Index: etc/mtree/BSD.tests.dist =================================================================== --- etc/mtree/BSD.tests.dist +++ etc/mtree/BSD.tests.dist @@ -813,6 +813,8 @@ netpfil common .. + ipfw + .. pf ioctl .. Index: sys/netpfil/ipfw/nat64/nat64clat.c =================================================================== --- sys/netpfil/ipfw/nat64/nat64clat.c +++ sys/netpfil/ipfw/nat64/nat64clat.c @@ -107,6 +107,14 @@ nat64clat_log(logdata, m, AF_INET, cfg->no.kidx); } else logdata = NULL; + + if (m->m_pkthdr.rcvif == NULL && + m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { + m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; + in_delayed_cksum(m); + m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; + } + return (nat64_do_handle_ip4(m, &saddr, &daddr, 0, &cfg->base, logdata)); } Index: tests/sys/netpfil/Makefile =================================================================== --- tests/sys/netpfil/Makefile +++ tests/sys/netpfil/Makefile @@ -9,4 +9,8 @@ common .endif +.if ${MK_INET_SUPPORT} != "no" || ${MK_INET6_SUPPORT} != "no" +TESTS_SUBDIRS+= ipfw +.endif + .include Index: tests/sys/netpfil/ipfw/Makefile =================================================================== --- tests/sys/netpfil/ipfw/Makefile +++ tests/sys/netpfil/ipfw/Makefile @@ -0,0 +1,9 @@ +# $FreeBSD$ + +PACKAGE= tests + +TESTSDIR= ${TESTSBASE}/sys/netpfil/ipfw + +ATF_TESTS_SH+= nat64clat + +.include Index: tests/sys/netpfil/ipfw/Makefile.depend =================================================================== --- tests/sys/netpfil/ipfw/Makefile.depend +++ tests/sys/netpfil/ipfw/Makefile.depend @@ -0,0 +1,11 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + + +.include + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +.endif Index: tests/sys/netpfil/ipfw/nat64clat.sh =================================================================== --- tests/sys/netpfil/ipfw/nat64clat.sh +++ tests/sys/netpfil/ipfw/nat64clat.sh @@ -0,0 +1,94 @@ +#- +# SPDX-License-Identifier: BSD-2-Clause-FreeBSD +# +# Copyright (c) 2020 Evgeniy Khramtsov +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +. $(atf_get_srcdir)/../../common/vnet.subr + +atf_test_case "ipfw_464xlat_clat_ue_l4_cksum" "cleanup" +ipfw_464xlat_clat_ue_l4_cksum_head() +{ + atf_set "descr" "Test ipfw 464XLAT CLAT UE L4 checksums" + atf_set "require.user" root +} + +ipfw_464xlat_clat_ue_l4_cksum_body() +{ + jname="ipfw_464xlat_clat_ue_l4_cksum_node-" + a="ipfw -q add" + + gway_v6="2001:db8::1" + node_v6="2001:db8::2" + clat_v4="192.168.1.1" + clat_v6="2001:db8::c0a8:101" + + vnet_init + epair=$(vnet_mkepair) + + vnet_mkjail ${jname}a ${epair}a + vnet_mkjail ${jname}b ${epair}b + + jexec ${jname}a ifconfig ${epair}a inet6 ${gway_v6}/64 auto_linklocal no_dad up + jexec ${jname}b ifconfig ${epair}b inet6 ${node_v6}/64 auto_linklocal no_dad prefer_source up + + jexec ${jname}b ifconfig ${epair}b inet ${clat_v4}/32 + jexec ${jname}b ifconfig ${epair}b inet6 ${clat_v6}/64 + jexec ${jname}b route -6 -q add default ${gway_v6} + jexec ${jname}b route -4 -q add default ${clat_v4} -mtu 1460 + + kldload ipfw + kldload ipfw_nat64 + jexec ${jname}a ${a} 10 pass all from any to any + jexec ${jname}b ipfw nat64clat UE create clat_prefix 2001:db8::/96 plat_prefix 64:ff9b::/96 local + jexec ${jname}b ${a} 10 nat64clat UE ip4 from ${clat_v4}/32 to any out + jexec ${jname}b ${a} 20 nat64clat UE ip6 from 64:ff9b::/96 to 2001:db8::/96 in + jexec ${jname}b ${a} 30 pass all from any to any + jexec ${jname}b sysctl net.inet.ip.fw.nat64_direct_output=1 + + jexec ${jname}a daemon -o tcp.log tcpdump --immediate-mode -vv -c 1 -i epair0a host 64:ff9b::203.0.113.110 + jexec ${jname}b daemon -f nc -4 -zn 203.0.113.110 443 + atf_check -o match:'correct' jexec ${jname}a cat tcp.log + + jexec ${jname}a daemon -o udp.log tcpdump --immediate-mode -vv -c 1 -i epair0a host 64:ff9b::203.0.113.111 + jexec ${jname}b daemon -f nc -4 -zun 203.0.113.111 443 + atf_check -o match:'ok' jexec ${jname}a cat udp.log +} + +ipfw_464xlat_clat_ue_l4_cksum_cleanup() +{ + jexec ${jname}a ipfw -q -f flush + jexec ${jname}b ipfw -q -f flush + jexec ${jname}b ipfw nat64clat UE destroy + kldunload ipfw_nat64 + kldunload ipfw + vnet_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case "ipfw_464xlat_clat_ue_l4_cksum" +}