xref: /freebsd/sys/netinet6/ip_fw_nat64.h (revision 389e4940069316fe667ffa263fa7d6390d0a960f) 
1 /*-
2  * Copyright (c) 2015 Yandex LLC
3  * Copyright (c) 2015 Alexander V. Chernikov <melifaro@FreeBSD.org>
4  * Copyright (c) 2016 Andrey V. Elsukov <ae@FreeBSD.org>
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  *
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27  *
28  * $FreeBSD$
29  */
30 
31 #ifndef	_NETINET6_IP_FW_NAT64_H_
32 #define	_NETINET6_IP_FW_NAT64_H_
33 
34 struct ipfw_nat64stl_stats {
35 	uint64_t	opcnt64;	/* 6to4 of packets translated */
36 	uint64_t	opcnt46;	/* 4to6 of packets translated */
37 	uint64_t	ofrags;		/* number of fragments generated */
38 	uint64_t	ifrags;		/* number of fragments received */
39 	uint64_t	oerrors;	/* number of output errors */
40 	uint64_t	noroute4;
41 	uint64_t	noroute6;
42 	uint64_t	noproto;	/* Protocol not supported */
43 	uint64_t	nomem;		/* mbuf allocation filed */
44 	uint64_t	dropped;	/* dropped due to some errors */
45 };
46 
47 struct ipfw_nat64lsn_stats {
48 	uint64_t	opcnt64;	/* 6to4 of packets translated */
49 	uint64_t	opcnt46;	/* 4to6 of packets translated */
50 	uint64_t	ofrags;		/* number of fragments generated */
51 	uint64_t	ifrags;		/* number of fragments received */
52 	uint64_t	oerrors;	/* number of output errors */
53 	uint64_t	noroute4;
54 	uint64_t	noroute6;
55 	uint64_t	noproto;	/* Protocol not supported */
56 	uint64_t	nomem;		/* mbuf allocation filed */
57 	uint64_t	dropped;	/* dropped due to some errors */
58 
59 	uint64_t	nomatch4;	/* No addr/port match */
60 	uint64_t	jcalls;		/* Number of job handler calls */
61 	uint64_t	jrequests;	/* Number of job requests */
62 	uint64_t	jhostsreq;	/* Number of job host requests */
63 	uint64_t	jportreq;	/* Number of portgroup requests */
64 	uint64_t	jhostfails;	/* Number of failed host allocs */
65 	uint64_t	jportfails;	/* Number of failed portgroup allocs */
66 	uint64_t	jreinjected;	/* Number of packets reinjected to q */
67 	uint64_t	jmaxlen;	/* Max queue length reached */
68 	uint64_t	jnomem;		/* No memory to alloc queue item */
69 
70 	uint64_t	screated;	/* Number of states created */
71 	uint64_t	sdeleted;	/* Number of states deleted */
72 	uint64_t	spgcreated;	/* Number of portgroups created */
73 	uint64_t	spgdeleted;	/* Number of portgroups deleted */
74 	uint64_t	hostcount;	/* Number of hosts  */
75 	uint64_t	tcpchunks;	/* Number of TCP chunks */
76 	uint64_t	udpchunks;	/* Number of UDP chunks */
77 	uint64_t	icmpchunks;	/* Number of ICMP chunks */
78 
79 	uint64_t	_reserved[4];
80 };
81 
82 #define	NAT64_LOG	0x0001		/* Enable logging via BPF */
83 
84 typedef struct _ipfw_nat64stl_cfg {
85 	char		name[64];	/* NAT name			*/
86 	ipfw_obj_ntlv	ntlv6;		/* object name tlv		*/
87 	ipfw_obj_ntlv	ntlv4;		/* object name tlv		*/
88 	struct in6_addr	prefix6;	/* NAT64 prefix */
89 	uint8_t		plen6;		/* Prefix length */
90 	uint8_t		set;		/* Named instance set [0..31] */
91 	uint8_t		spare[2];
92 	uint32_t	flags;
93 } ipfw_nat64stl_cfg;
94 
95 /*
96  * NAT64LSN default configuration values
97  */
98 #define	NAT64LSN_MAX_PORTS	2048	/* Max number of ports per host */
99 #define	NAT64LSN_JMAXLEN	2048	/* Max outstanding requests. */
100 #define	NAT64LSN_TCP_SYN_AGE	10	/* State's TTL after SYN received. */
101 #define	NAT64LSN_TCP_EST_AGE	(2 * 3600) /* TTL for established connection */
102 #define	NAT64LSN_TCP_FIN_AGE	180	/* State's TTL after FIN/RST received */
103 #define	NAT64LSN_UDP_AGE	120	/* TTL for UDP states */
104 #define	NAT64LSN_ICMP_AGE	60	/* TTL for ICMP states */
105 #define	NAT64LSN_HOST_AGE	3600	/* TTL for stale host entry */
106 #define	NAT64LSN_PG_AGE		900	/* TTL for stale ports groups */
107 
108 typedef struct _ipfw_nat64lsn_cfg {
109 	char		name[64];	/* NAT name			*/
110 	uint32_t	flags;
111 	uint32_t	max_ports;	/* Max ports per client */
112 	uint32_t	agg_prefix_len;	/* Prefix length to count */
113 	uint32_t	agg_prefix_max;	/* Max hosts per agg prefix */
114 	struct in_addr	prefix4;
115 	uint16_t	plen4;		/* Prefix length */
116 	uint16_t	plen6;		/* Prefix length */
117 	struct in6_addr	prefix6;	/* NAT64 prefix */
118 	uint32_t	jmaxlen;	/* Max jobqueue length */
119 	uint16_t	min_port;	/* Min port group # to use */
120 	uint16_t	max_port;	/* Max port group # to use */
121 	uint16_t	nh_delete_delay;/* Stale host delete delay */
122 	uint16_t	pg_delete_delay;/* Stale portgroup delete delay */
123 	uint16_t	st_syn_ttl;	/* TCP syn expire */
124 	uint16_t	st_close_ttl;	/* TCP fin expire */
125 	uint16_t	st_estab_ttl;	/* TCP established expire */
126 	uint16_t	st_udp_ttl;	/* UDP expire */
127 	uint16_t	st_icmp_ttl;	/* ICMP expire */
128 	uint8_t		set;		/* Named instance set [0..31] */
129 	uint8_t		spare;
130 } ipfw_nat64lsn_cfg;
131 
132 typedef struct _ipfw_nat64lsn_state {
133 	struct in_addr	daddr;		/* Remote IPv4 address */
134 	uint16_t	dport;		/* Remote destination port */
135 	uint16_t	aport;		/* Local alias port */
136 	uint16_t	sport;		/* Source port */
137 	uint8_t		flags;		/* State flags */
138 	uint8_t		spare[3];
139 	uint16_t	idle;		/* Last used time */
140 } ipfw_nat64lsn_state;
141 
142 typedef struct _ipfw_nat64lsn_stg {
143 	uint64_t	next_idx;	/* next state index */
144 	struct in_addr	alias4;		/* IPv4 alias address */
145 	uint8_t		proto;		/* protocol */
146 	uint8_t		flags;
147 	uint16_t	spare;
148 	struct in6_addr	host6;		/* Bound IPv6 host */
149 	uint32_t	count;		/* Number of states */
150 	uint32_t	spare2;
151 } ipfw_nat64lsn_stg;
152 
153 #endif /* _NETINET6_IP_FW_NAT64_H_ */
154 
155