| 1 | /*- |
|---|
| 2 | * Copyright (c) 2015-2016 Yandex LLC |
|---|
| 3 | * Copyright (c) 2015-2016 Andrey V. Elsukov <ae@FreeBSD.org> |
|---|
| 4 | * All rights reserved. |
|---|
| 5 | * |
|---|
| 6 | * Redistribution and use in source and binary forms, with or without |
|---|
| 7 | * modification, are permitted provided that the following conditions |
|---|
| 8 | * are met: |
|---|
| 9 | * |
|---|
| 10 | * 1. Redistributions of source code must retain the above copyright |
|---|
| 11 | * notice, this list of conditions and the following disclaimer. |
|---|
| 12 | * 2. Redistributions in binary form must reproduce the above copyright |
|---|
| 13 | * notice, this list of conditions and the following disclaimer in the |
|---|
| 14 | * documentation and/or other materials provided with the distribution. |
|---|
| 15 | * |
|---|
| 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
|---|
| 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
|---|
| 18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|---|
| 19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
|---|
| 20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|---|
| 21 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|---|
| 22 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
|---|
| 23 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
|---|
| 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
|---|
| 25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|---|
| 26 | * |
|---|
| 27 | * $FreeBSD$ |
|---|
| 28 | */ |
|---|
| 29 | |
|---|
| 30 | #ifndef _IP_FW_NAT64_TRANSLATE_H_ |
|---|
| 31 | #define _IP_FW_NAT64_TRANSLATE_H_ |
|---|
| 32 | |
|---|
| 33 | #ifdef RTALLOC_NOLOCK |
|---|
| 34 | #define IN_LOOKUP_ROUTE(ro, fib) rtalloc_fib_nolock((ro), 0, (fib)) |
|---|
| 35 | #define IN6_LOOKUP_ROUTE(ro, fib) in6_rtalloc_nolock((ro), (fib)) |
|---|
| 36 | #define FREE_ROUTE(ro) |
|---|
| 37 | #else |
|---|
| 38 | #define IN_LOOKUP_ROUTE(ro, fib) rtalloc_ign_fib((ro), 0, (fib)) |
|---|
| 39 | #define IN6_LOOKUP_ROUTE(ro, fib) in6_rtalloc((ro), (fib)) |
|---|
| 40 | #define FREE_ROUTE(ro) RO_RTFREE((ro)) |
|---|
| 41 | #endif |
|---|
| 42 | |
|---|
| 43 | static inline int |
|---|
| 44 | nat64_check_ip6(struct in6_addr *addr) |
|---|
| 45 | { |
|---|
| 46 | |
|---|
| 47 | /* XXX: We should really check /8 */ |
|---|
| 48 | if (addr->s6_addr16[0] == 0 || /* 0000::/8 Reserved by IETF */ |
|---|
| 49 | IN6_IS_ADDR_MULTICAST(addr) || IN6_IS_ADDR_LINKLOCAL(addr)) |
|---|
| 50 | return (1); |
|---|
| 51 | return (0); |
|---|
| 52 | } |
|---|
| 53 | |
|---|
| 54 | extern int nat64_allow_private; |
|---|
| 55 | static inline int |
|---|
| 56 | nat64_check_private_ip4(in_addr_t ia) |
|---|
| 57 | { |
|---|
| 58 | |
|---|
| 59 | if (nat64_allow_private) |
|---|
| 60 | return (0); |
|---|
| 61 | /* WKPFX must not be used to represent non-global IPv4 addresses */ |
|---|
| 62 | // if (cfg->flags & NAT64_WKPFX) { |
|---|
| 63 | /* IN_PRIVATE */ |
|---|
| 64 | if ((ia & htonl(0xff000000)) == htonl(0x0a000000) || |
|---|
| 65 | (ia & htonl(0xfff00000)) == htonl(0xac100000) || |
|---|
| 66 | (ia & htonl(0xffff0000)) == htonl(0xc0a80000)) |
|---|
| 67 | return (1); |
|---|
| 68 | /* |
|---|
| 69 | * RFC 5735: |
|---|
| 70 | * 192.0.0.0/24 - reserved for IETF protocol assignments |
|---|
| 71 | * 192.88.99.0/24 - for use as 6to4 relay anycast addresses |
|---|
| 72 | * 198.18.0.0/15 - for use in benchmark tests |
|---|
| 73 | * 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24 - for use |
|---|
| 74 | * in documentation and example code |
|---|
| 75 | */ |
|---|
| 76 | if ((ia & htonl(0xffffff00)) == htonl(0xc0000000) || |
|---|
| 77 | (ia & htonl(0xffffff00)) == htonl(0xc0586300) || |
|---|
| 78 | (ia & htonl(0xfffffe00)) == htonl(0xc6120000) || |
|---|
| 79 | (ia & htonl(0xffffff00)) == htonl(0xc0000200) || |
|---|
| 80 | (ia & htonl(0xfffffe00)) == htonl(0xc6336400) || |
|---|
| 81 | (ia & htonl(0xffffff00)) == htonl(0xcb007100)) |
|---|
| 82 | return (1); |
|---|
| 83 | // } |
|---|
| 84 | return (0); |
|---|
| 85 | } |
|---|
| 86 | |
|---|
| 87 | static inline int |
|---|
| 88 | nat64_check_ip4(in_addr_t ia) |
|---|
| 89 | { |
|---|
| 90 | |
|---|
| 91 | /* IN_LOOPBACK */ |
|---|
| 92 | if ((ia & htonl(0xff000000)) == htonl(0x7f000000)) |
|---|
| 93 | return (1); |
|---|
| 94 | /* IN_LINKLOCAL */ |
|---|
| 95 | if ((ia & htonl(0xffff0000)) == htonl(0xa9fe0000)) |
|---|
| 96 | return (1); |
|---|
| 97 | /* IN_MULTICAST & IN_EXPERIMENTAL */ |
|---|
| 98 | if ((ia & htonl(0xe0000000)) == htonl(0xe0000000)) |
|---|
| 99 | return (1); |
|---|
| 100 | return (0); |
|---|
| 101 | } |
|---|
| 102 | |
|---|
| 103 | #define nat64_get_ip4(_ip6) ((_ip6)->s6_addr32[3]) |
|---|
| 104 | #define nat64_set_ip4(_ip6, _ip4) (_ip6)->s6_addr32[3] = (_ip4) |
|---|
| 105 | |
|---|
| 106 | int nat64_getlasthdr(struct mbuf *m, int *offset); |
|---|
| 107 | int nat64_do_handle_ip4(struct mbuf *m, struct in6_addr *saddr, |
|---|
| 108 | struct in6_addr *daddr, uint16_t lport, nat64_stats_block *stats, |
|---|
| 109 | void *logdata); |
|---|
| 110 | int nat64_do_handle_ip6(struct mbuf *m, uint32_t aaddr, uint16_t aport, |
|---|
| 111 | nat64_stats_block *stats, void *logdata); |
|---|
| 112 | int nat64_handle_icmp6(struct mbuf *m, int hlen, uint32_t aaddr, uint16_t aport, |
|---|
| 113 | nat64_stats_block *stats, void *logdata); |
|---|
| 114 | |
|---|
| 115 | #endif |
|---|
| 116 | |
|---|
![[RTEMS Logo]](/images/logo.png){kind=logo}
