1 | /*- |
---|
2 | * Copyright (c) 2015-2016 Yandex LLC |
---|
3 | * Copyright (c) 2015-2016 Andrey V. Elsukov <ae@FreeBSD.org> |
---|
4 | * All rights reserved. |
---|
5 | * |
---|
6 | * Redistribution and use in source and binary forms, with or without |
---|
7 | * modification, are permitted provided that the following conditions |
---|
8 | * are met: |
---|
9 | * |
---|
10 | * 1. Redistributions of source code must retain the above copyright |
---|
11 | * notice, this list of conditions and the following disclaimer. |
---|
12 | * 2. Redistributions in binary form must reproduce the above copyright |
---|
13 | * notice, this list of conditions and the following disclaimer in the |
---|
14 | * documentation and/or other materials provided with the distribution. |
---|
15 | * |
---|
16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
---|
17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
---|
18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
---|
19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
---|
20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
---|
21 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
---|
22 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
---|
23 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
---|
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
---|
25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
---|
26 | * |
---|
27 | * $FreeBSD$ |
---|
28 | */ |
---|
29 | |
---|
30 | #ifndef _IP_FW_NAT64_TRANSLATE_H_ |
---|
31 | #define _IP_FW_NAT64_TRANSLATE_H_ |
---|
32 | |
---|
33 | #ifdef RTALLOC_NOLOCK |
---|
34 | #define IN_LOOKUP_ROUTE(ro, fib) rtalloc_fib_nolock((ro), 0, (fib)) |
---|
35 | #define IN6_LOOKUP_ROUTE(ro, fib) in6_rtalloc_nolock((ro), (fib)) |
---|
36 | #define FREE_ROUTE(ro) |
---|
37 | #else |
---|
38 | #define IN_LOOKUP_ROUTE(ro, fib) rtalloc_ign_fib((ro), 0, (fib)) |
---|
39 | #define IN6_LOOKUP_ROUTE(ro, fib) in6_rtalloc((ro), (fib)) |
---|
40 | #define FREE_ROUTE(ro) RO_RTFREE((ro)) |
---|
41 | #endif |
---|
42 | |
---|
43 | static inline int |
---|
44 | nat64_check_ip6(struct in6_addr *addr) |
---|
45 | { |
---|
46 | |
---|
47 | /* XXX: We should really check /8 */ |
---|
48 | if (addr->s6_addr16[0] == 0 || /* 0000::/8 Reserved by IETF */ |
---|
49 | IN6_IS_ADDR_MULTICAST(addr) || IN6_IS_ADDR_LINKLOCAL(addr)) |
---|
50 | return (1); |
---|
51 | return (0); |
---|
52 | } |
---|
53 | |
---|
54 | extern int nat64_allow_private; |
---|
55 | static inline int |
---|
56 | nat64_check_private_ip4(in_addr_t ia) |
---|
57 | { |
---|
58 | |
---|
59 | if (nat64_allow_private) |
---|
60 | return (0); |
---|
61 | /* WKPFX must not be used to represent non-global IPv4 addresses */ |
---|
62 | // if (cfg->flags & NAT64_WKPFX) { |
---|
63 | /* IN_PRIVATE */ |
---|
64 | if ((ia & htonl(0xff000000)) == htonl(0x0a000000) || |
---|
65 | (ia & htonl(0xfff00000)) == htonl(0xac100000) || |
---|
66 | (ia & htonl(0xffff0000)) == htonl(0xc0a80000)) |
---|
67 | return (1); |
---|
68 | /* |
---|
69 | * RFC 5735: |
---|
70 | * 192.0.0.0/24 - reserved for IETF protocol assignments |
---|
71 | * 192.88.99.0/24 - for use as 6to4 relay anycast addresses |
---|
72 | * 198.18.0.0/15 - for use in benchmark tests |
---|
73 | * 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24 - for use |
---|
74 | * in documentation and example code |
---|
75 | */ |
---|
76 | if ((ia & htonl(0xffffff00)) == htonl(0xc0000000) || |
---|
77 | (ia & htonl(0xffffff00)) == htonl(0xc0586300) || |
---|
78 | (ia & htonl(0xfffffe00)) == htonl(0xc6120000) || |
---|
79 | (ia & htonl(0xffffff00)) == htonl(0xc0000200) || |
---|
80 | (ia & htonl(0xfffffe00)) == htonl(0xc6336400) || |
---|
81 | (ia & htonl(0xffffff00)) == htonl(0xcb007100)) |
---|
82 | return (1); |
---|
83 | // } |
---|
84 | return (0); |
---|
85 | } |
---|
86 | |
---|
87 | static inline int |
---|
88 | nat64_check_ip4(in_addr_t ia) |
---|
89 | { |
---|
90 | |
---|
91 | /* IN_LOOPBACK */ |
---|
92 | if ((ia & htonl(0xff000000)) == htonl(0x7f000000)) |
---|
93 | return (1); |
---|
94 | /* IN_LINKLOCAL */ |
---|
95 | if ((ia & htonl(0xffff0000)) == htonl(0xa9fe0000)) |
---|
96 | return (1); |
---|
97 | /* IN_MULTICAST & IN_EXPERIMENTAL */ |
---|
98 | if ((ia & htonl(0xe0000000)) == htonl(0xe0000000)) |
---|
99 | return (1); |
---|
100 | return (0); |
---|
101 | } |
---|
102 | |
---|
103 | #define nat64_get_ip4(_ip6) ((_ip6)->s6_addr32[3]) |
---|
104 | #define nat64_set_ip4(_ip6, _ip4) (_ip6)->s6_addr32[3] = (_ip4) |
---|
105 | |
---|
106 | int nat64_getlasthdr(struct mbuf *m, int *offset); |
---|
107 | int nat64_do_handle_ip4(struct mbuf *m, struct in6_addr *saddr, |
---|
108 | struct in6_addr *daddr, uint16_t lport, nat64_stats_block *stats, |
---|
109 | void *logdata); |
---|
110 | int nat64_do_handle_ip6(struct mbuf *m, uint32_t aaddr, uint16_t aport, |
---|
111 | nat64_stats_block *stats, void *logdata); |
---|
112 | int nat64_handle_icmp6(struct mbuf *m, int hlen, uint32_t aaddr, uint16_t aport, |
---|
113 | nat64_stats_block *stats, void *logdata); |
---|
114 | |
---|
115 | #endif |
---|
116 | |
---|