xref: /freebsd/sys/netpfil/ipfw/nat64/nat64_translate.h (revision 5dae51da3da0cc94d17bd67b308fad304ebec7e0) 
1 /*-
2  * Copyright (c) 2015-2016 Yandex LLC
3  * Copyright (c) 2015-2016 Andrey V. Elsukov <ae@FreeBSD.org>
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  *
27  * $FreeBSD$
28  */
29 
30 #ifndef	_IP_FW_NAT64_TRANSLATE_H_
31 #define	_IP_FW_NAT64_TRANSLATE_H_
32 
33 #ifdef RTALLOC_NOLOCK
34 #define	IN_LOOKUP_ROUTE(ro, fib)	rtalloc_fib_nolock((ro), 0, (fib))
35 #define	IN6_LOOKUP_ROUTE(ro, fib)	in6_rtalloc_nolock((ro), (fib))
36 #define	FREE_ROUTE(ro)
37 #else
38 #define	IN_LOOKUP_ROUTE(ro, fib)	rtalloc_ign_fib((ro), 0, (fib))
39 #define	IN6_LOOKUP_ROUTE(ro, fib)	in6_rtalloc((ro), (fib))
40 #define	FREE_ROUTE(ro)			RO_RTFREE((ro))
41 #endif
42 
43 static inline int
44 nat64_check_ip6(struct in6_addr *addr)
45 {
46 
47 	/* XXX: We should really check /8 */
48 	if (addr->s6_addr16[0] == 0 || /* 0000::/8 Reserved by IETF */
49 	    IN6_IS_ADDR_MULTICAST(addr) || IN6_IS_ADDR_LINKLOCAL(addr))
50 		return (1);
51 	return (0);
52 }
53 
54 extern int nat64_allow_private;
55 static inline int
56 nat64_check_private_ip4(in_addr_t ia)
57 {
58 
59 	if (nat64_allow_private)
60 		return (0);
61 	/* WKPFX must not be used to represent non-global IPv4 addresses */
62 //	if (cfg->flags & NAT64_WKPFX) {
63 		/* IN_PRIVATE */
64 		if ((ia & htonl(0xff000000)) == htonl(0x0a000000) ||
65 		    (ia & htonl(0xfff00000)) == htonl(0xac100000) ||
66 		    (ia & htonl(0xffff0000)) == htonl(0xc0a80000))
67 			return (1);
68 		/*
69 		 * RFC 5735:
70 		 *  192.0.0.0/24 - reserved for IETF protocol assignments
71 		 *  192.88.99.0/24 - for use as 6to4 relay anycast addresses
72 		 *  198.18.0.0/15 - for use in benchmark tests
73 		 *  192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24 - for use
74 		 *   in documentation and example code
75 		 */
76 		if ((ia & htonl(0xffffff00)) == htonl(0xc0000000) ||
77 		    (ia & htonl(0xffffff00)) == htonl(0xc0586300) ||
78 		    (ia & htonl(0xfffffe00)) == htonl(0xc6120000) ||
79 		    (ia & htonl(0xffffff00)) == htonl(0xc0000200) ||
80 		    (ia & htonl(0xfffffe00)) == htonl(0xc6336400) ||
81 		    (ia & htonl(0xffffff00)) == htonl(0xcb007100))
82 			return (1);
83 //	}
84 	return (0);
85 }
86 
87 static inline int
88 nat64_check_ip4(in_addr_t ia)
89 {
90 
91 	/* IN_LOOPBACK */
92 	if ((ia & htonl(0xff000000)) == htonl(0x7f000000))
93 		return (1);
94 	/* IN_LINKLOCAL */
95 	if ((ia & htonl(0xffff0000)) == htonl(0xa9fe0000))
96 		return (1);
97 	/* IN_MULTICAST & IN_EXPERIMENTAL */
98 	if ((ia & htonl(0xe0000000)) == htonl(0xe0000000))
99 		return (1);
100 	return (0);
101 }
102 
103 #define	nat64_get_ip4(_ip6)		((_ip6)->s6_addr32[3])
104 #define	nat64_set_ip4(_ip6, _ip4)	(_ip6)->s6_addr32[3] = (_ip4)
105 
106 int nat64_getlasthdr(struct mbuf *m, int *offset);
107 int nat64_do_handle_ip4(struct mbuf *m, struct in6_addr *saddr,
108     struct in6_addr *daddr, uint16_t lport, nat64_stats_block *stats,
109     void *logdata);
110 int nat64_do_handle_ip6(struct mbuf *m, uint32_t aaddr, uint16_t aport,
111     nat64_stats_block *stats, void *logdata);
112 int nat64_handle_icmp6(struct mbuf *m, int hlen, uint32_t aaddr, uint16_t aport,
113     nat64_stats_block *stats, void *logdata);
114 
115 #endif
116 
117