[Xorp-hackers] XORT-NAT: Proposal for NAT interface XIF and a config file syntaks
Pavlin Radoslavov
pavlin@icir.org
Tue, 28 Feb 2006 16:50:37 -0800
Kristen,
Thank you for your email.
After the 1.2 release we will evaluate carefully your proposal
and will reply to the list.
Pavlin
> This is a multi-part message in MIME format.
> --------------040204020303010209060700
> Content-Type: text/plain; charset=ISO-8859-1
> Content-Transfer-Encoding: 7bit
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi XORP Hackers.
>
> After a long time of considerations and working on specifying a
> configuratoin syntax and a XIF file for a NAT module, I am hereby
> sending this proposal to the list for comments.
>
> (Re my mail from oct 16 2005 with subject: NAT support for XORP)
>
>
> 20060200-NAT-interface-descr.txt file contains the syntax and a few
> samples of use of the configuration format.
>
> The nat.xif file has kdoc documentation documenting the various
> functions and parameters.
>
> The idea is to provice a common interface for the NAT module, with a
> defined syntax, and then use either the native (FreeBSD natd/or the
> similar functionality in linux) daemon, or a click module, with a rule
> of thumb something like this:
>
> If the nat configuration is possible to implement with the native module
> this can be used, else the user must switch to the click nat module to
> achieve the wanted functionality.
>
> I have designed with the use of IP-realms (aka different ip domains)
> which I am aware of is not possible to use in the standard ip stack of
> Freebsd/Linux, but if one make configurations with non overlapping ip
> ranges it will actually be possible to implement theese in the existing
> kernel / ip stacks. The realm stuff is kept entirely in the nat config
> area of the config file.
>
> I would apreaciate comments on this, as I would like to continue
> planning and coding soon.
>
> I would also like to have ideas / comments about how to add more
> datatypes to the idl generator scripts. (for the port type, and an
> eventually ipv4-range type (which I here has made with 2 ipv4 ip-addresses.)
>
>
> Sincerely
> Mr. Kristen Nielsen
> University of Copenhagen
> Copenhagen
> Denmark
> kristen@diku.dk / krn@krn.dk
> phone +4540466221 (gmt -1)
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (FreeBSD)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFD+fVJe7tFxipD00wRApbiAJ9p3KmXx/FN7EUjdmMh7hi0szs4hgCgmTNb
> fzLck6xcwnqSfqA3uYgrphA=
> =wZHj
> -----END PGP SIGNATURE-----
>
> --------------040204020303010209060700
> Content-Type: text/plain;
> name="20060220-NAT-interface-descr.txt"
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline;
> filename="20060220-NAT-interface-descr.txt"
>
> * Short description of the config file format for the xorp NAT module.
> * Examples of configurations with alike FreeBSD natd commandline.
> * Syntax of the port statement.
>
> protocols {
> nat {
> disable {disabled:bool}
>
> nat-realm <text:realm-name> <description: description:txt> {
>
> interface <ifname> vif <vif-name> {
> description <description:txt>
> default-vif-address: <vif-hw-name:txt>
> ip-address: <ip:ipv4>
> tag: <tagid:txt>
>
> interface-alias {
> description: <description:txt>
> alias-address: <ip:ipv4list> /* alt to more interface-alias clauses */
> tag: <tagid:txt>
> }
> }
>
> /* Address pool maps to the create/delete/get_nat_realm4 function) */
> address-pool {
> description: <description:txt>
> ip-address: <ip:ipv4>
> ip-range: <ipfrom:ipv4> - <ipto:ipv4>
> ipnet: <ipnet:ipv4net>
> tag: <tag:txt>
> }
> }
>
> static-nat {
> map {
> description: <description:txt>
> source {
> realm: <srcrealm:txt>
> ip-address: <ip:ipv4>
> ip-range: <ipfrom:ipv4> - <ipto:ipv4>
> ipnet: <ipnet:ipv4net>
> tag: <tag:txt>
> port: <ports:ipv4ports>
> }
> destination {
> realm: <destrealm:txt>
> ip-address: <ip:ipv4>
> ip-range: <ipfrom:ipv4> - <ipto:ipv4>
> ipnet: <ipnet:ipv4net>
> tag: <tag:txt>
> port: <ports:ipv4ports>
> }
> }
> }
>
> dynamic-nat {
> map {
> description: <description:txt>
> source {
> realm: <srcrealm:txt>
> ip-address: <ip:ipv4>
> ip-range: <ipfrom:ipv4> - <ipto:ipv4>
> ipnet: <ipnet:ipv4net>
> tag: <tag:txt>
> port: <ports:ipv4ports>
> }
> destination {
> realm: <destrealm:txt>
> ip-address: <ip:ipv4>
> ip-range: <ipfrom:ipv4> - <ipto:ipv4>
> ipnet: <ipnet:ipv4net>
> tag: <tag:txt>
> port: <ports:ipv4ports>
> binding: <binding:txt>
>
> }
> }
>
> ls-nat {
> map {
> description: <description:txt>
> source {
> realm: <srcrealm:txt>
> ip-address: <ip:ipv4>
> ip-range: <ipfrom:ipv4> - <ipto:ipv4>
> ipnet: <ipnet:ipv4net>
> tag: <tag:txt>
> port: <ports:ipv4ports>
> }
> destination {
> realm: <destrealm:txt>
> ip-address: <ip:ipv4>
> ip-range: <ipfrom:ipv4> - <ipto:ipv4>
> ipnet: <ipnet:ipv4net>
> tag: <tag:txt>
> port: <ports:ipv4ports>
> }
> }
> }
> }
> }
>
>
> The "port:" parameter is used to set the ports in use for an actual translation.
>
> Syntax:
>
> <ports-stmt> ::= ports: <port-def>
> <ports-def> ::= <protocol> <port-list>
> <port-list> ::= <port-spec> [, <port-def>]...
> <port-spec> ::= <port-nr | service-name> | <port-range | service-name-range>
> <protocol> ::= tcp | udp
> <port-nr> ::= <digits>
> service-name ::= <letters><letters|digits>...
> digits ::= <digit>...
> digit ::= <0|1|2|3|4|5|6|7|8|9>
> letters ::= <letter>...
> letter ::=<a...z|A..Z>
>
> Example:
>
> ports: tcp 22,33,44-55, udp 22,33,66-77, 88
>
>
> Sample configurations with similar FreeBSD natd mappings.
>
> The FreeBSD
>
> "natd -redirect_port tcp 172.17.16.15/telnet 6666"
>
> command with the global ip address equal to 80.10.10.10 is expressed in XORP NAT configuration files as:
>
> protocols {
> NAT {
> realm "global" {
> ip: 80.10.1010
> }
>
> realm "local" {
> ip: 172.17.16.15
> }
> static-map { <description>
> source { ip-address: 80.10.10.10
> ports: tcp 6666
> }
>
> destination {
> ip-address: 172.17.16.15
> ports: tcp telnet
> }
> }
> }
> }
>
> The configline:
> "natd -interface em0"
> Creation of a dynamic mapping from 172.17.16/24 to global address of em0 interface = ip 80.10.10.10 is expressed as:
>
> protocols {
> NAT{
> realm "global" {
> ip: 80.10.10.10
> tag "globalip"
> }
>
> realm "local" {
> ipnet: 172.17.16.0/24
> tag: "localnet"}
>
> dynamic-map { <description>
> source {tag: "localnet"
> }
> destination {
> tag: "globalip"
> }
> }
> }
> }
> Written by
> Kristen Nielsen
> Computer Science dept
> University of Copenhagen, Denmark
> kristen@diku.dk / KrN@KrN.dk
>
>
>
> --------------040204020303010209060700
> Content-Type: text/plain;
> name="nat.xif"
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline;
> filename="nat.xif"
>
> /* xorp/xrl/interfaces/nat.xif file by KrN@KrN.DK 20060220 */
> /* Suggestion to a nat interface for xorp. */
>
>
> /* The following interfaces exists for the xorp nat module */
>
> /**
> * Network address translation (NAT) interface.
> * The NAT module consists of the following configuration elements:
> *
> * set_nat_disable and get_nat_disable:
> * sets and returns the status of the nat module
> *
> * nat_realm:
> * Manages (creates/deletes/get) realms for use in nat mappings.
> * Before realms can be used in configurations, they must
> * be created.
> *
> * nat_realm_vif4:
> * Manages (creates/delete/lists) vif addresses for nat use
> * in nat mappings.
> *
> * nat_realm_alias4:
> * Manages (creates/deletes/lists) alias ipv4 addresses for vif
> * interfaces for use in nat mappings.
> *
> * nat_realm4:
> * Defines ip4 addresses, ip4 networks and ip4 address ranges
> * for use in nat mappings. Addresses are not directly connected
> * to any vif on the xorp router. Addresses are reachable
> * via the realm / vif interface stated. (This will probably be
> * changed to be the interface pointed out by the next-hop entry
> * in the rib.)
> *
> * nat_static_map4:
> * Defines static NAT table mappings
> * From the realm and ip definitions in the nat_realm_* group
> * Tcp and/or udp port definitions can be defined here.
> *
> * nat_dynamic_map4:
> * Defines dynamic NAT table mappings (triggers)
> * From the definitions in the nat_real_* group
> * Tcp and/or udp port definitions can be defined here.
> *
> * nat_lsnat_map4:
> * Defines Load Sharing NAT mappings
> * From the definitions in the nat_real_* group
> * Tcp and/or udp port definitions can be defined here.
> *
> */
> interface nat/0.1 {
>
> /**
> * set nat disable (and enable) function
> *
> * @param disabled sets the status of the nat module true = disabled,
> * false = enabled
> * @param disabledstatus returns the status of the module,
> * true = disabled, false = enabled
> */
> set_nat_disable ? disabled:bool -> disabledstatus:bool
>
> /**
> * get nat status function
> *
> * @param disabledstatus returns the status of the module, (as the
> * set_nat_disable function) true = disabled, false = enabled
> */
> get_nat_disable -> disabledstatus:bool
>
>
> /**
> * create_nat_realm - creates a nat realm.
> *
> * @param realm holds the name of the realm to be created. The name
> * must not exist when the call is made.
> * @param descr is the textual description of the realm.
> */
> create_nat_realm ? realm:txt & descr:txt
>
> /**
> * delete_nat_realm - deletes a nat realm.
> *
> * @param realm holds the name of the realm to be deleted. The name
> * must exist when the call is made.
> */
> delete_nat_realm ? realm:txt
>
> /**
> * get_nat_realm - lists nat realms.
> *
> * @param realm holds the name of the realm to be deleted.
> * If the parameter is NULL, all existing realms is returned.
> */
> get_nat_realm ? realm:txt -> realms:list
>
>
> /**
> * create_nat_realm_vif4 - creates an entry for the base ipv4 address
> * of a virtual interface.
> * Any virtual interface can at most be a member of one realm.
> * Virtual interfaces must be in the same realm as the ip addresses
> * passing the vif interface.
> *
> * @param realm is an existing realm that the vif is mapped to.
> * @param ifname is the name of the physical interface where the
> * vif is defined.
> * @param vifname is the name of the virtual interface to be mapped.
> * @param tag is a textlabel that the mapping is labeled with.
> * @param description textual description of the mapping.
> */
> create_nat_realm_vif4 ? realm:txt & ifname:txt & vifname:txt & \
> tag:txt & description:txt
>
> /**
> * delete_nat_realm_vif4 - removes an entry for a base ipv4 (vif)
> * address of virtual interface from a nat realm.
> * The definitions matching all the supplied parameters is deleted.
> * Wild card parameters must be set to NULL.
> *
> * @param realm all vif4 definitions to this realm is deleted.
> * @param ifname all definitions with this ifname is deleted.
> * @param vifname all mappings to this vifname is deleted
> * @param tag all mappings with this tag is deleted.
> */
> delete_nat_realm_vif4 ? realm:txt & ifname:txt & vifname:txt & \
> tag:txt
>
> /**
> * update_nat_realm_vif4 - updates an existing vif mapping with its
> * new ipv4 address.
> * The vif4 mapping is updated when the vif get a new ipv4 address.
> */
> update_nat_realm_vif4 ? ifname:txt & vifname:txt & ip:ipv4
>
> /**
> * get_nat_realm_vif4 - lists nat_realm_vif4 definitions.
> *
> * get_nat_realm_vif4 returns a list of all nat_realm_vif4
> * interfaces in the router matching the realm supplied.
> * @param realm specifies the realm to return interfaces for.
> * If NULL then all defined nat_realm_vif4 interfaces are returned.
> */
> get_nat_realm_vif4 ? realm:txt -> nat_realm_vif4s:list
>
>
> /**
> * create_nat_realm_alias4 - creates a mapping to the nat_realm
> * definitions. Manipulates ipv4 address aliases of an interface
> * (vif) for in/out going nat gateways. Aliases are not the base
> * ipv4 address of the virtual interface, but ipv4 addresses in
> * the same subnet as the vif. (see nat_realm_vif)
> *
> * Any aliases, aliased to a vif must be in the same realm as the
> * vif itself.
> *
> * @param realm specifies the realm that the IP address belongs to.
> * @param ifname is the physical interfaces for this interface
> * @param vifname is the virtual interface name to add this alias to.
> * @param tag is a label for grouping definitions.
> * @param description is a textual description of this alias.
> * @param ipaddr is the ipv4 alias address added to the vif.
> */
> create_nat_realm_alias4 ? realm:txt & ifname:txt & vifname:txt & \
> tag:txt & description:txt & ipaddr:ipv4
>
>
> /**
> * delete_realm_alias4 function
> * Deletes ipv4 realm_alias4 address from the virtuel interface (vif).
> *
> * The alias4 mappings matching the supplied parameters are deleted.
> * Parameters that are not defined (=not matched against) must be NULL.
> *
> * @param realm the alias4 mappings in the same realm is deleted.
> * @param ifname all alias4 mappings defined for this interface is
> * deleted.
> * @param vifname all alias4 mappings defined under this vif is
> * deleted.
> * @param tag all alias4 mappings with tag is deleted.
> * @param ipaddr the alias4 mapping with this ipv4 address is deleted.
> */
> delete_nat_realm_alias4 ? realm:txt & ifname:txt & vifname:txt & \
> tag:txt & ipaddr:ipv4
>
> /**
> * get_nat_realm_alias4 returns a nat_realm_alias4 list with matching
> * alias4 elements. Wildcard parameters shuld be set to NULL.
> *
> * @param realm specifies the realm of the alias4 addresses to be
> * returned.
> * @param ifname specifies the physical interfaces to match.
> * @param vifname specifies the virtual interfaces to match.
> * @param tag specifies the tag of the definitions to match.
> * @param ipaddr specifies the ipv4 addr of the alias4 to match.
> * @param nat_realm_alias4s is the list of the matching aliases
> * defined.
> */
> get_nat_realm_alias4 ? realm:txt & ifname:txt & vifname:txt & \
> tag:txt & ipaddr:ipv4 \
> -> nat_realm_alias4s:list
>
> /**
> * create_nat_realm - create definitions of ipv4 addresses/ipv4/
> * networks/ipv4 ip ranges to the nat_realm list.
> *
> * The ipv4 addresses / ipv4 networks / ipv4 address ranges / tagged
> * list of definitions, are all ip-addresses not directly attached
> * to any physical/virtual interface on the xorp router.
> *
> * The function have the following way of interpreting the address
> * arguments:
> * All function calls must have theese parameters defined:
> * <realm> <ifname> <vifname>, where realm specifies the actural realm.
> * ifname and vifname the interfaces to route these addresses through.
> * (If the ifname and vifname is possible to acquire via the routing
> * info, these parameters might disappear during implementation)
> *
> * To specify a tag for the definition, supply the <tag> parameter.
> *
> * To specify an single ipv4 address supply ONLY the <ip> parameter.
> *
> * To specify an ipv4 network supply ONLY the <ipnet> parameter.
> *
> * To specify an ipv4 range supply ONLY the <ip> and <ipto> parameters.
> * <ip> is the lowest ip address and ipto is the highest ip address
> * in the range.
> *
> * The 3 types of definitions above can not be mixed in a single call
> * to the function. Grouping is done with defining more of the 3
> * first classes with the same tag.
> *
> * create_nat_realm4 create an ipv4 address/ipv4network/ipv4-range/tag
> * at the nat map list.
> *
> * @param realm specifies the realm to which the mapping belong.
> * @param tag maps the definition with this tag.
> * @param description a textual description of this alias.
> * @param ip is the ip address or the lowest bound of an ip range.
> * @param ipto is the highest bound of a range.
> * @param ipnet specifies an ipv4 network (ip address + subnetmask)
> */
> create_nat_realm4 ? realm:txt & \
> tag:txt & description:txt & \
> ip:ipv4 & ipto:ipv4 & \
> ipnet:ipv4net
>
> /**
> * delete_nat_realm4 deletes all nat_realm4 mappings, matching
> * all supplied parameters. Wild card parameters must be set to NULL.
> * (For further doc see add_nat_realm4)
> *
> * @param realm all nat_realm4 with this realm is deleted.
> * @param tag all nat_realm4 definitions with this tag is deleted.
> * @param ip the ipv4 address mapping is deleted. (see ipto param too)
> * @param ipto the range defined together with the ip parameter is
> * deleted.
> * @param ipnet the ipv4network defined is deleted.
> *
> * If more parameters are defined, only the definitions that match
> * ALL the supplied parameters is deleted.
> */
> delete_nat_realm4 ? realm:txt & \
> tag:txt & \
> ip:ipv4 & ipto:ipv4 & \
> ipnet:ipv4net
>
> /**
> * get_nat_realm4 function - returns the list of defined elements
> * that matches the supplied parameters.
> * (For further doc on the use see add_nat_realm4 the doc.)
> * Wildcard parameters must be set to NULL.
> *
> * @param realm returns the list of realm4 definitions for this realm.
> * @param tag returns the list of definitions tagged with this tag.
> * @param ip returns the list of definitions with this ipv4 address.
> * @param ipto returns the list of definitions with this ipv4 range.
> * @param ipnet returns the list of ipv4 networks defined.
> * @param nat_realm4s is a list of the matched definitions.
> */
> get_nat_realm4 ? realm:txt & \
> tag:txt & description:txt & \
> ip:ipv4 & ipto:ipv4 & \
> ipnet:ipv4net -> nat_realm4s:list
>
> /**
> * create_nat_static_map4
> *
> * create_nat_static_map4 - defines static NAT table entries from the
> * ip definitions from the nat_realm* functions.
> *
> * The nat_static_map functions defines static nat mappings between
> * ip addresses at the source side realm and the ip addresses of
> * the destination side realm.
> * If the ip sizes of the ranges on either side of the mapping is not
> * equal, then the mappings must go from the source side realm
> * (aka local realm) to the destination side realm (aka global realm).
> * ip addresses that is used for TCP/UDP port mapping
> * (port overloading) must always be defined at the destination side.
> *
> * The nat_static_map function has more sub functions dependent of
> * the supplied parameters. The parameters can define either a single
> * ip address, a contiguous range of ip addresses or a sub net, or a
> * tagged set of definitions. The ip addresses and realm used in a map
> * statement must be defined in a nat_realm* clause.
> * The source and destination side of a mapping can take all 4 forms
> * from the following definitions.
> *
> * To specify a single ip address the ip parameter is used. The
> * ipto paramter must be NULL.
> *
> * To specify a contiguous range of IP addresses, the ip and ipto
> * parameters are used. The ipnet parameter must be NULL.
> *
> * To specify an ipnetwork, the ipnet parameters must be specified.
> * The ipnet takes a subnet-address and a submet-mask. The ip and ipto
> * parameters must be NULL.
> *
> * To use a tag from the nat_realm definitions, specify the tag at
> * the tag parameter. The ip, ipto and ipnet parameters must be NULL.
> *
> * @param srcrealm specifies the realm for the source side of the map.
> *
> * @param destrealm specifies the realm for the destination side
> * of the map.
> *
> * @param srcip is the ipv4 source ip address of a mapping.
> *
> * @param srcipto is the source ipv4 address that forms the upper
> * bound of an ip range.
> *
> * @param srcipnet is the ipv4 network which forms the source mapping.
> * bound of an ip range.
> *
> * @param srctag maps all nat_realm definitions with the same tag as
> * the source definition.
> *
> * @param srcport is the range of ports used to this mapping.
> *
> * @param destip is the ipv4 destination address of the mapping
> *
> * @param destipto is the ipv4 address that forms the upper bound of
> * the destination ip range.
> *
> * @param destipnet is the ipv4 network that is the destination ip
> * addresses for the mapping.
> *
> * @param desttag maps all nat_realm definitions with the same tag as
> * the destination definition.
> *
> * @param destport is a list of tcp and/or udp ports used at the
> * destination addresses.
> *
> */
> create_nat_static_map4 ? description:txt & \
> srcrealm:txt & \
> srcip:ipv4 & srcipto:ipv4 & \
> srcipnet:ipv4net & \
> srctag:txt & \
> srcport:ipv4ports & \
> destrealm:txt & \
> destip:ipv4 & destipto:ipv4 & \
> destipnet:ipv4net & \
> desttag:txt & \
> destport:ipv4ports
>
> /**
> * delete_nat_static_map4
> *
> * delete_nat_static_map4 - delete static nat table entries from the
> * ip definitions from the nat_static_map4 functions.
> *
> * The function deletes the nat_static_map4 entries that matches
> * all the supplied parameters. (for more information about the
> * interfaces see create_nat_static_map4 documentation)
> *
> * The selected ranges must be fully matching sets from the
> * create_nat_static_map4 definition. No internal ranges can be deleted.
> *
> * @param srcrealm specifies the source realm to be deleted. All
> * nat_static_map4 definitions with the same realm is selected.
> *
> * @param destrealm specifies the realm for the destination side
> * to be deleted. All nat_static_map4 definitions with the same realm
> * is selected.
> *
> * @param srcip is the ipv4 source ip address to be deleted.
> *
> * @param srcipto is together with the srcip parameter defines the
> * source ip range to be deleted.
> *
> * @param srcipnet is the ipv4 network source mapping to be deleted.
> *
> * @param srctag maps selects the source tags to be deleted.
> *
> * @param srcport is the range of tcp and/or udp ports to be deleted.
> *
> * @param destip is the ipv4 destination address to be deleted.
> *
> * @param destipto is together with the destip parameter defines
> * the destination ip range to be deleted.
> *
> * @param destipnet is the ipv4 network to be deleted.
> *
> * @param desttag maps defines the destination tags to be deleted.
> *
> * @param destport is a list of tcp and/or udp ports to be deleted.
> */
> delete_nat_static_map4 ? srcrealm:txt & \
> srcip:ipv4 & srcipto:ipv4 & \
> srcipnet:ipv4net & \
> srctag:txt & \
> srcport:ipv4ports & \
> destrealm:txt & \
> destip:ipv4 & destipto:ipv4 & \
> destipnet:ipv4net & \
> desttag:txt & \
> destport:ipv4ports
>
> /**
> * get_nat_static_map4 - lists nat_static_map4 entries.
> *
> * get_nat_static_map4 - lists static NAT table entries that matches
> * the supplied parameters.
> *
> * The function deletes the nat_static_map4 entries that is matches
> * all the supplied parameters.
> * (for more information about the interfaces see
> * create_nat_static_map4 documentation)
> *
> * @param srcrealm specifies the source realm to be listed.
> *
> * @param destrealm specifies the realm for the destination side
> * to be listed.
> *
> * @param srcip is the ipv4 source ip address to be listed.
> *
> * @param srcipto is together with the srcip parameter defines the
> * source ip range to be listed.
> *
> * @param srcipnet is the ipv4 network source to be listed.
> *
> * @param srctag maps selects the srctags to be listed.
> *
> * @param srcport is the range of tcp and/or udp ports to be delted.
> *
> * @param destip is the ipv4 destination address to be listed.
> *
> * @param destipto is together with the destip parameter defines
> * the destination ip range to be listed.
> *
> * @param destipnet is the ipv4 network to be listed.
> *
> * @param desttag maps defines the destination tags to be listed.
> *
> * @param nat_static_map4s contains the list of matched elements.
> *
> * @param destport is a list of tcp and/or udp ports to be matched.
> */
> get_nat_static_map4 ? description:txt & \
> srcrealm:txt & \
> srcip:ipv4 & srcipto:ipv4 & \
> srcipnet:ipv4net & \
> srctag:txt & \
> srcport:ipv4ports & \
> destrealm:txt & \
> destip:ipv4 & destipto:ipv4 & \
> destipnet:ipv4net & \
> destport:ipv4ports & \
> desttag:txt -> nat_static_map4s:list
>
>
> /**
> * create_nat_dynamic map definitions.
> *
> * The nat_static_map functions defines static mappings between
> * IP addresses at the source side realm and the IP addresses of
> * the destination side realm.
> * If the IP sizes of the ranges on either side is not equal,
> * then the mappings must go from the source side realm
> * (aka local realm) and the destination side realm (aka global realm).
> * IP addresses that is used for TCP/UDP port mapping
> * (port overloading) must be defined on the destination side.
> *
> * @param srcrealm specify the network realm for the source part
> * of the mapping.
> *
> * @param srctag maps the nat_realm* definitions with this tag as
> * the source side of the mapping. The tagged definitions must belong
> * to the same realm as stated in srcrealm. If the special meaning
> * tag "all" is given then all the definitions in the nat_realm
> * with the same realm as stated in srcrealm is matched.
> *
> * Src or dest definitions defults to "all" which is all addresses
> * in the matching (src/dest) realm as defined in nat_realm_* group.
> *
> * @param srcip is the ipv4 source ip address of a mapping.
> *
> * @param srcipnet is the ipv4 network which forms the source mapping.
> *
> * @param scrip is the source ipv4 address that forms the lower bound
> * of an ip range.
> *
> * @param srcipto is the source ipv4 address that forms the upper
> * bound of an ip range.
> *
> * @param srcport is the range of tcp and/or udp ports to be used in
> * the mapping.
> *
> * @param destip is the ipv4 destination address of the mapping
> *
> * @param destipnet is the ipv4 network that is the destination ip
> * addresses for the mapping.
> *
> * @param destip is the ipv4 address that forms the lower bound of the
> * destination ip range.
> *
> * @param destipto is the ipv4 address that forms the upper bound of
> * the destination ip range.
> *
> * @param desttag maps the nat_realm* definitions with this tag as
> * the destination side of the mapping. The tagged definitions must
> * belong to the same realm as stated in srcrealm. If the special
> * meaning tag "all" is given then all the definitions in the nat_realm
> * with the same realm as stated in srcrealm is matched.
> *
> * @param destport is a list of tcp and/or udp ports to use for the
> * dynamic mapping.
> *
> * @param binding This argument can be "dynamic" (default) or "fixed"
> * Dynamic can be a new mapping each time the mapping is used for a
> * new connection (from src side). "fixed" is using the same source
> * and destination mapping each time the src ip/port is connecting.
> */
> create_nat_dynamic_map4 ? description:txt & \
> srcrealm:txt & \
> srcip:ipv4 & srcipto:ipv4 & \
> srcipnet:ipv4net & \
> srctag:txt & \
> srcport:ipv4ports & \
> destrealm:txt & \
> destip:ipv4 & destipto:ipv4 & \
> destipnet:ipv4net & \
> desttag:txt & \
> destport:ipv4ports & \
> binding:txt
>
> /**
> * delete_nat_dynamic_map4
> *
> * The delete_nat_dynamic_map4 function deletes the elements from the
> * nat_dynamic_map4 table that matches the supplied parameters.
> *
> * @param srcrealm matches source realm parameter of mappings.
> *
> * @param srctag matches the source tag paramter of the mappings to
> * be deleted.
> * If the special meaning tag "all" is given then all the definitions
> * with this tag on the source side is matched. With the same realm
> * as stated in srcrealm is matched.
> *
> * @param srcip matches the ipv4 source ip, or the lower bound of an
> * ipv4 ip-range to be deleted.
> *
> * @param srcipto matches the source ipv4 address that forms the upper
> * bound of an ip range to be deleted.
> *
> * @param srcipnet matches the source ipv4 network to be deleted.
> *
> * @param srcport is the tcp and/or udp port range to be deleted.
> *
> * @param destip matches the ipv4 destination address of the mapping
> * or the ipv4 address that forms the lower bound of the destination
> * ip range.
> *
> * @param destipto matches the destination ipv4 address to be deleted.
> *
> * @param destipnet matches the destination ipv4 network.
> *
> * @param desttag maps the mappings with this tag as the destination
> * side of the mapping. The tagged definitions must belong to the
> * same realm as stated in srcrealm. If the special
> * meaning tag "all" is given then all the definitions in the
> * nat_dynamic_realm with the same source realm as stated in srcrealm
> * is matched.
> *
> * @param destport is a list of tcp and/or udp ports to be deleted.
> *
> * @param binding This argument can be "dynamic" (default) or "fixed"
> * Dynamic can be a new mapping each time the mapping is used for a
> * new connection (from src side). "fixed" is using the same source
> * and destination mapping each time the src ip/port is connecting.
> */
> delete_nat_dynamic_map4 ? srcrealm:txt & \
> srcip:ipv4 & srcipto:ipv4 & \
> srcipnet:ipv4net & \
> srctag:txt & \
> srcport:ipv4ports & \
> destrealm:txt & \
> destip:ipv4 & destipto:ipv4 & \
> destipnet:ipv4net & \
> desttag:txt & \
> destport:ipv4ports & \
> binding:txt
>
> /**
> * get_nat_dynamic_map4
> *
> * The get_nat_dynamic_map4 function returns the elements from the
> * nat_dynamic_map4 table that matches all the supplied parameters.
> *
> * @param srcrealm matches source realm parameter of the mappings.
> *
> * @param srctag matches the source tag parameter of the mappings.
> * If the special meaning tag "all" is given then all the definitions
> * with this tag on the source side is matched. With the same realm
> * as stated in srcrealm is matched.
> *
> * @param srcip matches the ipv4 source ip, or the lower bound of an
> * ipv4 ip-range.
> *
> * @param srcipto matches the source ipv4 address that forms the upper
> * bound of an ip range.
> *
> * @param srcipnet matches the source ipv4 network.
> *
> * @param srcport is the tcp and/or udp range to be returned.
> *
> * @param destip matches the ipv4 destination address of the mapping
> * or the ipv4 address that forms the lower bound of the destination
> * ip range.
> *
> * @param destipto matches the destination ipv4 address.
> *
> * @param destipnet matches the destination ipv4 network.
> *
> * @param desttag maps the mappings with this tag as the destination
> * side of the mapping. The tagged definitions must belong to the
> * same realm as stated in srcrealm. If the special
> * mening tag "all" is given then all the definitions in the
> * nat_dynamic_realm with the same source realm as stated in srcrealm
> * is matched.
> *
> * @param destport is a list of tcp and/or udp ports to be returned.
> *
> * @param binding This argument can be "dynamic" (default) or "fixed"
> * Dynamic can be a new mapping each time the mapping is used for a
> * new connection (from src side). "fixed" is using the same source
> * and destination mapping each time the src ip/port is connecting.
> */
> get_nat_dynamic_map4 ? description:txt & \
> srcrealm:txt & \
> srcip:ipv4 & srcipto:ipv4 & \
> srcipnet:ipv4net & \
> srctag:txt & \
> srcport:ipv4ports & \
> destrealm:txt & \
> destip:ipv4 & destipto:ipv4 & \
> destipnet:ipv4net & \
> desttag:txt & \
> destport:ipv4ports & \
> binding:txt -> nat_dynamic_map4s:list
>
>
>
> /**
> * lsnat_map functions - define Load Sharing NAT (LSNAT) functionality.
> *
> * lsnat_map defines hosts at the destination side which is to be
> * loadshared when accesses via a common global address and port,
> * defined at the source side.
> *
> * The lsnat_map function has a range of ways to define ipv4 addresses,
> * ipv4 networks and ipv4 ip address ranges.
> * The parameters can define either a single ip address, a contigous
> * range of IP addresses or a subnet, or a tag.
> * The source and destination side of a mapping can each take all
> * 4 forms.
> *
> * To specify an single ip address the ip parameter is used. The
> * ipto paramter must be NULL.
> *
> * To specify a contiguous range of IP addresses, the ip and ipto
> * parameters are used. The ipnet parameter must be NULL.
> *
> * To specify an ipnetwork, the ipnet parameters must be specified.
> * The ipnet takes a sub net-address and a sub net-mask. The ip and ipto
> * parameters must be NULL.
> *
> * To use a named tag from the nat_realm definitions, specify the tag
> * at the tag parameter. The ip, ipto and ipnet parameters must be
> * NULL. Tags with the special value "all" matches all defined
> * addresses in the same realm as the tag.
> *
> * @param srcrealm defines which realm the source addresses belongs
> * to. The common ip addresses to access the load shared services must
> * be load shared must be connected to the source side of the map.
> *
> * @param destrealm defines which realm the destination addresses
> * belongs to (host network realm). The ip addresses of the hosts
> * with the services to be load shared is on this realm.
> *
> * @param srcip is the ipv4 source ip address of a mapping.
> *
> * @param srcipto is the source ipv4 address that forms the upper
> * bound of an ip range.
> *
> * @param srcipnet is the ipv4 network which forms the source mapping.
> * bound of an ip range.
> *
> * @param srctag maps all nat_realm definitions with the same tag as
> * the source definition. The special tag value "all" matches all
> * definitions from the nat_realm with the same realm.
> *
> * @param srcport is the list of tcp and/or udp ports to created.
> *
> * @param destip is the ipv4 destination address of the mapping
> *
> * @param destipto is the ipv4 address that forms the upper bound of
> * the destination ip range.
> *
> * @param destipnet is the ipv4 network that is the destination ip
> * addresses for the mapping.
> *
> * @param desttag maps all nat_realm definitions with the same tag as
> * the destination definition. The special tag value "all" matches all
> * definitions from the nat_realm with the same realm.
> *
> * @param destport is the tcp and/or udp port to load share.
> *
> * @param lsalgorithm defines the load sharing algorithm, and takes
> * the values: round-robin, random, (more ?), ...
> *
> */
>
> /**
> * create_lsnat_map4 function -
> * Creates a lsnat_map4 table entry to the nat mappings.
> */
> create_lsnat_map4 ? description:txt & \
> srcrealm:txt & \
> srcip:ipv4 & srcipto:ipv4 & \
> srcipnet:ipv4net & \
> srctag:txt & \
> srcport:ipv4ports & \
> destrealm:txt & \
> destip:ipv4 & destipto:ipv4 & \
> destipnet:ipv4net & \
> desttag:txt & \
> destport:ipv4ports & \
> lsalgorithm:txt
>
> /**
> * delete_lsnat_map4 function -
> * Deletes the lsnat_map4 tableentries from the nat mappings that
> * matches all the defined parameters.
> */
> delete_lsnat_map4 ? srcrealm:txt & \
> srcip:ipv4 & srcipto:ipv4 & \
> srcipnet:ipv4net & \
> srctag:txt & \
> srcport:ipv4ports & \
> destrealm:txt & \
> destip:ipv4 & destipto:ipv4 & \
> destipnet:ipv4net & \
> desttag:txt & \
> destport:ipv4ports & \
>
> /**
> * get_lsnat_map4 function -
> * Lists lsnat_map4 table entries that matches all the defined the
> * parameters.
> */
> get_lsnat_map4 ? description:txt & \
> srcrealm:txt & \
> srcip:ipv4 & srcipto:ipv4 & \
> srcipnet:ipv4net & \
> srctag:txt & \
> srcport:ipv4ports & \
> destrealm:txt & \
> destip:ipv4 & destipto:ipv4 & \
> destipnet:ipv4net & \
> desttag:txt & \
> destport:ipv4ports & \
> lsalgorithm:txt -> lsnat_map4s:list
> }
>
>
>
> --------------040204020303010209060700--
> _______________________________________________
> Xorp-hackers mailing list
> Xorp-hackers@icir.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-hackers