2 * Copyright (c) 2015 Yandex LLC
3 * Copyright (c) 2015 Alexander V. Chernikov <melifaro@FreeBSD.org>
4 * Copyright (c) 2016 Andrey V. Elsukov <ae@FreeBSD.org>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 #ifndef _NETINET6_IP_FW_NAT64_H_
32 #define _NETINET6_IP_FW_NAT64_H_
34 struct ipfw_nat64stl_stats {
35 uint64_t opcnt64; /* 6to4 of packets translated */
36 uint64_t opcnt46; /* 4to6 of packets translated */
37 uint64_t ofrags; /* number of fragments generated */
38 uint64_t ifrags; /* number of fragments received */
39 uint64_t oerrors; /* number of output errors */
42 uint64_t noproto; /* Protocol not supported */
43 uint64_t nomem; /* mbuf allocation filed */
44 uint64_t dropped; /* dropped due to some errors */
47 struct ipfw_nat64lsn_stats {
48 uint64_t opcnt64; /* 6to4 of packets translated */
49 uint64_t opcnt46; /* 4to6 of packets translated */
50 uint64_t ofrags; /* number of fragments generated */
51 uint64_t ifrags; /* number of fragments received */
52 uint64_t oerrors; /* number of output errors */
55 uint64_t noproto; /* Protocol not supported */
56 uint64_t nomem; /* mbuf allocation filed */
57 uint64_t dropped; /* dropped due to some errors */
59 uint64_t nomatch4; /* No addr/port match */
60 uint64_t jcalls; /* Number of job handler calls */
61 uint64_t jrequests; /* Number of job requests */
62 uint64_t jhostsreq; /* Number of job host requests */
63 uint64_t jportreq; /* Number of portgroup requests */
64 uint64_t jhostfails; /* Number of failed host allocs */
65 uint64_t jportfails; /* Number of failed portgroup allocs */
66 uint64_t jreinjected; /* Number of packets reinjected to q */
67 uint64_t jmaxlen; /* Max queue length reached */
68 uint64_t jnomem; /* No memory to alloc queue item */
70 uint64_t screated; /* Number of states created */
71 uint64_t sdeleted; /* Number of states deleted */
72 uint64_t spgcreated; /* Number of portgroups created */
73 uint64_t spgdeleted; /* Number of portgroups deleted */
74 uint64_t hostcount; /* Number of hosts */
75 uint64_t tcpchunks; /* Number of TCP chunks */
76 uint64_t udpchunks; /* Number of UDP chunks */
77 uint64_t icmpchunks; /* Number of ICMP chunks */
79 uint64_t _reserved[4];
82 #define NAT64_LOG 0x0001 /* Enable logging via BPF */
84 typedef struct _ipfw_nat64stl_cfg {
85 char name[64]; /* NAT name */
86 ipfw_obj_ntlv ntlv6; /* object name tlv */
87 ipfw_obj_ntlv ntlv4; /* object name tlv */
88 struct in6_addr prefix6; /* NAT64 prefix */
89 uint8_t plen6; /* Prefix length */
90 uint8_t set; /* Named instance set [0..31] */
96 * NAT64LSN default configuration values
98 #define NAT64LSN_MAX_PORTS 2048 /* Max number of ports per host */
99 #define NAT64LSN_JMAXLEN 2048 /* Max outstanding requests. */
100 #define NAT64LSN_TCP_SYN_AGE 10 /* State's TTL after SYN received. */
101 #define NAT64LSN_TCP_EST_AGE (2 * 3600) /* TTL for established connection */
102 #define NAT64LSN_TCP_FIN_AGE 180 /* State's TTL after FIN/RST received */
103 #define NAT64LSN_UDP_AGE 120 /* TTL for UDP states */
104 #define NAT64LSN_ICMP_AGE 60 /* TTL for ICMP states */
105 #define NAT64LSN_HOST_AGE 3600 /* TTL for stale host entry */
106 #define NAT64LSN_PG_AGE 900 /* TTL for stale ports groups */
108 typedef struct _ipfw_nat64lsn_cfg {
109 char name[64]; /* NAT name */
111 uint32_t max_ports; /* Max ports per client */
112 uint32_t agg_prefix_len; /* Prefix length to count */
113 uint32_t agg_prefix_max; /* Max hosts per agg prefix */
114 struct in_addr prefix4;
115 uint16_t plen4; /* Prefix length */
116 uint16_t plen6; /* Prefix length */
117 struct in6_addr prefix6; /* NAT64 prefix */
118 uint32_t jmaxlen; /* Max jobqueue length */
119 uint16_t min_port; /* Min port group # to use */
120 uint16_t max_port; /* Max port group # to use */
121 uint16_t nh_delete_delay;/* Stale host delete delay */
122 uint16_t pg_delete_delay;/* Stale portgroup delete delay */
123 uint16_t st_syn_ttl; /* TCP syn expire */
124 uint16_t st_close_ttl; /* TCP fin expire */
125 uint16_t st_estab_ttl; /* TCP established expire */
126 uint16_t st_udp_ttl; /* UDP expire */
127 uint16_t st_icmp_ttl; /* ICMP expire */
128 uint8_t set; /* Named instance set [0..31] */
132 typedef struct _ipfw_nat64lsn_state {
133 struct in_addr daddr; /* Remote IPv4 address */
134 uint16_t dport; /* Remote destination port */
135 uint16_t aport; /* Local alias port */
136 uint16_t sport; /* Source port */
137 uint8_t flags; /* State flags */
139 uint16_t idle; /* Last used time */
140 } ipfw_nat64lsn_state;
142 typedef struct _ipfw_nat64lsn_stg {
143 uint64_t next_idx; /* next state index */
144 struct in_addr alias4; /* IPv4 alias address */
145 uint8_t proto; /* protocol */
148 struct in6_addr host6; /* Bound IPv6 host */
149 uint32_t count; /* Number of states */
153 #endif /* _NETINET6_IP_FW_NAT64_H_ */
projects / freebsd.git / blob