1 files changed, 88 insertions, 0 deletions

diff --git a/sbin/ipnat/ipnat.4 b/sbin/ipnat/ipnat.4
new file mode 100644
index 00000000000..4962cf3df28
--- /dev/null
+++ b/sbin/ipnat/ipnat.4
@@ -0,0 +1,88 @@
+.TH IPNAT 4
+.SH NAME
+ipnat - Network Address Translation kernel interface
+.SH SYNOPSIS
+#include <sys/ip_fil.h>
+.SH IOCTLS
+.PP
+To add and delete rules to the NAT list, two 'basic' ioctls are provided
+for use.  The ioctl's are called as:
+.LP
+.nf
+	ioctl(fd, SIOCADNAT, struct ipnat *)
+	ioctl(fd, SIOCRMNAT, struct ipnat *)
+.fi
+.PP
+Unlike \fBipf(4)\fP, there is only a single list supported by the kernel NAT
+interface.  An inactive list which can be swapped to is not currently
+supported.
+
+These ioctl's are implemented as being routing ioctls and thus the same rules
+for the various routing ioctls and the file descriptor are employed, mainly
+being that the fd must be that of the device associated with the module
+(ie /dev/ipl).
+.LP
+.PP
+The strcture used with the NAT interface is described below:
+.LP
+.nf
+typedef struct  ipnat   {
+        struct  ipnat   *in_next;
+        void    *in_ifp;
+        u_short in_flags;
+        u_short in_pnext;
+        u_short in_port[2];
+        struct  in_addr in_in[2];
+        struct  in_addr in_out[2];
+        struct  in_addr in_nextip;
+        int     in_space;
+        int     in_redir; /* 0 if it's a mapping, 1 if it's a hard redir */
+        char    in_ifname[IFNAMSIZ];
+} ipnat_t;
+
+#define in_pmin         in_port[0]      /* Also holds static redir port */
+#define in_pmax         in_port[1]
+#define in_nip          in_nextip.s_addr
+#define in_inip         in_in[0].s_addr
+#define in_inmsk        in_in[1].s_addr
+#define in_outip        in_out[0].s_addr
+#define in_outmsk       in_out[1].s_addr
+
+.fi
+.PP
+Recognised values for in_redir:
+.LP
+.nf
+#define NAT_MAP         0
+#define NAT_REDIRECT    1
+.fi
+.PP
+.LP
+\fBNAT statistics\fP
+Statistics on the the number of packets mapped, going in and out are kept,
+the number of times a new entry is added and deleted (through expiration) to
+the NAT table and the current usage level of the NAT table.
+.PP
+Pointers to the NAT table inside the kernel, as well as to the top of the
+internal NAT lists constructed with the \fBSIOCADNAT\fP ioctls.  The table
+itself is a hash table of size NAT_SIZE (default size is 367).
+.PP
+To retrieve the statistics, the \fBSIOCGNATS\fP ioctl must be used, with
+the appropriate structure passed by reference, as follows:
+.nf
+	ioctl(fd, SIOCGNATS, struct natstat *)
+
+typedef struct  natstat {
+        u_long  ns_mapped[2];
+        u_long  ns_added;
+        u_long  ns_expire;
+        u_long  ns_inuse;
+        nat_t   ***ns_table;
+        ipnat_t *ns_list;
+} natstat_t;
+.fi
+.SH BUGS
+It would be nice if there were more flexibility when adding and deleting
+filter rules.
+.SH SEE ALSO
+ipfstat(1), ipf(1), ipf(4), ipnat(5)