Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/ipfw/nat64/nat64_translate.c
| Show First 20 Lines • Show All 85 Lines • ▼ Show 20 Lines | |||||
| static int nat64_output_one(struct mbuf *, struct nat64_counters *, void *); | static int nat64_output_one(struct mbuf *, struct nat64_counters *, void *); | ||||
| static int nat64_output(struct ifnet *, struct mbuf *, struct sockaddr *, | static int nat64_output(struct ifnet *, struct mbuf *, struct sockaddr *, | ||||
| struct nat64_counters *, void *); | struct nat64_counters *, void *); | ||||
| static int nat64_direct_output_one(struct mbuf *, struct nat64_counters *, | static int nat64_direct_output_one(struct mbuf *, struct nat64_counters *, | ||||
| void *); | void *); | ||||
| static int nat64_direct_output(struct ifnet *, struct mbuf *, | static int nat64_direct_output(struct ifnet *, struct mbuf *, | ||||
| struct sockaddr *, struct nat64_counters *, void *); | struct sockaddr *, struct nat64_counters *, void *); | ||||
| static uint32_t nat64_get_ip4(struct in6_addr *addr); | |||||
| struct nat64_methods { | struct nat64_methods { | ||||
| nat64_output_t output; | nat64_output_t output; | ||||
| nat64_output_one_t output_one; | nat64_output_one_t output_one; | ||||
| }; | }; | ||||
| static const struct nat64_methods nat64_netisr = { | static const struct nat64_methods nat64_netisr = { | ||||
| .output = nat64_output, | .output = nat64_output, | ||||
| .output_one = nat64_output_one | .output_one = nat64_output_one | ||||
| }; | }; | ||||
| ▲ Show 20 Lines • Show All 954 Lines • ▼ Show 20 Lines | DPRINTF(DP_DROPS, "IP addresses checks failed %04x -> %04x", | ||||
| ntohl(ip.ip_src.s_addr), ntohl(ip.ip_dst.s_addr)); | ntohl(ip.ip_src.s_addr), ntohl(ip.ip_dst.s_addr)); | ||||
| goto freeit; | goto freeit; | ||||
| } | } | ||||
| if (m->m_pkthdr.len < hlen + ICMP_MINLEN) { | if (m->m_pkthdr.len < hlen + ICMP_MINLEN) { | ||||
| DPRINTF(DP_DROPS, "Message is too short %d", | DPRINTF(DP_DROPS, "Message is too short %d", | ||||
| m->m_pkthdr.len); | m->m_pkthdr.len); | ||||
| goto freeit; | goto freeit; | ||||
| } | } | ||||
| #if 0 | |||||
| /* | /* | ||||
| * Check that inner source matches the outer destination. | * Check that inner source matches the outer destination. | ||||
| * XXX: We need some method to convert IPv4 into IPv6 address here, | |||||
| * and compare IPv6 addresses. | |||||
| */ | */ | ||||
| if (ip.ip_src.s_addr != nat64_get_ip4(&ip6->ip6_dst)) { | if (ip.ip_src.s_addr != nat64_get_ip4(&ip6->ip6_dst)) { | ||||
| DPRINTF(DP_GENERIC, "Inner source doesn't match destination ", | DPRINTF(DP_GENERIC, "Inner source doesn't match destination: " | ||||
| "%04x vs %04x", ip.ip_src.s_addr, | "%04x vs %04x", ip.ip_src.s_addr, | ||||
| nat64_get_ip4(&ip6->ip6_dst)); | nat64_get_ip4(&ip6->ip6_dst)); | ||||
| goto freeit; | goto freeit; | ||||
| } | } | ||||
| #endif | |||||
| /* | /* | ||||
| * Check that inner source matches the outer destination. | |||||
| */ | |||||
| if (ip.ip_dst.s_addr != nat64_get_ip4(&ip6->ip6_src)) { | |||||
| DPRINTF(DP_GENERIC, "Inner destination doesn't match source: " | |||||
| "%04x vs %04x", ip.ip_dst.s_addr, | |||||
| nat64_get_ip4(&ip6->ip6_src)); | |||||
| goto freeit; | |||||
| } | |||||
| /* | |||||
| * Create new mbuf for ICMPv6 datagram. | * Create new mbuf for ICMPv6 datagram. | ||||
| * NOTE: len is data length just after inner IP header. | * NOTE: len is data length just after inner IP header. | ||||
| */ | */ | ||||
| len = m->m_pkthdr.len - hlen; | len = m->m_pkthdr.len - hlen; | ||||
| if (sizeof(struct ip6_hdr) + | if (sizeof(struct ip6_hdr) + | ||||
| sizeof(struct icmp6_hdr) + len > NAT64_ICMP6_PLEN) | sizeof(struct icmp6_hdr) + len > NAT64_ICMP6_PLEN) | ||||
| len = NAT64_ICMP6_PLEN - sizeof(struct icmp6_hdr) - | len = NAT64_ICMP6_PLEN - sizeof(struct icmp6_hdr) - | ||||
| sizeof(struct ip6_hdr); | sizeof(struct ip6_hdr); | ||||
| ▲ Show 20 Lines • Show All 83 Lines • ▼ Show 20 Lines | nat64_icmp_translate(struct mbuf *m, struct ip6_hdr *ip6, uint16_t icmpid, | ||||
| ICMP6(icmp)->icmp6_cksum = cksum_add( | ICMP6(icmp)->icmp6_cksum = cksum_add( | ||||
| ~in6_cksum_pseudo(ip6, plen, IPPROTO_ICMPV6, 0), | ~in6_cksum_pseudo(ip6, plen, IPPROTO_ICMPV6, 0), | ||||
| in_cksum_skip(n, n->m_pkthdr.len, offset)); | in_cksum_skip(n, n->m_pkthdr.len, offset)); | ||||
| return (n); | return (n); | ||||
| freeit: | freeit: | ||||
| m_freem(m); | m_freem(m); | ||||
| NAT64STAT_INC(&cfg->stats, dropped); | NAT64STAT_INC(&cfg->stats, dropped); | ||||
| return (NULL); | return (NULL); | ||||
| } | |||||
| static uint32_t | |||||
| nat64_get_ip4(struct in6_addr *addr) | |||||
| { | |||||
| return addr->__u6_addr.__u6_addr32[3]; | |||||
| } | } | ||||
| int | int | ||||
| nat64_getlasthdr(struct mbuf *m, int *offset) | nat64_getlasthdr(struct mbuf *m, int *offset) | ||||
| { | { | ||||
| struct ip6_hdr *ip6; | struct ip6_hdr *ip6; | ||||
| struct ip6_hbh *hbh; | struct ip6_hbh *hbh; | ||||
| int proto, hlen; | int proto, hlen; | ||||
| ▲ Show 20 Lines • Show All 523 Lines • Show Last 20 Lines | |||||