d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d8caf56e9e
freebsd-dev/sys/netinet
History
Andrey V. Elsukov d8caf56e9e Add ipfw_nat64 module that implements stateless and stateful NAT64. 
The module works together with ipfw(4) and implemented as its external
action module.

Stateless NAT64 registers external action with name nat64stl. This
keyword should be used to create NAT64 instance and to address this
instance in rules. Stateless NAT64 uses two lookup tables with mapped
IPv4->IPv6 and IPv6->IPv4 addresses to perform translation.

A configuration of instance should looks like this:
 1. Create lookup tables:
 # ipfw table T46 create type addr valtype ipv6
 # ipfw table T64 create type addr valtype ipv4
 2. Fill T46 and T64 tables.
 3. Add rule to allow neighbor solicitation and advertisement:
 # ipfw add allow icmp6 from any to any icmp6types 135,136
 4. Create NAT64 instance:
 # ipfw nat64stl NAT create table4 T46 table6 T64
 5. Add rules that matches the traffic:
 # ipfw add nat64stl NAT ip from any to table(T46)
 # ipfw add nat64stl NAT ip from table(T64) to 64:ff9b::/96
 6. Configure DNS64 for IPv6 clients and add route to 64:ff9b::/96
    via NAT64 host.

Stateful NAT64 registers external action with name nat64lsn. The only
one option required to create nat64lsn instance - prefix4. It defines
the pool of IPv4 addresses used for translation.

A configuration of instance should looks like this:
 1. Add rule to allow neighbor solicitation and advertisement:
 # ipfw add allow icmp6 from any to any icmp6types 135,136
 2. Create NAT64 instance:
 # ipfw nat64lsn NAT create prefix4 A.B.C.D/28
 3. Add rules that matches the traffic:
 # ipfw add nat64lsn NAT ip from any to A.B.C.D/28
 # ipfw add nat64lsn NAT ip6 from any to 64:ff9b::/96
 4. Configure DNS64 for IPv6 clients and add route to 64:ff9b::/96
    via NAT64 host.

Obtained from:	Yandex LLC
Relnotes:	yes
Sponsored by:	Yandex LLC
Differential Revision:	https://reviews.freebsd.org/D6434
2016-08-13 16:09:49 +00:00
..
cc Fix the case for some sysctl descriptions. 2016-07-26 20:20:09 +00:00
khelp
libalias sys/net*: minor spelling fixes. 2016-05-03 18:05:43 +00:00
tcp_stacks Cleanup unneded include "opt_ipfw.h". 2016-06-09 05:48:34 +00:00
accf_data.c
accf_dns.c In preparation of merging projects/sendfile, transform bare access to 2014-11-12 09:57:15 +00:00
accf_http.c In preparation of merging projects/sendfile, transform bare access to 2014-11-12 09:57:15 +00:00
icmp6.h Add missing constants from RFCs 4443 and 6550 2016-06-06 00:35:45 +00:00
icmp_var.h
if_atm.c
if_atm.h
if_ether.c Fix per-connection L2 caching in fast path 2016-07-22 02:11:49 +00:00
if_ether.h This change re-adds L2 caching for TCP and UDP, as originally added in D4306 2016-06-02 17:51:29 +00:00
igmp_var.h - Rename 'struct igmp_ifinfo' into 'struct igmp_ifsoftc', since it really 2015-02-19 22:35:23 +00:00
igmp.c Get closer to a VIMAGE network stack teardown from top to bottom rather 2016-06-21 13:48:49 +00:00
igmp.h
in_cksum.c
in_debug.c
in_fib.c MFP r287070,r287073: split radix implementation and route table structure. 2016-01-25 06:33:15 +00:00
in_fib.h Merge helper fib* functions used for basic lookups. 2015-12-08 10:50:03 +00:00
in_gif.c Merge helper fib* functions used for basic lookups. 2015-12-08 10:50:03 +00:00
in_jail.c Move IPv4-specific jail functions to new file netinet/in_jail.c 2016-08-09 02:16:21 +00:00
in_kdtrace.c Fix style issues around existing SDT probes. 2015-12-16 23:39:27 +00:00
in_kdtrace.h Fix style issues around existing SDT probes. 2015-12-16 23:39:27 +00:00
in_mcast.c sys/net*: minor spelling fixes. 2016-05-03 18:05:43 +00:00
in_pcb.c This change re-adds L2 caching for TCP and UDP, as originally added in D4306 2016-06-02 17:51:29 +00:00
in_pcb.h Add spares to struct ifnet and socket for packet pacing and/or general 2016-06-23 21:07:15 +00:00
in_pcbgroup.c Unbreak the RSS/PCBGROUp build. 2016-03-31 00:53:23 +00:00
in_prot.c Remove BSD and USL copyright and update license block in in_prot.c, as the 2016-07-28 18:39:30 +00:00
in_proto.c The pr_destroy field does not allow us to run the teardown code in a 2016-06-01 10:14:04 +00:00
in_rmx.c Code duplication but rib_head is special. Not found an easy way to go 2016-02-03 21:56:51 +00:00
in_rss.c Rename rss_soft_m2cpuid() -> rss_soft_m2cpuid_v4() in preparation for 2015-08-29 06:58:30 +00:00
in_rss.h Rename rss_soft_m2cpuid() -> rss_soft_m2cpuid_v4() in preparation for 2015-08-29 06:58:30 +00:00
in_systm.h Prepare for network stack as a module 2016-07-27 20:34:09 +00:00
in_var.h Get closer to a VIMAGE network stack teardown from top to bottom rather 2016-06-21 13:48:49 +00:00
in.c Get closer to a VIMAGE network stack teardown from top to bottom rather 2016-06-21 13:48:49 +00:00
in.h Provide functions to determine presence of a given address 2015-04-17 11:57:06 +00:00
ip6.h Eliminate use of M_EXT in IP6_EXTHDR_CHECK() by trimming a redundant 2014-10-05 06:28:53 +00:00
ip_carp.c Revert r292275 & r292379 2015-12-17 14:41:30 +00:00
ip_carp.h
ip_divert.c The pr_destroy field does not allow us to run the teardown code in a 2016-06-01 10:14:04 +00:00
ip_divert.h
ip_dummynet.h Import Dummynet AQM version 0.2.1 (CoDel, FQ-CoDel, PIE and FQ-PIE). 2016-05-26 21:40:13 +00:00
ip_ecn.c
ip_ecn.h Remove unneded #include "opt_inet.h". 2015-07-31 09:02:28 +00:00
ip_encap.c Remove sys/eventhandler.h from net/route.h 2016-01-09 09:34:39 +00:00
ip_encap.h
ip_fastfwd.c Cleanup unneded include "opt_ipfw.h". 2016-06-09 05:48:34 +00:00
ip_fw.h Add ipfw_nat64 module that implements stateless and stateful NAT64. 2016-08-13 16:09:49 +00:00
ip_gre.c o Use new function ip_fillid() in all places throughout the kernel, 2015-04-01 22:26:39 +00:00
ip_icmp.c When sending in ICMP response to an SCTP packet, 2016-05-25 22:16:11 +00:00
ip_icmp.h Add support for handling ICMP and ICMP6 messages sent in response 2016-04-29 20:22:01 +00:00
ip_id.c Replace a number of conflations of mp_ncpus and mp_maxid with either 2016-07-06 14:09:49 +00:00
ip_input.c Get closer to a VIMAGE network stack teardown from top to bottom rather 2016-06-21 13:48:49 +00:00
ip_ipsec.c Set the proper direction to check for policies in this one case. 2015-10-29 21:26:32 +00:00
ip_ipsec.h Remove flag/flags argument from the following functions: 2014-12-11 18:35:34 +00:00
ip_mroute.c Get closer to a VIMAGE network stack teardown from top to bottom rather 2016-06-21 13:48:49 +00:00
ip_mroute.h
ip_options.c sys/net*: minor spelling fixes. 2016-05-03 18:05:43 +00:00
ip_options.h
ip_output.c Cleanup unneded include "opt_ipfw.h". 2016-06-09 05:48:34 +00:00
ip_reass.c Fix RSS build - netisr input / NETISR_IP_DIRECT is used here. 2015-04-15 00:57:21 +00:00
ip_var.h The pr_destroy field does not allow us to run the teardown code in a 2016-06-01 10:14:04 +00:00
ip.h sys/net*: minor spelling fixes. 2016-05-03 18:05:43 +00:00
pim_var.h
pim.h
raw_ip.c The pr_destroy field does not allow us to run the teardown code in a 2016-06-01 10:14:04 +00:00
sctp_asconf.c Add the UDP encaps port as a parameter to sctp_add_remote_addr(). 2016-04-30 14:25:00 +00:00
sctp_asconf.h
sctp_auth.c Address a potential memory leak found a the clang static code analyzer 2016-07-16 07:48:01 +00:00
sctp_auth.h
sctp_bsd_addr.c netinet/sctp*: minor spelling fixes in comments. 2016-05-02 20:56:11 +00:00
sctp_bsd_addr.h
sctp_cc_functions.c netinet/sctp*: minor spelling fixes in comments. 2016-05-02 20:56:11 +00:00
sctp_constants.h Fix the PR-SCTP behaviour. 2016-07-17 13:14:51 +00:00
sctp_crc32.c
sctp_crc32.h
sctp_dtrace_declare.h
sctp_dtrace_define.h This is work done by Michael Tuexen and myself at the IETF. This 2016-04-07 09:10:34 +00:00
sctp_header.h Fix the PR-SCTP behaviour. 2016-07-17 13:14:51 +00:00
sctp_indata.c Improve a consistency check to not detect valid cases for 2016-08-10 17:19:33 +00:00
sctp_indata.h A couple of minor changes that I missed that Michael had done, most noted 2016-04-07 09:34:41 +00:00
sctp_input.c Consistently check for unsent data on the stream queues. 2016-08-07 23:04:46 +00:00
sctp_input.h Add FIB support for SCTP. 2015-06-17 15:20:14 +00:00
sctp_lock_bsd.h netinet/sctp*: minor spelling fixes in comments. 2016-05-02 20:56:11 +00:00
sctp_os_bsd.h A couple of minor changes that I missed that Michael had done, most noted 2016-04-07 09:34:41 +00:00
sctp_os.h
sctp_output.c Fix the sending of FORWARD-TSN and I-FORWARD-TSN chunks. The 2016-08-08 13:52:18 +00:00
sctp_output.h Don't allow a remote encapsulation port change during the 2016-01-30 12:58:38 +00:00
sctp_pcb.c Remove stream queue entry consistently from wheel. 2016-08-07 12:51:13 +00:00
sctp_pcb.h netinet/sctp*: minor spelling fixes in comments. 2016-05-02 20:56:11 +00:00
sctp_peeloff.c Add a SCTP socket option to limit the cwnd for each path. 2015-03-10 19:49:25 +00:00
sctp_peeloff.h
sctp_ss_functions.c Mark an unused parameter as such. 2016-08-06 12:51:07 +00:00
sctp_structs.h Fix various bugs in relation to the I-DATA chunk support 2016-08-06 12:33:15 +00:00
sctp_syscalls.c netinet: for pointers replace 0 with NULL. 2016-04-15 15:46:41 +00:00
sctp_sysctl.c netstat and sockstat expect the IPv6 link local addresses to 2016-07-19 09:48:08 +00:00
sctp_sysctl.h Retire net.inet.sctp.strict_sacks and net.inet.sctp.strict_data_order 2016-05-12 16:34:59 +00:00
sctp_timer.c Cleanup a comment. 2016-05-09 16:35:05 +00:00
sctp_timer.h Code cleanup which will silence a warning in PVS / D5245. 2016-02-17 18:04:22 +00:00
sctp_uio.h Add a constant required by RFC 7496. 2016-07-17 13:33:35 +00:00
sctp_usrreq.c Fix various bugs in relation to the I-DATA chunk support 2016-08-06 12:33:15 +00:00
sctp_var.h The pr_destroy field does not allow us to run the teardown code in a 2016-06-01 10:14:04 +00:00
sctp.h This is work done by Michael Tuexen and myself at the IETF. This 2016-04-07 09:10:34 +00:00
sctputil.c Fix a locking issue found by stress testing with tsctp. 2016-08-08 08:20:10 +00:00
sctputil.h Remove a function, which is not used anymore. 2016-04-23 09:15:58 +00:00
siftr.c Use SI_SUB_LAST instead of SI_SUB_SMP as the "catch-all" subsystem. 2016-03-11 23:18:06 +00:00
tcp_debug.c
tcp_debug.h
tcp_fastopen.c Fix kernel build with TCP_RFC7413 option 2016-08-11 23:52:24 +00:00
tcp_fastopen.h Implementation of server-side TCP Fast Open (TFO) [RFC7413]. 2015-12-24 19:09:48 +00:00
tcp_fsm.h
tcp_hostcache.c Clean up unused bandwidth entry in the TCP hostcache. 2015-12-11 06:22:58 +00:00
tcp_hostcache.h Clean up unused bandwidth entry in the TCP hostcache. 2015-12-11 06:22:58 +00:00
tcp_input.c Cleanup unneded include "opt_ipfw.h". 2016-06-09 05:48:34 +00:00
tcp_lro.c tcp/lro: If timestamps mismatch or it's a FIN, force flush. 2016-08-05 09:08:00 +00:00
tcp_lro.h tcp/lro: Implement hash table for LRO entries. 2016-08-02 06:36:47 +00:00
tcp_offload.c Augment struct tcpstat with tcps_states[], which is used for book-keeping 2016-01-27 00:45:46 +00:00
tcp_offload.h
tcp_output.c tcp: Don't prematurely drop receiving-only connections 2016-05-30 03:31:37 +00:00
tcp_pcap.c The TCPPCAP debugging feature caches recently-used mbufs for use in 2016-07-06 16:17:13 +00:00
tcp_pcap.h The TCPPCAP debugging feature caches recently-used mbufs for use in 2016-07-06 16:17:13 +00:00
tcp_reass.c Remove sys/eventhandler.h from net/route.h 2016-01-09 09:34:39 +00:00
tcp_sack.c sys/net*: minor spelling fixes. 2016-05-03 18:05:43 +00:00
tcp_seq.h
tcp_subr.c Rework IPV6 TCP path MTU discovery to match IPv4 2016-08-01 17:02:21 +00:00
tcp_syncache.c tcp/syncache: Add comment for syncache_respond 2016-05-10 04:59:04 +00:00
tcp_syncache.h Grab a snap amount of TCP connections in syncache from tcpstat. 2016-01-27 00:48:05 +00:00
tcp_timer.c This small change adopts the excellent suggestion for using named 2016-05-17 09:53:22 +00:00
tcp_timer.h This cleans up the timers code in TCP to start using the new 2016-04-28 13:27:12 +00:00
tcp_timewait.c No longer mark TCP TW zone NO_FREE. 2016-06-23 00:32:58 +00:00
tcp_usrreq.c tcp_usrreq: Free allocated buffer in relock case 2016-04-26 23:02:18 +00:00
tcp_var.h The pr_destroy field does not allow us to run the teardown code in a 2016-06-01 10:14:04 +00:00
tcp.h Provide new socket option TCP_CCALGOOPT, which stands for TCP congestion 2016-01-22 02:07:48 +00:00
tcpip.h
toecore.c This change re-adds L2 caching for TCP and UDP, as originally added in D4306 2016-06-02 17:51:29 +00:00
toecore.h * Convert TOE framework to use new routing api. 2014-10-25 18:25:00 +00:00
udp_usrreq.c Cleanup unneded include "opt_ipfw.h". 2016-06-09 05:48:34 +00:00
udp_var.h The pr_destroy field does not allow us to run the teardown code in a 2016-06-01 10:14:04 +00:00
udp.h
udplite.h