2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 2015-2019 Yandex LLC
5 * Copyright (c) 2015 Alexander V. Chernikov <melifaro@FreeBSD.org>
6 * Copyright (c) 2015-2019 Andrey V. Elsukov <ae@FreeBSD.org>
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 #ifndef _NETINET6_IP_FW_NAT64_H_
31 #define _NETINET6_IP_FW_NAT64_H_
33 struct ipfw_nat64stl_stats
{
34 uint64_t opcnt64
; /* 6to4 of packets translated */
35 uint64_t opcnt46
; /* 4to6 of packets translated */
36 uint64_t ofrags
; /* number of fragments generated */
37 uint64_t ifrags
; /* number of fragments received */
38 uint64_t oerrors
; /* number of output errors */
41 uint64_t noproto
; /* Protocol not supported */
42 uint64_t nomem
; /* mbuf allocation failed */
43 uint64_t dropped
; /* dropped due to some errors */
46 struct ipfw_nat64clat_stats
{
47 uint64_t opcnt64
; /* 6to4 of packets translated */
48 uint64_t opcnt46
; /* 4to6 of packets translated */
49 uint64_t ofrags
; /* number of fragments generated */
50 uint64_t ifrags
; /* number of fragments received */
51 uint64_t oerrors
; /* number of output errors */
54 uint64_t noproto
; /* Protocol not supported */
55 uint64_t nomem
; /* mbuf allocation failed */
56 uint64_t dropped
; /* dropped due to some errors */
59 struct ipfw_nat64lsn_stats
{
60 uint64_t opcnt64
; /* 6to4 of packets translated */
61 uint64_t opcnt46
; /* 4to6 of packets translated */
62 uint64_t ofrags
; /* number of fragments generated */
63 uint64_t ifrags
; /* number of fragments received */
64 uint64_t oerrors
; /* number of output errors */
67 uint64_t noproto
; /* Protocol not supported */
68 uint64_t nomem
; /* mbuf allocation failed */
69 uint64_t dropped
; /* dropped due to some errors */
71 uint64_t nomatch4
; /* No addr/port match */
72 uint64_t jcalls
; /* Number of job handler calls */
73 uint64_t jrequests
; /* Number of job requests */
74 uint64_t jhostsreq
; /* Number of job host requests */
75 uint64_t jportreq
; /* Number of portgroup requests */
76 uint64_t jhostfails
; /* Number of failed host allocs */
77 uint64_t jportfails
; /* Number of failed portgroup allocs */
78 uint64_t jreinjected
; /* Number of packets reinjected to q */
79 uint64_t jmaxlen
; /* Max queue length reached */
80 uint64_t jnomem
; /* No memory to alloc queue item */
82 uint64_t screated
; /* Number of states created */
83 uint64_t sdeleted
; /* Number of states deleted */
84 uint64_t spgcreated
; /* Number of portgroups created */
85 uint64_t spgdeleted
; /* Number of portgroups deleted */
86 uint64_t hostcount
; /* Number of hosts */
87 uint64_t tcpchunks
; /* Number of TCP chunks */
88 uint64_t udpchunks
; /* Number of UDP chunks */
89 uint64_t icmpchunks
; /* Number of ICMP chunks */
91 uint64_t _reserved
[4];
94 #define NAT64_LOG 0x0001 /* Enable logging via BPF */
95 #define NAT64_ALLOW_PRIVATE 0x0002 /* Allow private IPv4 address
98 typedef struct _ipfw_nat64stl_cfg
{
99 char name
[64]; /* NAT name */
100 ipfw_obj_ntlv ntlv6
; /* object name tlv */
101 ipfw_obj_ntlv ntlv4
; /* object name tlv */
102 struct in6_addr prefix6
; /* NAT64 prefix */
103 uint8_t plen6
; /* Prefix length */
104 uint8_t set
; /* Named instance set [0..31] */
109 typedef struct _ipfw_nat64clat_cfg
{
110 char name
[64]; /* NAT name */
111 struct in6_addr plat_prefix
; /* NAT64 (PLAT) prefix */
112 struct in6_addr clat_prefix
; /* Client (CLAT) prefix */
113 uint8_t plat_plen
; /* PLAT Prefix length */
114 uint8_t clat_plen
; /* CLAT Prefix length */
115 uint8_t set
; /* Named instance set [0..31] */
118 } ipfw_nat64clat_cfg
;
121 * NAT64LSN default configuration values
123 #define NAT64LSN_MAX_PORTS 2048 /* Unused */
124 #define NAT64LSN_JMAXLEN 2048 /* Max outstanding requests. */
125 #define NAT64LSN_TCP_SYN_AGE 10 /* State's TTL after SYN received. */
126 #define NAT64LSN_TCP_EST_AGE (2 * 3600) /* TTL for established connection */
127 #define NAT64LSN_TCP_FIN_AGE 180 /* State's TTL after FIN/RST received */
128 #define NAT64LSN_UDP_AGE 120 /* TTL for UDP states */
129 #define NAT64LSN_ICMP_AGE 60 /* TTL for ICMP states */
130 #define NAT64LSN_HOST_AGE 3600 /* TTL for stale host entry */
131 #define NAT64LSN_PG_AGE 900 /* TTL for stale ports groups */
133 typedef struct _ipfw_nat64lsn_cfg
{
134 char name
[64]; /* NAT name */
137 uint32_t max_ports
; /* Unused */
138 uint32_t agg_prefix_len
; /* Unused */
139 uint32_t agg_prefix_max
; /* Unused */
141 struct in_addr prefix4
;
142 uint16_t plen4
; /* Prefix length */
143 uint16_t plen6
; /* Prefix length */
144 struct in6_addr prefix6
; /* NAT64 prefix */
145 uint32_t jmaxlen
; /* Max jobqueue length */
147 uint16_t min_port
; /* Unused */
148 uint16_t max_port
; /* Unused */
150 uint16_t nh_delete_delay
;/* Stale host delete delay */
151 uint16_t pg_delete_delay
;/* Stale portgroup delete delay */
152 uint16_t st_syn_ttl
; /* TCP syn expire */
153 uint16_t st_close_ttl
; /* TCP fin expire */
154 uint16_t st_estab_ttl
; /* TCP established expire */
155 uint16_t st_udp_ttl
; /* UDP expire */
156 uint16_t st_icmp_ttl
; /* ICMP expire */
157 uint8_t set
; /* Named instance set [0..31] */
158 uint8_t states_chunks
; /* Number of states chunks per PG */
161 typedef struct _ipfw_nat64lsn_state
{
162 struct in_addr daddr
; /* Remote IPv4 address */
163 uint16_t dport
; /* Remote destination port */
164 uint16_t aport
; /* Local alias port */
165 uint16_t sport
; /* Source port */
166 uint8_t flags
; /* State flags */
168 uint16_t idle
; /* Last used time */
169 } ipfw_nat64lsn_state
;
171 typedef struct _ipfw_nat64lsn_stg
{
172 uint64_t next_idx
; /* next state index */
173 struct in_addr alias4
; /* IPv4 alias address */
174 uint8_t proto
; /* protocol */
177 struct in6_addr host6
; /* Bound IPv6 host */
178 uint32_t count
; /* Number of states */
182 typedef struct _ipfw_nat64lsn_state_v1
{
183 struct in6_addr host6
; /* Bound IPv6 host */
184 struct in_addr daddr
; /* Remote IPv4 address */
185 uint16_t dport
; /* Remote destination port */
186 uint16_t aport
; /* Local alias port */
187 uint16_t sport
; /* Source port */
189 uint16_t idle
; /* Last used time */
190 uint8_t flags
; /* State flags */
191 uint8_t proto
; /* protocol */
192 } ipfw_nat64lsn_state_v1
;
194 typedef struct _ipfw_nat64lsn_stg_v1
{
195 union nat64lsn_pgidx
{
198 uint8_t chunk
; /* states chunk */
199 uint8_t proto
; /* protocol */
200 uint16_t port
; /* base port */
201 in_addr_t addr
; /* alias address */
203 } next
; /* next state index */
204 struct in_addr alias4
; /* IPv4 alias address */
205 uint32_t count
; /* Number of states */
206 } ipfw_nat64lsn_stg_v1
;
208 #endif /* _NETINET6_IP_FW_NAT64_H_ */
