netgraph/ng_nat: Add RFC 6598/Carrier Grade NAT support

This extends upon the RFC 6598 support to libalias/ipfw in r357092. Reviewed By: manpages (bcr), donner, adrian, kp Approved by: kp (mentor) MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D23461
2021-01-24 20:23:39 +01:00 · 2021-01-24 20:23:39 +01:00 · 5fe433a6e4
commit 5fe433a6e4
parent 9bee9a98ff
3 changed files with 10 additions and 1 deletions
--- a/share/man/man4/ng_nat.4
+++ b/share/man/man4/ng_nat.4
@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd December 12, 2018
+.Dd January 24, 2021
 .Dt NG_NAT 4
 .Os
 .Sh NAME
@ -75,7 +75,13 @@ struct ng_nat_mode {
 #define NG_NAT_RESET_ON_ADDR_CHANGE	0x20
 #define NG_NAT_PROXY_ONLY		0x40
 #define NG_NAT_REVERSE			0x80
+#define NG_NAT_UNREGISTERED_CGN		0x100
 .Ed
+.Pp
+The corresponding libalias flags can be found by replacing the
+.Vt "NG_NAT"
+prefix with
+.Vt "PKT_ALIAS" .
 .It Dv NGM_NAT_SET_TARGET Pq Ic settarget
 Configure target address for a node.
 When an incoming packet not associated with any pre-existing aliasing
--- a/sys/netgraph/ng_nat.c
+++ b/sys/netgraph/ng_nat.c
@ -961,6 +961,8 @@ ng_nat_translate_flags(unsigned int x)
 		res |= PKT_ALIAS_PROXY_ONLY;
 	if (x & NG_NAT_REVERSE)
 		res |= PKT_ALIAS_REVERSE;
+	if (x & NG_NAT_UNREGISTERED_CGN)
+		res |= PKT_ALIAS_UNREGISTERED_CGN;

 	return (res);
 }
--- a/sys/netgraph/ng_nat.h
+++ b/sys/netgraph/ng_nat.h
@ -54,6 +54,7 @@ struct ng_nat_mode {
 #define NG_NAT_RESET_ON_ADDR_CHANGE	0x20
 #define NG_NAT_PROXY_ONLY		0x40
 #define NG_NAT_REVERSE			0x80
+#define NG_NAT_UNREGISTERED_CGN		0x100

 #define NG_NAT_DESC_LENGTH	64
 #define NG_NAT_REDIRPROTO_ADDR	(IPPROTO_MAX + 3) 	/* LibAlias' LINK_ADDR, also unused in in.h */