/*-1* SPDX-License-Identifier: BSD-2-Clause2*3* Copyright (c) 2015-2019 Yandex LLC4* Copyright (c) 2015 Alexander V. Chernikov <[email protected]>5* Copyright (c) 2015-2019 Andrey V. Elsukov <[email protected]>6*7* Redistribution and use in source and binary forms, with or without8* modification, are permitted provided that the following conditions9* are met:10*11* 1. Redistributions of source code must retain the above copyright12* notice, this list of conditions and the following disclaimer.13* 2. Redistributions in binary form must reproduce the above copyright14* notice, this list of conditions and the following disclaimer in the15* documentation and/or other materials provided with the distribution.16*17* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR18* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES19* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.20* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,21* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT22* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,23* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY24* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT25* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF26* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.27*/2829#ifndef _NETINET6_IP_FW_NAT64_H_30#define _NETINET6_IP_FW_NAT64_H_3132struct ipfw_nat64stl_stats {33uint64_t opcnt64; /* 6to4 of packets translated */34uint64_t opcnt46; /* 4to6 of packets translated */35uint64_t ofrags; /* number of fragments generated */36uint64_t ifrags; /* number of fragments received */37uint64_t oerrors; /* number of output errors */38uint64_t noroute4;39uint64_t noroute6;40uint64_t noproto; /* Protocol not supported */41uint64_t nomem; /* mbuf allocation failed */42uint64_t dropped; /* dropped due to some errors */43};4445struct ipfw_nat64clat_stats {46uint64_t opcnt64; /* 6to4 of packets translated */47uint64_t opcnt46; /* 4to6 of packets translated */48uint64_t ofrags; /* number of fragments generated */49uint64_t ifrags; /* number of fragments received */50uint64_t oerrors; /* number of output errors */51uint64_t noroute4;52uint64_t noroute6;53uint64_t noproto; /* Protocol not supported */54uint64_t nomem; /* mbuf allocation failed */55uint64_t dropped; /* dropped due to some errors */56};5758struct ipfw_nat64lsn_stats {59uint64_t opcnt64; /* 6to4 of packets translated */60uint64_t opcnt46; /* 4to6 of packets translated */61uint64_t ofrags; /* number of fragments generated */62uint64_t ifrags; /* number of fragments received */63uint64_t oerrors; /* number of output errors */64uint64_t noroute4;65uint64_t noroute6;66uint64_t noproto; /* Protocol not supported */67uint64_t nomem; /* mbuf allocation failed */68uint64_t dropped; /* dropped due to some errors */6970uint64_t nomatch4; /* No addr/port match */71uint64_t jcalls; /* Number of job handler calls */72uint64_t jrequests; /* Number of job requests */73uint64_t jhostsreq; /* Number of job host requests */74uint64_t jportreq; /* Number of portgroup requests */75uint64_t jhostfails; /* Number of failed host allocs */76uint64_t jportfails; /* Number of failed portgroup allocs */77uint64_t jreinjected; /* Number of packets reinjected to q */78uint64_t jmaxlen; /* Max queue length reached */79uint64_t jnomem; /* No memory to alloc queue item */8081uint64_t screated; /* Number of states created */82uint64_t sdeleted; /* Number of states deleted */83uint64_t spgcreated; /* Number of portgroups created */84uint64_t spgdeleted; /* Number of portgroups deleted */85uint64_t hostcount; /* Number of hosts */86uint64_t tcpchunks; /* Number of TCP portgroups */87uint64_t udpchunks; /* Number of UDP portgroups */88uint64_t icmpchunks; /* Number of ICMP portgroups */8990uint64_t _reserved[4];91};9293#define NAT64_LOG 0x0001 /* Enable logging via BPF */94#define NAT64_ALLOW_PRIVATE 0x0002 /* Allow private IPv4 address95* translation96*/97#define NAT64LSN_ALLOW_SWAPCONF 0x0004 /* Allow configuration exchange98* between NAT64LSN instances99* during the sets swapping.100*/101typedef struct _ipfw_nat64stl_cfg {102char name[64]; /* NAT name */103ipfw_obj_ntlv ntlv6; /* object name tlv */104ipfw_obj_ntlv ntlv4; /* object name tlv */105struct in6_addr prefix6; /* NAT64 prefix */106uint8_t plen6; /* Prefix length */107uint8_t set; /* Named instance set [0..31] */108uint8_t spare[2];109uint32_t flags;110} ipfw_nat64stl_cfg;111112typedef struct _ipfw_nat64clat_cfg {113char name[64]; /* NAT name */114struct in6_addr plat_prefix; /* NAT64 (PLAT) prefix */115struct in6_addr clat_prefix; /* Client (CLAT) prefix */116uint8_t plat_plen; /* PLAT Prefix length */117uint8_t clat_plen; /* CLAT Prefix length */118uint8_t set; /* Named instance set [0..31] */119uint8_t spare;120uint32_t flags;121} ipfw_nat64clat_cfg;122123/*124* NAT64LSN default configuration values125*/126#define NAT64LSN_MAX_PORTS 2048 /* Unused */127#define NAT64LSN_JMAXLEN 2048 /* Max outstanding requests. */128#define NAT64LSN_TCP_SYN_AGE 10 /* State's TTL after SYN received. */129#define NAT64LSN_TCP_EST_AGE (2 * 3600) /* TTL for established connection */130#define NAT64LSN_TCP_FIN_AGE 180 /* State's TTL after FIN/RST received */131#define NAT64LSN_UDP_AGE 120 /* TTL for UDP states */132#define NAT64LSN_ICMP_AGE 60 /* TTL for ICMP states */133#define NAT64LSN_HOST_AGE 3600 /* TTL for stale host entry */134#define NAT64LSN_PG_AGE 900 /* TTL for stale ports groups */135136typedef struct _ipfw_nat64lsn_cfg {137char name[64]; /* NAT name */138uint32_t flags;139140uint32_t max_ports; /* Unused */141uint32_t agg_prefix_len; /* Unused */142uint32_t agg_prefix_max; /* Unused */143144struct in_addr prefix4;145uint16_t plen4; /* Prefix length */146uint16_t plen6; /* Prefix length */147struct in6_addr prefix6; /* NAT64 prefix */148uint32_t jmaxlen; /* Max jobqueue length */149150uint16_t min_port; /* Unused */151uint16_t max_port; /* Unused */152153uint16_t nh_delete_delay;/* Stale host delete delay */154uint16_t pg_delete_delay;/* Stale portgroup delete delay */155uint16_t st_syn_ttl; /* TCP syn expire */156uint16_t st_close_ttl; /* TCP fin expire */157uint16_t st_estab_ttl; /* TCP established expire */158uint16_t st_udp_ttl; /* UDP expire */159uint16_t st_icmp_ttl; /* ICMP expire */160uint8_t set; /* Named instance set [0..31] */161uint8_t states_chunks; /* Number of states chunks per PG */162} ipfw_nat64lsn_cfg;163164typedef struct _ipfw_nat64lsn_state {165struct in_addr daddr; /* Remote IPv4 address */166uint16_t dport; /* Remote destination port */167uint16_t aport; /* Local alias port */168uint16_t sport; /* Source port */169uint8_t flags; /* State flags */170uint8_t spare[3];171uint16_t idle; /* Last used time */172} ipfw_nat64lsn_state;173174typedef struct _ipfw_nat64lsn_stg {175uint64_t next_idx; /* next state index */176struct in_addr alias4; /* IPv4 alias address */177uint8_t proto; /* protocol */178uint8_t flags;179uint16_t spare;180struct in6_addr host6; /* Bound IPv6 host */181uint32_t count; /* Number of states */182uint32_t spare2;183} ipfw_nat64lsn_stg;184185typedef struct _ipfw_nat64lsn_state_v1 {186struct in6_addr host6; /* Bound IPv6 host */187struct in_addr daddr; /* Remote IPv4 address */188uint16_t dport; /* Remote destination port */189uint16_t aport; /* Local alias port */190uint16_t sport; /* Source port */191uint16_t spare;192uint16_t idle; /* Last used time */193uint8_t flags; /* State flags */194uint8_t proto; /* protocol */195} ipfw_nat64lsn_state_v1;196197typedef struct _ipfw_nat64lsn_stg_v1 {198union nat64lsn_pgidx {199uint64_t index;200struct {201uint8_t chunk; /* states chunk */202uint8_t proto; /* protocol */203uint16_t port; /* base port */204in_addr_t addr; /* alias address */205};206} next; /* next state index */207struct in_addr alias4; /* IPv4 alias address */208uint32_t count; /* Number of states */209} ipfw_nat64lsn_stg_v1;210211#endif /* _NETINET6_IP_FW_NAT64_H_ */212213214