1 /*- 2 * Copyright (c) 2015-2016 Yandex LLC 3 * Copyright (c) 2015-2016 Andrey V. Elsukov <ae@FreeBSD.org> 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 * 27 * $FreeBSD$ 28 */ 29 30 #ifndef _IP_FW_NAT64_TRANSLATE_H_ 31 #define _IP_FW_NAT64_TRANSLATE_H_ 32 33 static inline int 34 nat64_check_ip6(struct in6_addr *addr) 35 { 36 37 /* XXX: We should really check /8 */ 38 if (addr->s6_addr16[0] == 0 || /* 0000::/8 Reserved by IETF */ 39 IN6_IS_ADDR_MULTICAST(addr) || IN6_IS_ADDR_LINKLOCAL(addr)) 40 return (1); 41 return (0); 42 } 43 44 extern int nat64_allow_private; 45 static inline int 46 nat64_check_private_ip4(in_addr_t ia) 47 { 48 49 if (nat64_allow_private) 50 return (0); 51 /* WKPFX must not be used to represent non-global IPv4 addresses */ 52 // if (cfg->flags & NAT64_WKPFX) { 53 /* IN_PRIVATE */ 54 if ((ia & htonl(0xff000000)) == htonl(0x0a000000) || 55 (ia & htonl(0xfff00000)) == htonl(0xac100000) || 56 (ia & htonl(0xffff0000)) == htonl(0xc0a80000)) 57 return (1); 58 /* 59 * RFC 5735: 60 * 192.0.0.0/24 - reserved for IETF protocol assignments 61 * 192.88.99.0/24 - for use as 6to4 relay anycast addresses 62 * 198.18.0.0/15 - for use in benchmark tests 63 * 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24 - for use 64 * in documentation and example code 65 */ 66 if ((ia & htonl(0xffffff00)) == htonl(0xc0000000) || 67 (ia & htonl(0xffffff00)) == htonl(0xc0586300) || 68 (ia & htonl(0xfffffe00)) == htonl(0xc6120000) || 69 (ia & htonl(0xffffff00)) == htonl(0xc0000200) || 70 (ia & htonl(0xfffffe00)) == htonl(0xc6336400) || 71 (ia & htonl(0xffffff00)) == htonl(0xcb007100)) 72 return (1); 73 // } 74 return (0); 75 } 76 77 static inline int 78 nat64_check_ip4(in_addr_t ia) 79 { 80 81 /* IN_LOOPBACK */ 82 if ((ia & htonl(0xff000000)) == htonl(0x7f000000)) 83 return (1); 84 /* IN_LINKLOCAL */ 85 if ((ia & htonl(0xffff0000)) == htonl(0xa9fe0000)) 86 return (1); 87 /* IN_MULTICAST & IN_EXPERIMENTAL */ 88 if ((ia & htonl(0xe0000000)) == htonl(0xe0000000)) 89 return (1); 90 return (0); 91 } 92 93 #define nat64_get_ip4(_ip6) ((_ip6)->s6_addr32[3]) 94 #define nat64_set_ip4(_ip6, _ip4) (_ip6)->s6_addr32[3] = (_ip4) 95 96 int nat64_getlasthdr(struct mbuf *m, int *offset); 97 int nat64_do_handle_ip4(struct mbuf *m, struct in6_addr *saddr, 98 struct in6_addr *daddr, uint16_t lport, nat64_stats_block *stats, 99 void *logdata); 100 int nat64_do_handle_ip6(struct mbuf *m, uint32_t aaddr, uint16_t aport, 101 nat64_stats_block *stats, void *logdata); 102 int nat64_handle_icmp6(struct mbuf *m, int hlen, uint32_t aaddr, uint16_t aport, 103 nat64_stats_block *stats, void *logdata); 104 105 #endif 106 107