Changeset View
Changeset View
Standalone View
Standalone View
sys/netinet6/ip_fw_nat64.h
| /*- | /*- | ||||
| * Copyright (c) 2015 Yandex LLC | * SPDX-License-Identifier: BSD-2-Clause-FreeBSD | ||||
| * | |||||
| * Copyright (c) 2015-2019 Yandex LLC | |||||
| * Copyright (c) 2015 Alexander V. Chernikov <melifaro@FreeBSD.org> | * Copyright (c) 2015 Alexander V. Chernikov <melifaro@FreeBSD.org> | ||||
| * Copyright (c) 2016 Andrey V. Elsukov <ae@FreeBSD.org> | * Copyright (c) 2015-2019 Andrey V. Elsukov <ae@FreeBSD.org> | ||||
| * All rights reserved. | |||||
| * | * | ||||
| * Redistribution and use in source and binary forms, with or without | * Redistribution and use in source and binary forms, with or without | ||||
| * modification, are permitted provided that the following conditions | * modification, are permitted provided that the following conditions | ||||
| * are met: | * are met: | ||||
| * | * | ||||
| * 1. Redistributions of source code must retain the above copyright | * 1. Redistributions of source code must retain the above copyright | ||||
| * notice, this list of conditions and the following disclaimer. | * notice, this list of conditions and the following disclaimer. | ||||
| * 2. Redistributions in binary form must reproduce the above copyright | * 2. Redistributions in binary form must reproduce the above copyright | ||||
| Show All 21 Lines | struct ipfw_nat64stl_stats { | ||||
| uint64_t opcnt64; /* 6to4 of packets translated */ | uint64_t opcnt64; /* 6to4 of packets translated */ | ||||
| uint64_t opcnt46; /* 4to6 of packets translated */ | uint64_t opcnt46; /* 4to6 of packets translated */ | ||||
| uint64_t ofrags; /* number of fragments generated */ | uint64_t ofrags; /* number of fragments generated */ | ||||
| uint64_t ifrags; /* number of fragments received */ | uint64_t ifrags; /* number of fragments received */ | ||||
| uint64_t oerrors; /* number of output errors */ | uint64_t oerrors; /* number of output errors */ | ||||
| uint64_t noroute4; | uint64_t noroute4; | ||||
| uint64_t noroute6; | uint64_t noroute6; | ||||
| uint64_t noproto; /* Protocol not supported */ | uint64_t noproto; /* Protocol not supported */ | ||||
| uint64_t nomem; /* mbuf allocation filed */ | uint64_t nomem; /* mbuf allocation failed */ | ||||
| uint64_t dropped; /* dropped due to some errors */ | uint64_t dropped; /* dropped due to some errors */ | ||||
| }; | }; | ||||
| struct ipfw_nat64clat_stats { | |||||
| uint64_t opcnt64; /* 6to4 of packets translated */ | |||||
| uint64_t opcnt46; /* 4to6 of packets translated */ | |||||
| uint64_t ofrags; /* number of fragments generated */ | |||||
| uint64_t ifrags; /* number of fragments received */ | |||||
| uint64_t oerrors; /* number of output errors */ | |||||
| uint64_t noroute4; | |||||
| uint64_t noroute6; | |||||
| uint64_t noproto; /* Protocol not supported */ | |||||
| uint64_t nomem; /* mbuf allocation failed */ | |||||
| uint64_t dropped; /* dropped due to some errors */ | |||||
| }; | |||||
| struct ipfw_nat64lsn_stats { | struct ipfw_nat64lsn_stats { | ||||
| uint64_t opcnt64; /* 6to4 of packets translated */ | uint64_t opcnt64; /* 6to4 of packets translated */ | ||||
| uint64_t opcnt46; /* 4to6 of packets translated */ | uint64_t opcnt46; /* 4to6 of packets translated */ | ||||
| uint64_t ofrags; /* number of fragments generated */ | uint64_t ofrags; /* number of fragments generated */ | ||||
| uint64_t ifrags; /* number of fragments received */ | uint64_t ifrags; /* number of fragments received */ | ||||
| uint64_t oerrors; /* number of output errors */ | uint64_t oerrors; /* number of output errors */ | ||||
| uint64_t noroute4; | uint64_t noroute4; | ||||
| uint64_t noroute6; | uint64_t noroute6; | ||||
| uint64_t noproto; /* Protocol not supported */ | uint64_t noproto; /* Protocol not supported */ | ||||
| uint64_t nomem; /* mbuf allocation filed */ | uint64_t nomem; /* mbuf allocation failed */ | ||||
| uint64_t dropped; /* dropped due to some errors */ | uint64_t dropped; /* dropped due to some errors */ | ||||
| uint64_t nomatch4; /* No addr/port match */ | uint64_t nomatch4; /* No addr/port match */ | ||||
| uint64_t jcalls; /* Number of job handler calls */ | uint64_t jcalls; /* Number of job handler calls */ | ||||
| uint64_t jrequests; /* Number of job requests */ | uint64_t jrequests; /* Number of job requests */ | ||||
| uint64_t jhostsreq; /* Number of job host requests */ | uint64_t jhostsreq; /* Number of job host requests */ | ||||
| uint64_t jportreq; /* Number of portgroup requests */ | uint64_t jportreq; /* Number of portgroup requests */ | ||||
| uint64_t jhostfails; /* Number of failed host allocs */ | uint64_t jhostfails; /* Number of failed host allocs */ | ||||
| Show All 9 Lines | struct ipfw_nat64lsn_stats { | ||||
| uint64_t hostcount; /* Number of hosts */ | uint64_t hostcount; /* Number of hosts */ | ||||
| uint64_t tcpchunks; /* Number of TCP chunks */ | uint64_t tcpchunks; /* Number of TCP chunks */ | ||||
| uint64_t udpchunks; /* Number of UDP chunks */ | uint64_t udpchunks; /* Number of UDP chunks */ | ||||
| uint64_t icmpchunks; /* Number of ICMP chunks */ | uint64_t icmpchunks; /* Number of ICMP chunks */ | ||||
| uint64_t _reserved[4]; | uint64_t _reserved[4]; | ||||
| }; | }; | ||||
| #define NAT64_LOG 0x0001 /* Enable logging via BPF */ | #define NAT64_LOG 0x0001 /* Enable logging via BPF */ | ||||
| #define NAT64_ALLOW_PRIVATE 0x0002 /* Allow private IPv4 address translation */ | |||||
| typedef struct _ipfw_nat64stl_cfg { | typedef struct _ipfw_nat64stl_cfg { | ||||
| char name[64]; /* NAT name */ | char name[64]; /* NAT name */ | ||||
| ipfw_obj_ntlv ntlv6; /* object name tlv */ | ipfw_obj_ntlv ntlv6; /* object name tlv */ | ||||
| ipfw_obj_ntlv ntlv4; /* object name tlv */ | ipfw_obj_ntlv ntlv4; /* object name tlv */ | ||||
| struct in6_addr prefix6; /* NAT64 prefix */ | struct in6_addr prefix6; /* NAT64 prefix */ | ||||
| uint8_t plen6; /* Prefix length */ | uint8_t plen6; /* Prefix length */ | ||||
| uint8_t set; /* Named instance set [0..31] */ | uint8_t set; /* Named instance set [0..31] */ | ||||
| uint8_t spare[2]; | uint8_t spare[2]; | ||||
| uint32_t flags; | uint32_t flags; | ||||
| } ipfw_nat64stl_cfg; | } ipfw_nat64stl_cfg; | ||||
| typedef struct _ipfw_nat64clat_cfg { | |||||
| char name[64]; /* NAT name */ | |||||
| struct in6_addr plat_prefix; /* NAT64 (PLAT) prefix */ | |||||
| struct in6_addr clat_prefix; /* Client (CLAT) prefix */ | |||||
| uint8_t plat_plen; /* PLAT Prefix length */ | |||||
| uint8_t clat_plen; /* CLAT Prefix length */ | |||||
| uint8_t set; /* Named instance set [0..31] */ | |||||
| uint8_t spare; | |||||
| uint32_t flags; | |||||
| } ipfw_nat64clat_cfg; | |||||
| /* | /* | ||||
| * NAT64LSN default configuration values | * NAT64LSN default configuration values | ||||
| */ | */ | ||||
| #define NAT64LSN_MAX_PORTS 2048 /* Max number of ports per host */ | #define NAT64LSN_MAX_PORTS 2048 /* Unused */ | ||||
| #define NAT64LSN_JMAXLEN 2048 /* Max outstanding requests. */ | #define NAT64LSN_JMAXLEN 2048 /* Max outstanding requests. */ | ||||
| #define NAT64LSN_TCP_SYN_AGE 10 /* State's TTL after SYN received. */ | #define NAT64LSN_TCP_SYN_AGE 10 /* State's TTL after SYN received. */ | ||||
| #define NAT64LSN_TCP_EST_AGE (2 * 3600) /* TTL for established connection */ | #define NAT64LSN_TCP_EST_AGE (2 * 3600) /* TTL for established connection */ | ||||
| #define NAT64LSN_TCP_FIN_AGE 180 /* State's TTL after FIN/RST received */ | #define NAT64LSN_TCP_FIN_AGE 180 /* State's TTL after FIN/RST received */ | ||||
| #define NAT64LSN_UDP_AGE 120 /* TTL for UDP states */ | #define NAT64LSN_UDP_AGE 120 /* TTL for UDP states */ | ||||
| #define NAT64LSN_ICMP_AGE 60 /* TTL for ICMP states */ | #define NAT64LSN_ICMP_AGE 60 /* TTL for ICMP states */ | ||||
| #define NAT64LSN_HOST_AGE 3600 /* TTL for stale host entry */ | #define NAT64LSN_HOST_AGE 3600 /* TTL for stale host entry */ | ||||
| #define NAT64LSN_PG_AGE 900 /* TTL for stale ports groups */ | #define NAT64LSN_PG_AGE 900 /* TTL for stale ports groups */ | ||||
| typedef struct _ipfw_nat64lsn_cfg { | typedef struct _ipfw_nat64lsn_cfg { | ||||
| char name[64]; /* NAT name */ | char name[64]; /* NAT name */ | ||||
| uint32_t flags; | uint32_t flags; | ||||
| uint32_t max_ports; /* Max ports per client */ | |||||
| uint32_t agg_prefix_len; /* Prefix length to count */ | uint32_t max_ports; /* Unused */ | ||||
| uint32_t agg_prefix_max; /* Max hosts per agg prefix */ | uint32_t agg_prefix_len; /* Unused */ | ||||
| uint32_t agg_prefix_max; /* Unused */ | |||||
| struct in_addr prefix4; | struct in_addr prefix4; | ||||
| uint16_t plen4; /* Prefix length */ | uint16_t plen4; /* Prefix length */ | ||||
| uint16_t plen6; /* Prefix length */ | uint16_t plen6; /* Prefix length */ | ||||
| struct in6_addr prefix6; /* NAT64 prefix */ | struct in6_addr prefix6; /* NAT64 prefix */ | ||||
| uint32_t jmaxlen; /* Max jobqueue length */ | uint32_t jmaxlen; /* Max jobqueue length */ | ||||
| uint16_t min_port; /* Min port group # to use */ | |||||
| uint16_t max_port; /* Max port group # to use */ | uint16_t min_port; /* Unused */ | ||||
| uint16_t max_port; /* Unused */ | |||||
| uint16_t nh_delete_delay;/* Stale host delete delay */ | uint16_t nh_delete_delay;/* Stale host delete delay */ | ||||
| uint16_t pg_delete_delay;/* Stale portgroup delete delay */ | uint16_t pg_delete_delay;/* Stale portgroup delete delay */ | ||||
| uint16_t st_syn_ttl; /* TCP syn expire */ | uint16_t st_syn_ttl; /* TCP syn expire */ | ||||
| uint16_t st_close_ttl; /* TCP fin expire */ | uint16_t st_close_ttl; /* TCP fin expire */ | ||||
| uint16_t st_estab_ttl; /* TCP established expire */ | uint16_t st_estab_ttl; /* TCP established expire */ | ||||
| uint16_t st_udp_ttl; /* UDP expire */ | uint16_t st_udp_ttl; /* UDP expire */ | ||||
| uint16_t st_icmp_ttl; /* ICMP expire */ | uint16_t st_icmp_ttl; /* ICMP expire */ | ||||
| uint8_t set; /* Named instance set [0..31] */ | uint8_t set; /* Named instance set [0..31] */ | ||||
| uint8_t spare; | uint8_t states_chunks; /* Number of states chunks per PG */ | ||||
| } ipfw_nat64lsn_cfg; | } ipfw_nat64lsn_cfg; | ||||
| typedef struct _ipfw_nat64lsn_state { | typedef struct _ipfw_nat64lsn_state { | ||||
| struct in_addr daddr; /* Remote IPv4 address */ | struct in_addr daddr; /* Remote IPv4 address */ | ||||
| uint16_t dport; /* Remote destination port */ | uint16_t dport; /* Remote destination port */ | ||||
| uint16_t aport; /* Local alias port */ | uint16_t aport; /* Local alias port */ | ||||
| uint16_t sport; /* Source port */ | uint16_t sport; /* Source port */ | ||||
| uint8_t flags; /* State flags */ | uint8_t flags; /* State flags */ | ||||
| uint8_t spare[3]; | uint8_t spare[3]; | ||||
| uint16_t idle; /* Last used time */ | uint16_t idle; /* Last used time */ | ||||
| } ipfw_nat64lsn_state; | } ipfw_nat64lsn_state; | ||||
| typedef struct _ipfw_nat64lsn_stg { | typedef struct _ipfw_nat64lsn_stg { | ||||
| uint64_t next_idx; /* next state index */ | uint64_t next_idx; /* next state index */ | ||||
| struct in_addr alias4; /* IPv4 alias address */ | struct in_addr alias4; /* IPv4 alias address */ | ||||
| uint8_t proto; /* protocol */ | uint8_t proto; /* protocol */ | ||||
| uint8_t flags; | uint8_t flags; | ||||
| uint16_t spare; | uint16_t spare; | ||||
| struct in6_addr host6; /* Bound IPv6 host */ | struct in6_addr host6; /* Bound IPv6 host */ | ||||
| uint32_t count; /* Number of states */ | uint32_t count; /* Number of states */ | ||||
| uint32_t spare2; | uint32_t spare2; | ||||
| } ipfw_nat64lsn_stg; | } ipfw_nat64lsn_stg; | ||||
| #endif /* _NETINET6_IP_FW_NAT64_H_ */ | typedef struct _ipfw_nat64lsn_state_v1 { | ||||
| struct in6_addr host6; /* Bound IPv6 host */ | |||||
| struct in_addr daddr; /* Remote IPv4 address */ | |||||
| uint16_t dport; /* Remote destination port */ | |||||
| uint16_t aport; /* Local alias port */ | |||||
| uint16_t sport; /* Source port */ | |||||
| uint16_t spare; | |||||
| uint16_t idle; /* Last used time */ | |||||
| uint8_t flags; /* State flags */ | |||||
| uint8_t proto; /* protocol */ | |||||
| } ipfw_nat64lsn_state_v1; | |||||
| typedef struct _ipfw_nat64lsn_stg_v1 { | |||||
| union nat64lsn_pgidx { | |||||
| uint64_t index; | |||||
| struct { | |||||
| uint8_t chunk; /* states chunk */ | |||||
| uint8_t proto; /* protocol */ | |||||
| uint16_t port; /* base port */ | |||||
| in_addr_t addr; /* alias address */ | |||||
| }; | |||||
| } next; /* next state index */ | |||||
| struct in_addr alias4; /* IPv4 alias address */ | |||||
| uint32_t count; /* Number of states */ | |||||
| } ipfw_nat64lsn_stg_v1; | |||||
| #endif /* _NETINET6_IP_FW_NAT64_H_ */ | |||||