipv4>
>> ip-range: <ipfrom:ipv4> - <ipto:ipv4>
>> ipnet: <ipnet:ipv4net>
>> tag: <tag:txt>
>> port: <ports:ipv4ports>
>> }
>> destination {
>> realm: <destrealm:txt>
>> ip-address: <ip:ipv4>
>> ip-range: <ipfrom:ipv4> - <ipto:ipv4>
>> ipnet: <ipnet:ipv4net>
>> tag: <tag:txt>
>> port: <ports:ipv4ports>
>> binding: <binding:txt>
>>
>> }
>> }
>>
>> ls-nat {
>> map {
>> description: <description:txt>
>> source {
>> realm: <srcrealm:txt>
>> ip-address: <ip:ipv4>
>> ip-range: <ipfrom:ipv4> - <ipto:ipv4>
>> ipnet: <ipnet:ipv4net>
>> tag: <tag:txt>
>> port: <ports:ipv4ports>
>> }
>> destination {
>> realm: <destrealm:txt>
>> ip-address: <ip:ipv4>
>> ip-range: <ipfrom:ipv4> - <ipto:ipv4>
>> ipnet: <ipnet:ipv4net>
>> tag: <tag:txt>
>> port: <ports:ipv4ports>
>> }
>> }
>> }
>> }
>>}
>>
>>
>>The "port:" parameter is used to set the ports in use for an actual translation.
>>Syntax:
>>
>><ports-stmt> ::= ports: <port-def>
>><ports-def> ::= <protocol> <port-list>
>><port-list> ::= <port-spec> [, <port-def>]...
>><port-spec> ::= <port-nr | service-name> | <port-range | service-name-range>
>><protocol> ::= tcp | udp
>><port-nr> ::= <digits>
>>service-name ::= <letters><letters|digits>...
>>digits ::= <digit>...
>>digit ::= <0|1|2|3|4|5|6|7|8|9>
>>letters ::= <letter>...
>>letter ::=<a...z|A..Z>
>>
>>Example:
>>
>>ports: tcp 22,33,44-55, udp 22,33,66-77, 88
>
>
>
> The above syntax seems to me as tcp/udp centric and assumes the
> particular protocol has the concept of a port.
> This is not true for protocols like ICMP and GRE.
>
>
OK See my comment later.
>
>>Sample configurations with similar FreeBSD natd mappings.
>>
>>The FreeBSD
>>
>>"natd -redirect_port tcp 172.17.16.15/telnet 6666"
>>
>>command with the global ip address equal to 80.10.10.10 is expressed in XORP NAT configuration files as:
>>
>>protocols {
>> NAT {
>> realm "global" {
>> ip: 80.10.1010
>> }
>>
>> realm "local" {
>> ip: 172.17.16.15
>> }
>> static-map { <description>
>> source { ip-address: 80.10.10.10
>> ports: tcp 6666
>> }
>>
>> destination {
>> ip-address: 172.17.16.15
>> ports: tcp telnet
>> }
>> }
>> }
>>}
>
>
>
> I would recommend to generalize the source and destination syntax by
> separating the concept of protocol and port. Of course, for
> protocols like tcp and udp you must have ports, so your syntax must
> incorporate that too :)
>
I did this with NAT in my mind, but it seems naturally to come up with a
more generic dexcription for this which can be used more generally in xorp.
Do I understand you correct, that you would like a language that
supports all possible protocols in the IP packet not only TCP, UDP.
or do you also want the layer 2 protocols included in the language?
I will look into this again and come up with a new suggestion.
>
>
>>The configline:
>>"natd -interface em0"
>>Creation of a dynamic mapping from 172.17.16/24 to global address of em0 interface = ip 80.10.10.10 is expressed as:
>>
>>protocols {
>> NAT{
>> realm "global" {
>> ip: 80.10.10.10
>> tag "globalip"
>> }
>>
>> realm "local" {
>> ipnet: 172.17.16.0/24
>> tag: "localnet"}
>>
>> dynamic-map { <description>
>> source {tag: "localnet"
>> }
>> destination {
>> tag: "globalip"
>> }
>> }
>> }
>>}
>>Written by
>>Kristen Nielsen
>>Computer Science dept
>>University of Copenhagen, Denmark
>>kristen@diku.dk / KrN@KrN.dk
>>
>>
>>
>>--------------040204020303010209060700
>>Content-Type: text/plain;
>> name="nat.xif"
>>Content-Transfer-Encoding: 7bit
>>Content-Disposition: inline;
>> filename="nat.xif"
>>
>>/* xorp/xrl/interfaces/nat.xif file by KrN@KrN.DK 20060220 */
>>/* Suggestion to a nat interface for xorp. */
>>
>>
>>/* The following interfaces exists for the xorp nat module */
>>
>> /**
>> * Network address translation (NAT) interface.
>> * The NAT module consists of the following configuration elements:
>> *
>> * set_nat_disable and get_nat_disable:
>> * sets and returns the status of the nat module
>> *
>> * nat_realm:
>> * Manages (creates/deletes/get) realms for use in nat mappings.
>> * Before realms can be used in configurations, they must
>> * be created.
>> *
>> * nat_realm_vif4:
>> * Manages (creates/delete/lists) vif addresses for nat use
>> * in nat mappings.
>> *
>> * nat_realm_alias4:
>> * Manages (creates/deletes/lists) alias ipv4 addresses for vif
>> * interfaces for use in nat mappings.
>> *
>> * nat_realm4:
>> * Defines ip4 addresses, ip4 networks and ip4 address ranges
>> * for use in nat mappings. Addresses are not directly connected
>> * to any vif on the xorp router. Addresses are reachable
>> * via the realm / vif interface stated. (This will probably be
>> * changed to be the interface pointed out by the next-hop entry
>> * in the rib.)
>> *
>> * nat_static_map4:
>> * Defines static NAT table mappings
>> * From the realm and ip definitions in the nat_realm_* group
>> * Tcp and/or udp port definitions can be defined here.
>> *
>> * nat_dynamic_map4:
>> * Defines dynamic NAT table mappings (triggers)
>> * From the definitions in the nat_real_* group
>> * Tcp and/or udp port definitions can be defined here.
>> *
>> * nat_lsnat_map4:
>> * Defines Load Sharing NAT mappings
>> * From the definitions in the nat_real_* group
>> * Tcp and/or udp port definitions can be defined here.
>> *
>> */
>>interface nat/0.1 {
>>
>> /**
>> * set nat disable (and enable) function
>> *
>> * @param disabled sets the status of the nat module true = disabled,
>> * false = enabled
>> * @param disabledstatus returns the status of the module,
>> * true = disabled, false = enabled
>> */
>> set_nat_disable ? disabled:bool -> disabledstatus:bool
>
>
> What is the purpose of the returned disabledstatus?
> If "set_nat_disable" returned success, then the status must be same
> as the "disabled:bool" argument when the XRL was invoked.
I believe that the returned success was a "the communication went
through" kind of reply, and a no-success would indicate some kind of
fatal fault.
Did I misunderstand some of the docs?
> BTW, stylistically, we prefer that longer names are separated
> with, say, underscore: disabledstatus -> disabled_status :)
>
OK - no problem. (I guess this is a leftover from Danish :-)
This is my last answer / comment in this mail.
Kristen.
> This is my last comment. Without going into details, the rest of the
> XRLs seem reasonable. Though, if you change the NAT configuration
> syntax quite likely you would have to change some of the XRLs as
> well.
>
> Pavlin
>
>
>
>> /**
>> * get nat status function
>> *
>> * @param disabledstatus returns the status of the module, (as the
>> * set_nat_disable function) true = disabled, false = enabled
>> */
>> get_nat_disable -> disabledstatus:bool
>>
>>
>> /**
>> * create_nat_realm - creates a nat realm.
>> *
>> * @param realm holds the name of the realm to be created. The name
>> * must not exist when the call is made.
>> * @param descr is the textual description of the realm.
>> */
>> create_nat_realm ? realm:txt & descr:txt
>>
>> /**
>> * delete_nat_realm - deletes a nat realm.
>> *
>> * @param realm holds the name of the realm to be deleted. The name
>> * must exist when the call is made.
>> */
>> delete_nat_realm ? realm:txt
>>
>> /**
>> * get_nat_realm - lists nat realms.
>> *
>> * @param realm holds the name of the realm to be deleted.
>> * If the parameter is NULL, all existing realms is returned.
>> */
>> get_nat_realm ? realm:txt -> realms:list
>>
>>
>> /**
>> * create_nat_realm_vif4 - creates an entry for the base ipv4 address
>> * of a virtual interface.
>> * Any virtual interface can at most be a member of one realm.
>> * Virtual interfaces must be in the same realm as the ip addresses
>> * passing the vif interface.
>> *
>> * @param realm is an existing realm that the vif is mapped to.
>> * @param ifname is the name of the physical interface where the
>> * vif is defined.
>> * @param vifname is the name of the virtual interface to be mapped.
>> * @param tag is a textlabel that the mapping is labeled with.
>> * @param description textual description of the mapping.
>> */
>> create_nat_realm_vif4 ? realm:txt & ifname:txt & vifname:txt & \
>> tag:txt & description:txt
>>
>> /**
>> * delete_nat_realm_vif4 - removes an entry for a base ipv4 (vif)
>> * address of virtual interface from a nat realm.
>> * The definitions matching all the supplied parameters is deleted.
>> * Wild card parameters must be set to NULL.
>> *
>> * @param realm all vif4 definitions to this realm is deleted.
>> * @param ifname all definitions with this ifname is deleted.
>> * @param vifname all mappings to this vifname is deleted
>> * @param tag all mappings with this tag is deleted.
>> */
>> delete_nat_realm_vif4 ? realm:txt & ifname:txt & vifname:txt & \
>> tag:txt
>>
>> /**
>> * update_nat_realm_vif4 - updates an existing vif mapping with its
>> * new ipv4 address.
>> * The vif4 mapping is updated when the vif get a new ipv4 address.
>> */
>> update_nat_realm_vif4 ? ifname:txt & vifname:txt & ip:ipv4
>>
>> /**
>> * get_nat_realm_vif4 - lists nat_realm_vif4 definitions.
>> *
>> * get_nat_realm_vif4 returns a list of all nat_realm_vif4
>> * interfaces in the router matching the realm supplied.
>> * @param realm specifies the realm to return interfaces for.
>> * If NULL then all defined nat_realm_vif4 interfaces are returned.
>> */
>> get_nat_realm_vif4 ? realm:txt -> nat_realm_vif4s:list
>>
>>
>> /**
>> * create_nat_realm_alias4 - creates a mapping to the nat_realm
>> * definitions. Manipulates ipv4 address aliases of an interface
>> * (vif) for in/out going nat gateways. Aliases are not the base
>> * ipv4 address of the virtual interface, but ipv4 addresses in
>> * the same subnet as the vif. (see nat_realm_vif)
>> *
>> * Any aliases, aliased to a vif must be in the same realm as the
>> * vif itself.
>> *
>> * @param realm specifies the realm that the IP address belongs to.
>> * @param ifname is the physical interfaces for this interface
>> * @param vifname is the virtual interface name to add this alias to.
>> * @param tag is a label for grouping definitions.
>> * @param description is a textual description of this alias.
>> * @param ipaddr is the ipv4 alias address added to the vif.
>> */
>> create_nat_realm_alias4 ? realm:txt & ifname:txt & vifname:txt & \
>> tag:txt & description:txt & ipaddr:ipv4
>>
>>
>> /**
>> * delete_realm_alias4 function
>> * Deletes ipv4 realm_alias4 address from the virtuel interface (vif).
>> *
>> * The alias4 mappings matching the supplied parameters are deleted.
>> * Parameters that are not defined (=not matched against) must be NULL.
>> *
>> * @param realm the alias4 mappings in the same realm is deleted.
>> * @param ifname all alias4 mappings defined for this interface is
>> * deleted.
>> * @param vifname all alias4 mappings defined under this vif is
>> * deleted.
>> * @param tag all alias4 mappings with tag is deleted.
>> * @param ipaddr the alias4 mapping with this ipv4 address is deleted.
>> */
>> delete_nat_realm_alias4 ? realm:txt & ifname:txt & vifname:txt & \
>> tag:txt & ipaddr:ipv4
>>
>> /**
>> * get_nat_realm_alias4 returns a nat_realm_alias4 list with matching
>> * alias4 elements. Wildcard parameters shuld be set to NULL.
>> *
>> * @param realm specifies the realm of the alias4 addresses to be
>> * returned.
>> * @param ifname specifies the physical interfaces to match.
>> * @param vifname specifies the virtual interfaces to match.
>> * @param tag specifies the tag of the definitions to match.
>> * @param ipaddr specifies the ipv4 addr of the alias4 to match.
>> * @param nat_realm_alias4s is the list of the matching aliases
>> * defined.
>> */
>> get_nat_realm_alias4 ? realm:txt & ifname:txt & vifname:txt & \
>> tag:txt & ipaddr:ipv4 \
>> -> nat_realm_alias4s:list
>>
>> /**
>> * create_nat_realm - create definitions of ipv4 addresses/ipv4/
>> * networks/ipv4 ip ranges to the nat_realm list.
>> *
>> * The ipv4 addresses / ipv4 networks / ipv4 address ranges / tagged
>> * list of definitions, are all ip-addresses not directly attached
>> * to any physical/virtual interface on the xorp router.
>> *
>> * The function have the following way of interpreting the address
>> * arguments:
>> * All function calls must have theese parameters defined:
>> * <realm> <ifname> <vifname>, where realm specifies the actural realm.
>> * ifname and vifname the interfaces to route these addresses through.
>> * (If the ifname and vifname is possible to acquire via the routing
>> * info, these parameters might disappear during implementation)
>> *
>> * To specify a tag for the definition, supply the <tag> parameter.
>> *
>> * To specify an single ipv4 address supply ONLY the <ip> parameter.
>> *
>> * To specify an ipv4 network supply ONLY the <ipnet> parameter.
>> *
>> * To specify an ipv4 range supply ONLY the <ip> and <ipto> parameters.
>> * <ip> is the lowest ip address and ipto is the highest ip address
>> * in the range.
>> *
>> * The 3 types of definitions above can not be mixed in a single call
>> * to the function. Grouping is done with defining more of the 3
>> * first classes with the same tag.
>> *
>> * create_nat_realm4 create an ipv4 address/ipv4network/ipv4-range/tag
>> * at the nat map list.
>> *
>> * @param realm specifies the realm to which the mapping belong.
>> * @param tag maps the definition with this tag.
>> * @param description a textual description of this alias.
>> * @param ip is the ip address or the lowest bound of an ip range.
>> * @param ipto is the highest bound of a range.
>> * @param ipnet specifies an ipv4 network (ip address + subnetmask)
>> */
>> create_nat_realm4 ? realm:txt & \
>> tag:txt & description:txt & \
>> ip:ipv4 & ipto:ipv4 & \
>> ipnet:ipv4net
>>
>> /**
>> * delete_nat_realm4 deletes all nat_realm4 mappings, matching
>> * all supplied parameters. Wild card parameters must be set to NULL.
>> * (For further doc see add_nat_realm4)
>> *
>> * @param realm all nat_realm4 with this realm is deleted.
>> * @param tag all nat_realm4 definitions with this tag is deleted.
>> * @param ip the ipv4 address mapping is deleted. (see ipto param too)
>> * @param ipto the range defined together with the ip parameter is
>> * deleted.
>> * @param ipnet the ipv4network defined is deleted.
>> *
>> * If more parameters are defined, only the definitions that match
>> * ALL the supplied parameters is deleted.
>> */
>> delete_nat_realm4 ? realm:txt & \
>> tag:txt & \
>> ip:ipv4 & ipto:ipv4 & \
>> ipnet:ipv4net
>>
>> /**
>> * get_nat_realm4 function - returns the list of defined elements
>> * that matches the supplied parameters.
>> * (For further doc on the use see add_nat_realm4 the doc.)
>> * Wildcard parameters must be set to NULL.
>> *
>> * @param realm returns the list of realm4 definitions for this realm.
>> * @param tag returns the list of definitions tagged with this tag.
>> * @param ip returns the list of definitions with this ipv4 address.
>> * @param ipto returns the list of definitions with this ipv4 range.
>> * @param ipnet returns the list of ipv4 networks defined.
>> * @param nat_realm4s is a list of the matched definitions.
>> */
>> get_nat_realm4 ? realm:txt & \
>> tag:txt & description:txt & \
>> ip:ipv4 & ipto:ipv4 & \
>> ipnet:ipv4net -> nat_realm4s:list
>>
>> /**
>> * create_nat_static_map4
>> *
>> * create_nat_static_map4 - defines static NAT table entries from the
>> * ip definitions from the nat_realm* functions.
>> *
>> * The nat_static_map functions defines static nat mappings between
>> * ip addresses at the source side realm and the ip addresses of
>> * the destination side realm.
>> * If the ip sizes of the ranges on either side of the mapping is not
>> * equal, then the mappings must go from the source side realm
>> * (aka local realm) to the destination side realm (aka global realm).
>> * ip addresses that is used for TCP/UDP port mapping
>> * (port overloading) must always be defined at the destination side.
>> *
>> * The nat_static_map function has more sub functions dependent of
>> * the supplied parameters. The parameters can define either a single
>> * ip address, a contiguous range of ip addresses or a sub net, or a
>> * tagged set of definitions. The ip addresses and realm used in a map
>> * statement must be defined in a nat_realm* clause.
>> * The source and destination side of a mapping can take all 4 forms
>> * from the following definitions.
>> *
>> * To specify a single ip address the ip parameter is used. The
>> * ipto paramter must be NULL.
>> *
>> * To specify a contiguous range of IP addresses, the ip and ipto
>> * parameters are used. The ipnet parameter must be NULL.
>> *
>> * To specify an ipnetwork, the ipnet parameters must be specified.
>> * The ipnet takes a subnet-address and a submet-mask. The ip and ipto
>> * parameters must be NULL.
>> *
>> * To use a tag from the nat_realm definitions, specify the tag at
>> * the tag parameter. The ip, ipto and ipnet parameters must be NULL.
>> *
>> * @param srcrealm specifies the realm for the source side of the map.
>> *
>> * @param destrealm specifies the realm for the destination side
>> * of the map.
>> *
>> * @param srcip is the ipv4 source ip address of a mapping.
>> *
>> * @param srcipto is the source ipv4 address that forms the upper
>> * bound of an ip range.
>> *
>> * @param srcipnet is the ipv4 network which forms the source mapping.
>> * bound of an ip range.
>> *
>> * @param srctag maps all nat_realm definitions with the same tag as
>> * the source definition.
>> *
>> * @param srcport is the range of ports used to this mapping.
>> *
>> * @param destip is the ipv4 destination address of the mapping
>> *
>> * @param destipto is the ipv4 address that forms the upper bound of
>> * the destination ip range.
>> *
>> * @param destipnet is the ipv4 network that is the destination ip
>> * addresses for the mapping.
>> *
>> * @param desttag maps all nat_realm definitions with the same tag as
>> * the destination definition.
>> *
>> * @param destport is a list of tcp and/or udp ports used at the
>> * destination addresses.
>> *
>> */
>> create_nat_static_map4 ? description:txt & \
>> srcrealm:txt & \
>> srcip:ipv4 & srcipto:ipv4 & \
>> srcipnet:ipv4net & \
>> srctag:txt & \
>> srcport:ipv4ports & \
>> destrealm:txt & \
>> destip:ipv4 & destipto:ipv4 & \
>> destipnet:ipv4net & \
>> desttag:txt & \
>> destport:ipv4ports
>>
>> /**
>> * delete_nat_static_map4
>> *
>> * delete_nat_static_map4 - delete static nat table entries from the
>> * ip definitions from the nat_static_map4 functions.
>> *
>> * The function deletes the nat_static_map4 entries that matches
>> * all the supplied parameters. (for more information about the
>> * interfaces see create_nat_static_map4 documentation)
>> *
>> * The selected ranges must be fully matching sets from the
>> * create_nat_static_map4 definition. No internal ranges can be deleted.
>> *
>> * @param srcrealm specifies the source realm to be deleted. All
>> * nat_static_map4 definitions with the same realm is selected.
>> *
>> * @param destrealm specifies the realm for the destination side
>> * to be deleted. All nat_static_map4 definitions with the same realm
>> * is selected.
>> *
>> * @param srcip is the ipv4 source ip address to be deleted.
>> *
>> * @param srcipto is together with the srcip parameter defines the
>> * source ip range to be deleted.
>> *
>> * @param srcipnet is the ipv4 network source mapping to be deleted.
>> *
>> * @param srctag maps selects the source tags to be deleted.
>> *
>> * @param srcport is the range of tcp and/or udp ports to be deleted.
>> *
>> * @param destip is the ipv4 destination address to be deleted.
>> *
>> * @param destipto is together with the destip parameter defines
>> * the destination ip range to be deleted.
>> *
>> * @param destipnet is the ipv4 network to be deleted.
>> *
>> * @param desttag maps defines the destination tags to be deleted.
>> *
>> * @param destport is a list of tcp and/or udp ports to be deleted.
>> */
>> delete_nat_static_map4 ? srcrealm:txt & \
>> srcip:ipv4 & srcipto:ipv4 & \
>> srcipnet:ipv4net & \
>> srctag:txt & \
>> srcport:ipv4ports & \
>> destrealm:txt & \
>> destip:ipv4 & destipto:ipv4 & \
>> destipnet:ipv4net & \
>> desttag:txt & \
>> destport:ipv4ports
>>
>> /**
>> * get_nat_static_map4 - lists nat_static_map4 entries.
>> *
>> * get_nat_static_map4 - lists static NAT table entries that matches
>> * the supplied parameters.
>> *
>> * The function deletes the nat_static_map4 entries that is matches
>> * all the supplied parameters.
>> * (for more information about the interfaces see
>> * create_nat_static_map4 documentation)
>> *
>> * @param srcrealm specifies the source realm to be listed.
>> *
>> * @param destrealm specifies the realm for the destination side
>> * to be listed.
>> *
>> * @param srcip is the ipv4 source ip address to be listed.
>> *
>> * @param srcipto is together with the srcip parameter defines the
>> * source ip range to be listed.
>> *
>> * @param srcipnet is the ipv4 network source to be listed.
>> *
>> * @param srctag maps selects the srctags to be listed.
>> *
>> * @param srcport is the range of tcp and/or udp ports to be delted.
>> *
>> * @param destip is the ipv4 destination address to be listed.
>> *
>> * @param destipto is together with the destip parameter defines
>> * the destination ip range to be listed.
>> *
>> * @param destipnet is the ipv4 network to be listed.
>> *
>> * @param desttag maps defines the destination tags to be listed.
>> *
>> * @param nat_static_map4s contains the list of matched elements.
>> *
>> * @param destport is a list of tcp and/or udp ports to be matched.
>> */
>> get_nat_static_map4 ? description:txt & \
>> srcrealm:txt & \
>> srcip:ipv4 & srcipto:ipv4 & \
>> srcipnet:ipv4net & \
>> srctag:txt & \
>> srcport:ipv4ports & \
>> destrealm:txt & \
>> destip:ipv4 & destipto:ipv4 & \
>> destipnet:ipv4net & \
>> destport:ipv4ports & \
>> desttag:txt -> nat_static_map4s:list
>>
>>
>> /**
>> * create_nat_dynamic map definitions.
>> *
>> * The nat_static_map functions defines static mappings between
>> * IP addresses at the source side realm and the IP addresses of
>> * the destination side realm.
>> * If the IP sizes of the ranges on either side is not equal,
>> * then the mappings must go from the source side realm
>> * (aka local realm) and the destination side realm (aka global realm).
>> * IP addresses that is used for TCP/UDP port mapping
>> * (port overloading) must be defined on the destination side.
>> *
>> * @param srcrealm specify the network realm for the source part
>> * of the mapping.
>> *
>> * @param srctag maps the nat_realm* definitions with this tag as
>> * the source side of the mapping. The tagged definitions must belong
>> * to the same realm as stated in srcrealm. If the special meaning
>> * tag "all" is given then all the definitions in the nat_realm
>> * with the same realm as stated in srcrealm is matched.
>> *
>> * Src or dest definitions defults to "all" which is all addresses
>> * in the matching (src/dest) realm as defined in nat_realm_* group.
>> *
>> * @param srcip is the ipv4 source ip address of a mapping.
>> *
>> * @param srcipnet is the ipv4 network which forms the source mapping.
>> *
>> * @param scrip is the source ipv4 address that forms the lower bound
>> * of an ip range.
>> *
>> * @param srcipto is the source ipv4 address that forms the upper
>> * bound of an ip range.
>> *
>> * @param srcport is the range of tcp and/or udp ports to be used in
>> * the mapping.
>> *
>> * @param destip is the ipv4 destination address of the mapping
>> *
>> * @param destipnet is the ipv4 network that is the destination ip
>> * addresses for the mapping.
>> *
>> * @param destip is the ipv4 address that forms the lower bound of the
>> * destination ip range.
>> *
>> * @param destipto is the ipv4 address that forms the upper bound of
>> * the destination ip range.
>> *
>> * @param desttag maps the nat_realm* definitions with this tag as
>> * the destination side of the mapping. The tagged definitions must
>> * belong to the same realm as stated in srcrealm. If the special
>> * meaning tag "all" is given then all the definitions in the nat_realm
>> * with the same realm as stated in srcrealm is matched.
>> *
>> * @param destport is a list of tcp and/or udp ports to use for the
>> * dynamic mapping.
>> *
>> * @param binding This argument can be "dynamic" (default) or "fixed"
>> * Dynamic can be a new mapping each time the mapping is used for a
>> * new connection (from src side). "fixed" is using the same source
>> * and destination mapping each time the src ip/port is connecting.
>> */
>> create_nat_dynamic_map4 ? description:txt & \
>> srcrealm:txt & \
>> srcip:ipv4 & srcipto:ipv4 & \
>> srcipnet:ipv4net & \
>> srctag:txt & \
>> srcport:ipv4ports & \
>> destrealm:txt & \
>> destip:ipv4 & destipto:ipv4 & \
>> destipnet:ipv4net & \
>> desttag:txt & \
>> destport:ipv4ports & \
>> binding:txt
>>
>> /**
>> * delete_nat_dynamic_map4
>> *
>> * The delete_nat_dynamic_map4 function deletes the elements from the
>> * nat_dynamic_map4 table that matches the supplied parameters.
>> *
>> * @param srcrealm matches source realm parameter of mappings.
>> *
>> * @param srctag matches the source tag paramter of the mappings to
>> * be deleted.
>> * If the special meaning tag "all" is given then all the definitions
>> * with this tag on the source side is matched. With the same realm
>> * as stated in srcrealm is matched.
>> *
>> * @param srcip matches the ipv4 source ip, or the lower bound of an
>> * ipv4 ip-range to be deleted.
>> *
>> * @param srcipto matches the source ipv4 address that forms the upper
>> * bound of an ip range to be deleted.
>> *
>> * @param srcipnet matches the source ipv4 network to be deleted.
>> *
>> * @param srcport is the tcp and/or udp port range to be deleted.
>> *
>> * @param destip matches the ipv4 destination address of the mapping
>> * or the ipv4 address that forms the lower bound of the destination
>> * ip range.
>> *
>> * @param destipto matches the destination ipv4 address to be deleted.
>> *
>> * @param destipnet matches the destination ipv4 network.
>> *
>> * @param desttag maps the mappings with this tag as the destination
>> * side of the mapping. The tagged definitions must belong to the
>> * same realm as stated in srcrealm. If the special
>> * meaning tag "all" is given then all the definitions in the
>> * nat_dynamic_realm with the same source realm as stated in srcrealm
>> * is matched.
>> *
>> * @param destport is a list of tcp and/or udp ports to be deleted.
>> *
>> * @param binding This argument can be "dynamic" (default) or "fixed"
>> * Dynamic can be a new mapping each time the mapping is used for a
>> * new connection (from src side). "fixed" is using the same source
>> * and destination mapping each time the src ip/port is connecting.
>> */
>> delete_nat_dynamic_map4 ? srcrealm:txt & \
>> srcip:ipv4 & srcipto:ipv4 & \
>> srcipnet:ipv4net & \
>> srctag:txt & \
>> srcport:ipv4ports & \
>> destrealm:txt & \
>> destip:ipv4 & destipto:ipv4 & \
>> destipnet:ipv4net & \
>> desttag:txt & \
>> destport:ipv4ports & \
>> binding:txt
>>
>> /**
>> * get_nat_dynamic_map4
>> *
>> * The get_nat_dynamic_map4 function returns the elements from the
>> * nat_dynamic_map4 table that matches all the supplied parameters.
>> *
>> * @param srcrealm matches source realm parameter of the mappings.
>> *
>> * @param srctag matches the source tag parameter of the mappings.
>> * If the special meaning tag "all" is given then all the definitions
>> * with this tag on the source side is matched. With the same realm
>> * as stated in srcrealm is matched.
>> *
>> * @param srcip matches the ipv4 source ip, or the lower bound of an
>> * ipv4 ip-range.
>> *
>> * @param srcipto matches the source ipv4 address that forms the upper
>> * bound of an ip range.
>> *
>> * @param srcipnet matches the source ipv4 network.
>> *
>> * @param srcport is the tcp and/or udp range to be returned.
>> *
>> * @param destip matches the ipv4 destination address of the mapping
>> * or the ipv4 address that forms the lower bound of the destination
>> * ip range.
>> *
>> * @param destipto matches the destination ipv4 address.
>> *
>> * @param destipnet matches the destination ipv4 network.
>> *
>> * @param desttag maps the mappings with this tag as the destination
>> * side of the mapping. The tagged definitions must belong to the
>> * same realm as stated in srcrealm. If the special
>> * mening tag "all" is given then all the definitions in the
>> * nat_dynamic_realm with the same source realm as stated in srcrealm
>> * is matched.
>> *
>> * @param destport is a list of tcp and/or udp ports to be returned.
>> *
>> * @param binding This argument can be "dynamic" (default) or "fixed"
>> * Dynamic can be a new mapping each time the mapping is used for a
>> * new connection (from src side). "fixed" is using the same source
>> * and destination mapping each time the src ip/port is connecting.
>> */
>> get_nat_dynamic_map4 ? description:txt & \
>> srcrealm:txt & \
>> srcip:ipv4 & srcipto:ipv4 & \
>> srcipnet:ipv4net & \
>> srctag:txt & \
>> srcport:ipv4ports & \
>> destrealm:txt & \
>> destip:ipv4 & destipto:ipv4 & \
>> destipnet:ipv4net & \
>> desttag:txt & \
>> destport:ipv4ports & \
>> binding:txt -> nat_dynamic_map4s:list
>>
>>
>>
>> /**
>> * lsnat_map functions - define Load Sharing NAT (LSNAT) functionality.
>> *
>> * lsnat_map defines hosts at the destination side which is to be
>> * loadshared when accesses via a common global address and port,
>> * defined at the source side.
>> *
>> * The lsnat_map function has a range of ways to define ipv4 addresses,
>> * ipv4 networks and ipv4 ip address ranges.
>> * The parameters can define either a single ip address, a contigous
>> * range of IP addresses or a subnet, or a tag.
>> * The source and destination side of a mapping can each take all
>> * 4 forms.
>> *
>> * To specify an single ip address the ip parameter is used. The
>> * ipto paramter must be NULL.
>> *
>> * To specify a contiguous range of IP addresses, the ip and ipto
>> * parameters are used. The ipnet parameter must be NULL.
>> *
>> * To specify an ipnetwork, the ipnet parameters must be specified.
>> * The ipnet takes a sub net-address and a sub net-mask. The ip and ipto
>> * parameters must be NULL.
>> *
>> * To use a named tag from the nat_realm definitions, specify the tag
>> * at the tag parameter. The ip, ipto and ipnet parameters must be
>> * NULL. Tags with the special value "all" matches all defined
>> * addresses in the same realm as the tag.
>> *
>> * @param srcrealm defines which realm the source addresses belongs
>> * to. The common ip addresses to access the load shared services must
>> * be load shared must be connected to the source side of the map.
>> *
>> * @param destrealm defines which realm the destination addresses
>> * belongs to (host network realm). The ip addresses of the hosts
>> * with the services to be load shared is on this realm.
>> *
>> * @param srcip is the ipv4 source ip address of a mapping.
>> *
>> * @param srcipto is the source ipv4 address that forms the upper
>> * bound of an ip range.
>> *
>> * @param srcipnet is the ipv4 network which forms the source mapping.
>> * bound of an ip range.
>> *
>> * @param srctag maps all nat_realm definitions with the same tag as
>> * the source definition. The special tag value "all" matches all
>> * definitions from the nat_realm with the same realm.
>> *
>> * @param srcport is the list of tcp and/or udp ports to created.
>> *
>> * @param destip is the ipv4 destination address of the mapping
>> *
>> * @param destipto is the ipv4 address that forms the upper bound of
>> * the destination ip range.
>> *
>> * @param destipnet is the ipv4 network that is the destination ip
>> * addresses for the mapping.
>> *
>> * @param desttag maps all nat_realm definitions with the same tag as
>> * the destination definition. The special tag value "all" matches all
>> * definitions from the nat_realm with the same realm.
>> *
>> * @param destport is the tcp and/or udp port to load share.
>> *
>> * @param lsalgorithm defines the load sharing algorithm, and takes
>> * the values: round-robin, random, (more ?), ...
>> *
>> */
>>
>> /**
>> * create_lsnat_map4 function -
>> * Creates a lsnat_map4 table entry to the nat mappings.
>> */
>> create_lsnat_map4 ? description:txt & \
>> srcrealm:txt & \
>> srcip:ipv4 & srcipto:ipv4 & \
>> srcipnet:ipv4net & \
>> srctag:txt & \
>> srcport:ipv4ports & \
>> destrealm:txt & \
>> destip:ipv4 & destipto:ipv4 & \
>> destipnet:ipv4net & \
>> desttag:txt & \
>> destport:ipv4ports & \
>> lsalgorithm:txt
>>
>> /**
>> * delete_lsnat_map4 function -
>> * Deletes the lsnat_map4 tableentries from the nat mappings that
>> * matches all the defined parameters.
>> */
>> delete_lsnat_map4 ? srcrealm:txt & \
>> srcip:ipv4 & srcipto:ipv4 & \
>> srcipnet:ipv4net & \
>> srctag:txt & \
>> srcport:ipv4ports & \
>> destrealm:txt & \
>> destip:ipv4 & destipto:ipv4 & \
>> destipnet:ipv4net & \
>> desttag:txt & \
>> destport:ipv4ports & \
>>
>> /**
>> * get_lsnat_map4 function -
>> * Lists lsnat_map4 table entries that matches all the defined the
>> * parameters.
>> */
>> get_lsnat_map4 ? description:txt & \
>> srcrealm:txt & \
>> srcip:ipv4 & srcipto:ipv4 & \
>> srcipnet:ipv4net & \
>> srctag:txt & \
>> srcport:ipv4ports & \
>> destrealm:txt & \
>> destip:ipv4 & destipto:ipv4 & \
>> destipnet:ipv4net & \
>> desttag:txt & \
>> destport:ipv4ports & \
>> lsalgorithm:txt -> lsnat_map4s:list
>>}
>>
>>
>>
>>--------------040204020303010209060700--
>>_______________________________________________
>>Xorp-hackers mailing list
>>Xorp-hackers@icir.org
>>http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-hackers
>
>
> _______________________________________________
> Xorp-hackers mailing list
> Xorp-hackers@icir.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-hackers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFES46Ne7tFxipD00wRAsKFAJ990gnrrXk2bFrgIIPhLuYdY5CNiwCeOGaP
LAsRagYNi5h9CCMdTQp3uDg=
=4j9z
-----END PGP SIGNATURE-----