freebsd-nq/sys/netinet6
Andrey V. Elsukov d8caf56e9e Add ipfw_nat64 module that implements stateless and stateful NAT64.
The module works together with ipfw(4) and implemented as its external
action module.

Stateless NAT64 registers external action with name nat64stl. This
keyword should be used to create NAT64 instance and to address this
instance in rules. Stateless NAT64 uses two lookup tables with mapped
IPv4->IPv6 and IPv6->IPv4 addresses to perform translation.

A configuration of instance should looks like this:
 1. Create lookup tables:
 # ipfw table T46 create type addr valtype ipv6
 # ipfw table T64 create type addr valtype ipv4
 2. Fill T46 and T64 tables.
 3. Add rule to allow neighbor solicitation and advertisement:
 # ipfw add allow icmp6 from any to any icmp6types 135,136
 4. Create NAT64 instance:
 # ipfw nat64stl NAT create table4 T46 table6 T64
 5. Add rules that matches the traffic:
 # ipfw add nat64stl NAT ip from any to table(T46)
 # ipfw add nat64stl NAT ip from table(T64) to 64:ff9b::/96
 6. Configure DNS64 for IPv6 clients and add route to 64:ff9b::/96
    via NAT64 host.

Stateful NAT64 registers external action with name nat64lsn. The only
one option required to create nat64lsn instance - prefix4. It defines
the pool of IPv4 addresses used for translation.

A configuration of instance should looks like this:
 1. Add rule to allow neighbor solicitation and advertisement:
 # ipfw add allow icmp6 from any to any icmp6types 135,136
 2. Create NAT64 instance:
 # ipfw nat64lsn NAT create prefix4 A.B.C.D/28
 3. Add rules that matches the traffic:
 # ipfw add nat64lsn NAT ip from any to A.B.C.D/28
 # ipfw add nat64lsn NAT ip6 from any to 64:ff9b::/96
 4. Configure DNS64 for IPv6 clients and add route to 64:ff9b::/96
    via NAT64 host.

Obtained from:	Yandex LLC
Relnotes:	yes
Sponsored by:	Yandex LLC
Differential Revision:	https://reviews.freebsd.org/D6434
2016-08-13 16:09:49 +00:00
..
dest6.c
frag6.c sys/net*: minor spelling fixes. 2016-05-03 18:05:43 +00:00
icmp6.c Rework IPV6 TCP path MTU discovery to match IPv4 2016-08-01 17:02:21 +00:00
icmp6.h
in6_cksum.c
in6_fib.c MFP r287070,r287073: split radix implementation and route table structure. 2016-01-25 06:33:15 +00:00
in6_fib.h Merge helper fib* functions used for basic lookups. 2015-12-08 10:50:03 +00:00
in6_gif.c Use correct lookup key for gif route lookups. 2015-12-09 22:09:33 +00:00
in6_ifattach.c Get closer to a VIMAGE network stack teardown from top to bottom rather 2016-06-21 13:48:49 +00:00
in6_ifattach.h Get closer to a VIMAGE network stack teardown from top to bottom rather 2016-06-21 13:48:49 +00:00
in6_jail.c Move IPv4-specific jail functions to new file netinet/in_jail.c 2016-08-09 02:16:21 +00:00
in6_mcast.c sys/net*: minor spelling fixes. 2016-05-03 18:05:43 +00:00
in6_pcb.c This change re-adds L2 caching for TCP and UDP, as originally added in D4306 2016-06-02 17:51:29 +00:00
in6_pcb.h
in6_pcbgroup.c Unbreak the RSS/PCBGROUp build. 2016-03-31 00:53:23 +00:00
in6_proto.c The pr_destroy field does not allow us to run the teardown code in a 2016-06-01 10:14:04 +00:00
in6_rmx.c Code duplication but rib_head is special. Not found an easy way to go 2016-02-03 21:56:51 +00:00
in6_rss.c [netinet6]: Create a new IPv6 netisr which expects the frames to have been verified. 2015-11-06 23:07:43 +00:00
in6_rss.h Implement RSS hashing/re-hashing for IPv6 ingress packets. 2015-08-29 07:14:29 +00:00
in6_src.c Fix regression introduced in r296986. 2016-04-08 11:13:24 +00:00
in6_var.h Remove the SIOCSIFALIFETIME_IN6 ioctl. 2016-06-13 22:31:16 +00:00
in6.c Fix the NULL pointer dereference for unresolved link layer entries in 2016-06-22 11:29:21 +00:00
in6.h Add net.inet6.ip6.intr_queue_maxlen sysctl. It can be used to 2016-07-15 17:09:30 +00:00
ip6_ecn.h
ip6_forward.c Prepare for network stack as a module 2016-07-27 20:34:09 +00:00
ip6_gre.c
ip6_id.c sys/net*: minor spelling fixes. 2016-05-03 18:05:43 +00:00
ip6_input.c Add net.inet6.ip6.intr_queue_maxlen sysctl. It can be used to 2016-07-15 17:09:30 +00:00
ip6_ipsec.c Take extra reference to security policy before calling crypto_dispatch(). 2015-09-30 08:16:33 +00:00
ip6_ipsec.h
ip6_mroute.c Get closer to a VIMAGE network stack teardown from top to bottom rather 2016-06-21 13:48:49 +00:00
ip6_mroute.h
ip6_output.c Fix NULL pointer dereference. 2016-08-02 12:18:06 +00:00
ip6_var.h The pr_destroy field does not allow us to run the teardown code in a 2016-06-01 10:14:04 +00:00
ip6.h
ip6protosw.h sys/net*: minor spelling fixes. 2016-05-03 18:05:43 +00:00
ip_fw_nat64.h Add ipfw_nat64 module that implements stateless and stateful NAT64. 2016-08-13 16:09:49 +00:00
ip_fw_nptv6.h Add ipfw_nptv6 module that implements Network Prefix Translation for IPv6 2016-07-18 19:46:31 +00:00
mld6_var.h
mld6.c Get closer to a VIMAGE network stack teardown from top to bottom rather 2016-06-21 13:48:49 +00:00
mld6.h
nd6_nbr.c Always start IPv6 DAD asynchronously. 2016-06-02 17:17:15 +00:00
nd6_rtr.c Exploit r301213 to fix in6 ifaddr locking in pfxlist_onlink_check(). 2016-06-02 17:21:57 +00:00
nd6.c Fix per-connection L2 caching in fast path 2016-07-22 02:11:49 +00:00
nd6.h Get closer to a VIMAGE network stack teardown from top to bottom rather 2016-06-21 13:48:49 +00:00
pim6_var.h
pim6.h
raw_ip6.c sys/net* : for pointers replace 0 with NULL. 2016-04-15 17:30:33 +00:00
raw_ip6.h
route6.c
scope6_var.h Merge helper fib* functions used for basic lookups. 2015-12-08 10:50:03 +00:00
scope6.c Add a missing newline to a log message. 2016-02-12 21:17:00 +00:00
sctp6_usrreq.c Don't consider the socket when processing an incoming ICMP/ICMP6 packet, 2016-06-23 09:13:15 +00:00
sctp6_var.h Fix the ICMP6 handling for SCTP. 2016-04-16 21:34:49 +00:00
send.c These files were getting sys/malloc.h and vm/uma.h with header pollution 2016-02-01 17:41:21 +00:00
send.h
tcp6_var.h
udp6_usrreq.c Cleanup unneded include "opt_ipfw.h". 2016-06-09 05:48:34 +00:00
udp6_var.h