[Bug 288654] netgraph ng_nat: add command to set port range mask

Mon, 04 Aug 2025 03:58:57 -0700 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288654

            Bug ID: 288654
           Summary: netgraph ng_nat: add command to set port range mask
           Product: Base System
           Version: Unspecified
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: [email protected]
          Reporter: [email protected]

Created attachment 262698
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=262698&action=edit
experimental patch for operation confirmation

To make this patch work, the libalias patch in attachment 262482 of bug 288380
is required.
In order to unleash the performance of this patch, the portrange patch in
attachment 262634 of bug 288606 is required.
This patch should still apply correctly even after the application of those
patches.

Of course, this patch was made for the Mapping of Address and Port with
Encapsulation (MAP-E, RFC 7597) :)
By setting it up as described below, it should already be in a state where the
desired operation is achieved.
In this patch, the syntax for portrangemask is the same as that presented in
bug 288380 comment #2.
It will be necessary to redefine the specifications and remake it :)

(If pf needs to be set to map-e-portset 4/8/20 ...)

ifconfig gif0 create
ifconfig gif0 inet6 tunnel 2001:db8:1:100:c0:2:100:100 2001:db8:ffff::1
ifconfig ${wan_if} inet6 2001:db8:1:100:c0:2:100:100 prefixlen 128 alias
kldload ng_gif
ngctl mkpeer gif0: gif_demux lower gif
ngctl name gif0:lower gif0_demux
ngctl mkpeer gif0_demux: nat inet in
ngctl name gif0_demux:inet nat_map_e
ngctl msg nat_map_e: setaliasaddr 192.0.2.1
ngctl msg nat_map_e: setmode "{flags=0x00 mask=0x04}"
ngctl msg nat_map_e: portrange "{alias_port_lo=4096 alias_port_hi=65535}"
ngctl msg nat_map_e: portrangemask \""0xf00f^0x0140"\"
ngctl mkpeer nat_map_e: iface out inet
ng_if=$(ngctl msg nat_map_e:out getifname | sed -ne
'/^Args:/{s/^.*"\([^"]*\)".*$/\1/;p;};')
# ng_if is an interface name like ng0.
ifconfig ${ng_if} inet 192.0.2.1 127.0.2.1 netmask 255.255.255.255 alias
route -n add -inet default -iface ${ng_if}

These commands can also be automated in the script file
/etc/{start,stop}_if.gif0, maybe :)

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to