2 * Copyright (c) 2015-2016 Yandex LLC
3 * Copyright (c) 2015-2016 Andrey V. Elsukov <ae@FreeBSD.org>
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 #include <sys/cdefs.h>
29 __FBSDID("$FreeBSD$");
31 #include <sys/types.h>
32 #include <sys/socket.h>
47 #include <netinet/in.h>
48 #include <netinet/ip_fw.h>
49 #include <netinet6/ip_fw_nat64.h>
50 #include <arpa/inet.h>
52 static int nat64stl_check_prefix(struct in6_addr *prefix, int length);
53 typedef int (nat64stl_cb_t)(ipfw_nat64stl_cfg *i, const char *name,
55 static int nat64stl_foreach(nat64stl_cb_t *f, const char *name, uint8_t set,
58 static void nat64stl_create(const char *name, uint8_t set, int ac, char **av);
59 static void nat64stl_config(const char *name, uint8_t set, int ac, char **av);
60 static void nat64stl_destroy(const char *name, uint8_t set);
61 static void nat64stl_stats(const char *name, uint8_t set);
62 static void nat64stl_reset_stats(const char *name, uint8_t set);
63 static int nat64stl_show_cb(ipfw_nat64stl_cfg *cfg, const char *name,
65 static int nat64stl_destroy_cb(ipfw_nat64stl_cfg *cfg, const char *name,
68 static struct _s_x nat64cmds[] = {
69 { "create", TOK_CREATE },
70 { "config", TOK_CONFIG },
71 { "destroy", TOK_DESTROY },
74 { "stats", TOK_STATS },
78 #define IPV6_ADDR_INT32_WKPFX htonl(0x64ff9b)
79 #define IN6_IS_ADDR_WKPFX(a) \
80 ((a)->__u6_addr.__u6_addr32[0] == IPV6_ADDR_INT32_WKPFX && \
81 (a)->__u6_addr.__u6_addr32[1] == 0 && \
82 (a)->__u6_addr.__u6_addr32[2] == 0)
84 nat64stl_check_prefix(struct in6_addr *prefix, int length)
87 if (IN6_IS_ADDR_WKPFX(prefix) && length == 96)
96 /* Well-known prefix has 96 prefix length */
97 if (IN6_IS_ADDR_WKPFX(prefix))
101 /* Bits 64 to 71 must be set to zero */
102 if (prefix->__u6_addr.__u6_addr8[8] != 0)
104 /* XXX: looks incorrect */
105 if (IN6_IS_ADDR_MULTICAST(prefix) ||
106 IN6_IS_ADDR_UNSPECIFIED(prefix) ||
107 IN6_IS_ADDR_LOOPBACK(prefix))
115 static struct _s_x nat64statscmds[] = {
116 { "reset", TOK_RESET },
121 * This one handles all nat64stl-related commands
122 * ipfw [set N] nat64stl NAME {create | config} ...
123 * ipfw [set N] nat64stl NAME stats [reset]
124 * ipfw [set N] nat64stl {NAME | all} destroy
125 * ipfw [set N] nat64stl {NAME | all} {list | show}
127 #define nat64stl_check_name table_check_name
129 ipfw_nat64stl_handler(int ac, char *av[])
136 set = co.use_set - 1;
141 NEED1("nat64stl needs instance name");
143 if (nat64stl_check_name(name) != 0) {
144 if (strcmp(name, "all") == 0)
147 errx(EX_USAGE, "nat64stl instance name %s is invalid",
151 NEED1("nat64stl needs command");
153 tcmd = get_token(nat64cmds, *av, "nat64stl command");
154 if (name == NULL && tcmd != TOK_DESTROY && tcmd != TOK_LIST)
155 errx(EX_USAGE, "nat64stl instance name required");
159 nat64stl_create(name, set, ac, av);
163 nat64stl_config(name, set, ac, av);
166 nat64stl_foreach(nat64stl_show_cb, name, set, 1);
170 nat64stl_foreach(nat64stl_destroy_cb, NULL, set, 0);
172 nat64stl_destroy(name, set);
177 nat64stl_stats(name, set);
180 tcmd = get_token(nat64statscmds, *av, "stats command");
181 if (tcmd == TOK_RESET)
182 nat64stl_reset_stats(name, set);
188 nat64stl_fill_ntlv(ipfw_obj_ntlv *ntlv, const char *name, uint8_t set)
191 ntlv->head.type = IPFW_TLV_EACTION_NAME(1); /* it doesn't matter */
192 ntlv->head.length = sizeof(ipfw_obj_ntlv);
195 strlcpy(ntlv->name, name, sizeof(ntlv->name));
198 static struct _s_x nat64newcmds[] = {
199 { "table4", TOK_TABLE4 },
200 { "table6", TOK_TABLE6 },
201 { "prefix6", TOK_PREFIX6 },
203 { "-log", TOK_LOGOFF },
208 * Creates new nat64stl instance
209 * ipfw nat64stl <NAME> create table4 <name> table6 <name> [ prefix6 <prefix>]
210 * Request: [ ipfw_obj_lheader ipfw_nat64stl_cfg ]
212 #define NAT64STL_HAS_TABLE4 0x01
213 #define NAT64STL_HAS_TABLE6 0x02
214 #define NAT64STL_HAS_PREFIX6 0x04
216 nat64stl_create(const char *name, uint8_t set, int ac, char *av[])
218 char buf[sizeof(ipfw_obj_lheader) + sizeof(ipfw_nat64stl_cfg)];
219 ipfw_nat64stl_cfg *cfg;
220 ipfw_obj_lheader *olh;
224 memset(buf, 0, sizeof(buf));
225 olh = (ipfw_obj_lheader *)buf;
226 cfg = (ipfw_nat64stl_cfg *)(olh + 1);
228 /* Some reasonable defaults */
229 inet_pton(AF_INET6, "64:ff9b::", &cfg->prefix6);
232 flags = NAT64STL_HAS_PREFIX6;
234 tcmd = get_token(nat64newcmds, *av, "option");
239 NEED1("table name required");
240 table_fill_ntlv(&cfg->ntlv4, *av, set, 4);
241 flags |= NAT64STL_HAS_TABLE4;
245 NEED1("table name required");
246 table_fill_ntlv(&cfg->ntlv6, *av, set, 6);
247 flags |= NAT64STL_HAS_TABLE6;
251 NEED1("IPv6 prefix6 required");
252 if ((p = strchr(*av, '/')) != NULL)
254 if (inet_pton(AF_INET6, *av, &cfg->prefix6) != 1)
256 "Bad prefix: %s", *av);
257 cfg->plen6 = strtol(p, NULL, 10);
258 if (nat64stl_check_prefix(&cfg->prefix6,
261 "Bad prefix length: %s", p);
262 flags |= NAT64STL_HAS_PREFIX6;
266 cfg->flags |= NAT64_LOG;
269 cfg->flags &= ~NAT64_LOG;
274 /* Check validness */
275 if ((flags & NAT64STL_HAS_TABLE4) != NAT64STL_HAS_TABLE4)
276 errx(EX_USAGE, "table4 required");
277 if ((flags & NAT64STL_HAS_TABLE6) != NAT64STL_HAS_TABLE6)
278 errx(EX_USAGE, "table6 required");
279 if ((flags & NAT64STL_HAS_PREFIX6) != NAT64STL_HAS_PREFIX6)
280 errx(EX_USAGE, "prefix6 required");
283 olh->objsize = sizeof(*cfg);
284 olh->size = sizeof(buf);
285 strlcpy(cfg->name, name, sizeof(cfg->name));
286 if (do_set3(IP_FW_NAT64STL_CREATE, &olh->opheader, sizeof(buf)) != 0)
287 err(EX_OSERR, "nat64stl instance creation failed");
291 * Configures existing nat64stl instance
292 * ipfw nat64stl <NAME> config <options>
293 * Request: [ ipfw_obj_header ipfw_nat64stl_cfg ]
296 nat64stl_config(const char *name, uint8_t set, int ac, char **av)
298 char buf[sizeof(ipfw_obj_header) + sizeof(ipfw_nat64stl_cfg)];
299 ipfw_nat64stl_cfg *cfg;
306 errx(EX_USAGE, "config options required");
307 memset(&buf, 0, sizeof(buf));
308 oh = (ipfw_obj_header *)buf;
309 cfg = (ipfw_nat64stl_cfg *)(oh + 1);
312 nat64stl_fill_ntlv(&oh->ntlv, name, set);
313 if (do_get3(IP_FW_NAT64STL_CONFIG, &oh->opheader, &sz) != 0)
314 err(EX_OSERR, "failed to get config for instance %s", name);
317 tcmd = get_token(nat64newcmds, *av, "option");
324 NEED1("table name required");
325 table_fill_ntlv(&cfg->ntlv4, *av, set, 4);
329 NEED1("table name required");
330 table_fill_ntlv(&cfg->ntlv6, *av, set, 6);
335 cfg->flags |= NAT64_LOG;
338 cfg->flags &= ~NAT64_LOG;
341 errx(EX_USAGE, "Can't change %s option", opt);
345 if (do_set3(IP_FW_NAT64STL_CONFIG, &oh->opheader, sizeof(buf)) != 0)
346 err(EX_OSERR, "nat64stl instance configuration failed");
350 * Destroys nat64stl instance.
351 * Request: [ ipfw_obj_header ]
354 nat64stl_destroy(const char *name, uint8_t set)
358 memset(&oh, 0, sizeof(oh));
359 nat64stl_fill_ntlv(&oh.ntlv, name, set);
360 if (do_set3(IP_FW_NAT64STL_DESTROY, &oh.opheader, sizeof(oh)) != 0)
361 err(EX_OSERR, "failed to destroy nat instance %s", name);
365 * Get nat64stl instance statistics.
366 * Request: [ ipfw_obj_header ]
367 * Reply: [ ipfw_obj_header ipfw_obj_ctlv [ uint64_t x N ] ]
370 nat64stl_get_stats(const char *name, uint8_t set,
371 struct ipfw_nat64stl_stats *stats)
377 sz = sizeof(*oh) + sizeof(*oc) + sizeof(*stats);
379 nat64stl_fill_ntlv(&oh->ntlv, name, set);
380 if (do_get3(IP_FW_NAT64STL_STATS, &oh->opheader, &sz) == 0) {
381 oc = (ipfw_obj_ctlv *)(oh + 1);
382 memcpy(stats, oc + 1, sizeof(*stats));
391 nat64stl_stats(const char *name, uint8_t set)
393 struct ipfw_nat64stl_stats stats;
395 if (nat64stl_get_stats(name, set, &stats) != 0)
396 err(EX_OSERR, "Error retrieving stats");
398 if (co.use_set != 0 || set != 0)
399 printf("set %u ", set);
400 printf("nat64stl %s\n", name);
402 printf("\t%ju packets translated from IPv6 to IPv4\n",
403 (uintmax_t)stats.opcnt64);
404 printf("\t%ju packets translated from IPv4 to IPv6\n",
405 (uintmax_t)stats.opcnt46);
406 printf("\t%ju IPv6 fragments created\n",
407 (uintmax_t)stats.ofrags);
408 printf("\t%ju IPv4 fragments received\n",
409 (uintmax_t)stats.ifrags);
410 printf("\t%ju output packets dropped due to no bufs, etc.\n",
411 (uintmax_t)stats.oerrors);
412 printf("\t%ju output packets discarded due to no IPv4 route\n",
413 (uintmax_t)stats.noroute4);
414 printf("\t%ju output packets discarded due to no IPv6 route\n",
415 (uintmax_t)stats.noroute6);
416 printf("\t%ju packets discarded due to unsupported protocol\n",
417 (uintmax_t)stats.noproto);
418 printf("\t%ju packets discarded due to memory allocation problems\n",
419 (uintmax_t)stats.nomem);
420 printf("\t%ju packets discarded due to some errors\n",
421 (uintmax_t)stats.dropped);
425 * Reset nat64stl instance statistics specified by @oh->ntlv.
426 * Request: [ ipfw_obj_header ]
429 nat64stl_reset_stats(const char *name, uint8_t set)
433 memset(&oh, 0, sizeof(oh));
434 nat64stl_fill_ntlv(&oh.ntlv, name, set);
435 if (do_set3(IP_FW_NAT64STL_RESET_STATS, &oh.opheader, sizeof(oh)) != 0)
436 err(EX_OSERR, "failed to reset stats for instance %s", name);
440 nat64stl_show_cb(ipfw_nat64stl_cfg *cfg, const char *name, uint8_t set)
443 if (name != NULL && strcmp(cfg->name, name) != 0)
446 if (co.use_set != 0 && cfg->set != set)
449 if (co.use_set != 0 || cfg->set != 0)
450 printf("set %u ", cfg->set);
451 printf("nat64stl %s table4 %s table6 %s",
452 cfg->name, cfg->ntlv4.name, cfg->ntlv6.name);
453 if (cfg->flags & NAT64_LOG)
460 nat64stl_destroy_cb(ipfw_nat64stl_cfg *cfg, const char *name, uint8_t set)
463 if (co.use_set != 0 && cfg->set != set)
466 nat64stl_destroy(cfg->name, cfg->set);
472 * Compare nat64stl instances names.
473 * Honor number comparison.
476 nat64name_cmp(const void *a, const void *b)
478 ipfw_nat64stl_cfg *ca, *cb;
480 ca = (ipfw_nat64stl_cfg *)a;
481 cb = (ipfw_nat64stl_cfg *)b;
483 if (ca->set > cb->set)
485 else if (ca->set < cb->set)
487 return (stringnum_cmp(ca->name, cb->name));
491 * Retrieves nat64stl instance list from kernel,
492 * optionally sorts it and calls requested function for each instance.
494 * Request: [ ipfw_obj_lheader ]
495 * Reply: [ ipfw_obj_lheader ipfw_nat64stl_cfg x N ]
498 nat64stl_foreach(nat64stl_cb_t *f, const char *name, uint8_t set, int sort)
500 ipfw_obj_lheader *olh;
501 ipfw_nat64stl_cfg *cfg;
505 /* Start with reasonable default */
506 sz = sizeof(*olh) + 16 * sizeof(*cfg);
508 if ((olh = calloc(1, sz)) == NULL)
512 if (do_get3(IP_FW_NAT64STL_LIST, &olh->opheader, &sz) != 0) {
521 qsort(olh + 1, olh->count, olh->objsize,
524 cfg = (ipfw_nat64stl_cfg *)(olh + 1);
525 for (i = 0; i < olh->count; i++) {
526 error = f(cfg, name, set); /* Ignore errors for now */
527 cfg = (ipfw_nat64stl_cfg *)((caddr_t)cfg +
projects / FreeBSD / FreeBSD.git / blob