xref: /freebsd/sys/netinet6/ip_fw_nat64.h (revision 4a77657cbc011ea657ccb079fff6b58b295eccb0) 
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
3  *
4  * Copyright (c) 2015-2019 Yandex LLC
5  * Copyright (c) 2015 Alexander V. Chernikov <melifaro@FreeBSD.org>
6  * Copyright (c) 2015-2019 Andrey V. Elsukov <ae@FreeBSD.org>
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28  */
29 
30 #ifndef	_NETINET6_IP_FW_NAT64_H_
31 #define	_NETINET6_IP_FW_NAT64_H_
32 
33 struct ipfw_nat64stl_stats {
34 	uint64_t	opcnt64;	/* 6to4 of packets translated */
35 	uint64_t	opcnt46;	/* 4to6 of packets translated */
36 	uint64_t	ofrags;		/* number of fragments generated */
37 	uint64_t	ifrags;		/* number of fragments received */
38 	uint64_t	oerrors;	/* number of output errors */
39 	uint64_t	noroute4;
40 	uint64_t	noroute6;
41 	uint64_t	noproto;	/* Protocol not supported */
42 	uint64_t	nomem;		/* mbuf allocation failed */
43 	uint64_t	dropped;	/* dropped due to some errors */
44 };
45 
46 struct ipfw_nat64clat_stats {
47 	uint64_t	opcnt64;	/* 6to4 of packets translated */
48 	uint64_t	opcnt46;	/* 4to6 of packets translated */
49 	uint64_t	ofrags;		/* number of fragments generated */
50 	uint64_t	ifrags;		/* number of fragments received */
51 	uint64_t	oerrors;	/* number of output errors */
52 	uint64_t	noroute4;
53 	uint64_t	noroute6;
54 	uint64_t	noproto;	/* Protocol not supported */
55 	uint64_t	nomem;		/* mbuf allocation failed */
56 	uint64_t	dropped;	/* dropped due to some errors */
57 };
58 
59 struct ipfw_nat64lsn_stats {
60 	uint64_t	opcnt64;	/* 6to4 of packets translated */
61 	uint64_t	opcnt46;	/* 4to6 of packets translated */
62 	uint64_t	ofrags;		/* number of fragments generated */
63 	uint64_t	ifrags;		/* number of fragments received */
64 	uint64_t	oerrors;	/* number of output errors */
65 	uint64_t	noroute4;
66 	uint64_t	noroute6;
67 	uint64_t	noproto;	/* Protocol not supported */
68 	uint64_t	nomem;		/* mbuf allocation failed */
69 	uint64_t	dropped;	/* dropped due to some errors */
70 
71 	uint64_t	nomatch4;	/* No addr/port match */
72 	uint64_t	jcalls;		/* Number of job handler calls */
73 	uint64_t	jrequests;	/* Number of job requests */
74 	uint64_t	jhostsreq;	/* Number of job host requests */
75 	uint64_t	jportreq;	/* Number of portgroup requests */
76 	uint64_t	jhostfails;	/* Number of failed host allocs */
77 	uint64_t	jportfails;	/* Number of failed portgroup allocs */
78 	uint64_t	jreinjected;	/* Number of packets reinjected to q */
79 	uint64_t	jmaxlen;	/* Max queue length reached */
80 	uint64_t	jnomem;		/* No memory to alloc queue item */
81 
82 	uint64_t	screated;	/* Number of states created */
83 	uint64_t	sdeleted;	/* Number of states deleted */
84 	uint64_t	spgcreated;	/* Number of portgroups created */
85 	uint64_t	spgdeleted;	/* Number of portgroups deleted */
86 	uint64_t	hostcount;	/* Number of hosts  */
87 	uint64_t	tcpchunks;	/* Number of TCP portgroups */
88 	uint64_t	udpchunks;	/* Number of UDP portgroups */
89 	uint64_t	icmpchunks;	/* Number of ICMP portgroups */
90 
91 	uint64_t	_reserved[4];
92 };
93 
94 #define	NAT64_LOG		0x0001	/* Enable logging via BPF */
95 #define	NAT64_ALLOW_PRIVATE	0x0002	/* Allow private IPv4 address
96 					 * translation
97 					 */
98 #define	NAT64LSN_ALLOW_SWAPCONF	0x0004	/* Allow configuration exchange
99 					 * between NAT64LSN instances
100 					 * during the sets swapping.
101 					 */
102 typedef struct _ipfw_nat64stl_cfg {
103 	char		name[64];	/* NAT name			*/
104 	ipfw_obj_ntlv	ntlv6;		/* object name tlv		*/
105 	ipfw_obj_ntlv	ntlv4;		/* object name tlv		*/
106 	struct in6_addr	prefix6;	/* NAT64 prefix */
107 	uint8_t		plen6;		/* Prefix length */
108 	uint8_t		set;		/* Named instance set [0..31] */
109 	uint8_t		spare[2];
110 	uint32_t	flags;
111 } ipfw_nat64stl_cfg;
112 
113 typedef struct _ipfw_nat64clat_cfg {
114 	char		name[64];	/* NAT name			*/
115 	struct in6_addr	plat_prefix;	/* NAT64 (PLAT) prefix */
116 	struct in6_addr	clat_prefix;	/* Client (CLAT) prefix */
117 	uint8_t		plat_plen;	/* PLAT Prefix length */
118 	uint8_t		clat_plen;	/* CLAT Prefix length */
119 	uint8_t		set;		/* Named instance set [0..31] */
120 	uint8_t		spare;
121 	uint32_t	flags;
122 } ipfw_nat64clat_cfg;
123 
124 /*
125  * NAT64LSN default configuration values
126  */
127 #define	NAT64LSN_MAX_PORTS	2048	/* Unused */
128 #define	NAT64LSN_JMAXLEN	2048	/* Max outstanding requests. */
129 #define	NAT64LSN_TCP_SYN_AGE	10	/* State's TTL after SYN received. */
130 #define	NAT64LSN_TCP_EST_AGE	(2 * 3600) /* TTL for established connection */
131 #define	NAT64LSN_TCP_FIN_AGE	180	/* State's TTL after FIN/RST received */
132 #define	NAT64LSN_UDP_AGE	120	/* TTL for UDP states */
133 #define	NAT64LSN_ICMP_AGE	60	/* TTL for ICMP states */
134 #define	NAT64LSN_HOST_AGE	3600	/* TTL for stale host entry */
135 #define	NAT64LSN_PG_AGE		900	/* TTL for stale ports groups */
136 
137 typedef struct _ipfw_nat64lsn_cfg {
138 	char		name[64];	/* NAT name			*/
139 	uint32_t	flags;
140 
141 	uint32_t	max_ports;      /* Unused */
142 	uint32_t	agg_prefix_len; /* Unused */
143 	uint32_t	agg_prefix_max; /* Unused */
144 
145 	struct in_addr	prefix4;
146 	uint16_t	plen4;		/* Prefix length */
147 	uint16_t	plen6;		/* Prefix length */
148 	struct in6_addr	prefix6;	/* NAT64 prefix */
149 	uint32_t	jmaxlen;	/* Max jobqueue length */
150 
151 	uint16_t	min_port;	/* Unused */
152 	uint16_t	max_port;	/* Unused */
153 
154 	uint16_t	nh_delete_delay;/* Stale host delete delay */
155 	uint16_t	pg_delete_delay;/* Stale portgroup delete delay */
156 	uint16_t	st_syn_ttl;	/* TCP syn expire */
157 	uint16_t	st_close_ttl;	/* TCP fin expire */
158 	uint16_t	st_estab_ttl;	/* TCP established expire */
159 	uint16_t	st_udp_ttl;	/* UDP expire */
160 	uint16_t	st_icmp_ttl;	/* ICMP expire */
161 	uint8_t		set;		/* Named instance set [0..31] */
162 	uint8_t		states_chunks;	/* Number of states chunks per PG */
163 } ipfw_nat64lsn_cfg;
164 
165 typedef struct _ipfw_nat64lsn_state {
166 	struct in_addr	daddr;		/* Remote IPv4 address */
167 	uint16_t	dport;		/* Remote destination port */
168 	uint16_t	aport;		/* Local alias port */
169 	uint16_t	sport;		/* Source port */
170 	uint8_t		flags;		/* State flags */
171 	uint8_t		spare[3];
172 	uint16_t	idle;		/* Last used time */
173 } ipfw_nat64lsn_state;
174 
175 typedef struct _ipfw_nat64lsn_stg {
176 	uint64_t	next_idx;	/* next state index */
177 	struct in_addr	alias4;		/* IPv4 alias address */
178 	uint8_t		proto;		/* protocol */
179 	uint8_t		flags;
180 	uint16_t	spare;
181 	struct in6_addr	host6;		/* Bound IPv6 host */
182 	uint32_t	count;		/* Number of states */
183 	uint32_t	spare2;
184 } ipfw_nat64lsn_stg;
185 
186 typedef struct _ipfw_nat64lsn_state_v1 {
187 	struct in6_addr	host6;		/* Bound IPv6 host */
188 	struct in_addr	daddr;		/* Remote IPv4 address */
189 	uint16_t	dport;		/* Remote destination port */
190 	uint16_t	aport;		/* Local alias port */
191 	uint16_t	sport;		/* Source port */
192 	uint16_t	spare;
193 	uint16_t	idle;		/* Last used time */
194 	uint8_t		flags;		/* State flags */
195 	uint8_t		proto;		/* protocol */
196 } ipfw_nat64lsn_state_v1;
197 
198 typedef struct _ipfw_nat64lsn_stg_v1 {
199 	union nat64lsn_pgidx {
200 		uint64_t	index;
201 		struct {
202 			uint8_t		chunk;	/* states chunk */
203 			uint8_t		proto;	/* protocol */
204 			uint16_t	port;	/* base port */
205 			in_addr_t	addr;	/* alias address */
206 		};
207 	} next;				/* next state index */
208 	struct in_addr	alias4;		/* IPv4 alias address */
209 	uint32_t	count;		/* Number of states */
210 } ipfw_nat64lsn_stg_v1;
211 
212 #endif /* _NETINET6_IP_FW_NAT64_H_ */
213