[Differential] D23737: nat64: Get the IPv4 address from a NAT64 address when comparing addresses in a ICMP translate

Mon, 17 Feb 2020 13:44:14 -0800 

neel_neelc.org created this revision.
neel_neelc.org added a project: network.
Herald added subscribers: Contributor Reviews (base), melifaro, ae, imp.

REVISION SUMMARY
  nat64: Get the IPv4 address from an IPv6 NAT64 address when comparing the 
inner source address with an outer destination address in an ICMP translate.
  
  Submitted by: Neel Chauhan <neel AT neelc DOT org>

REPOSITORY
  rS FreeBSD src repository

REVISION DETAIL
  https://reviews.freebsd.org/D23737

AFFECTED FILES
  sys/netpfil/ipfw/nat64/nat64_translate.c

EMAIL PREFERENCES
  https://reviews.freebsd.org/settings/panel/emailpreferences/

To: neel_neelc.org
Cc: imp, ae, melifaro, #contributor_reviews_base, freebsd-net-list, mmacy, 
kpraveen.lkml_gmail.com, marcnarc_gmail.com, simonvella_gmail.com, 
novice_techie.com, tommi.pernila_iki.fi

diff --git a/sys/netpfil/ipfw/nat64/nat64_translate.c b/sys/netpfil/ipfw/nat64/nat64_translate.c
--- a/sys/netpfil/ipfw/nat64/nat64_translate.c
+++ b/sys/netpfil/ipfw/nat64/nat64_translate.c
@@ -91,6 +91,8 @@
 static int nat64_direct_output(struct ifnet *, struct mbuf *,
     struct sockaddr *, struct nat64_counters *, void *);
 
+static uint32_t nat64_get_ip4(struct in6_addr *addr);
+
 struct nat64_methods {
 	nat64_output_t		output;
 	nat64_output_one_t	output_one;
@@ -1061,19 +1063,15 @@
 		    m->m_pkthdr.len);
 		goto freeit;
 	}
-#if 0
 	/*
 	 * Check that inner source matches the outer destination.
-	 * XXX: We need some method to convert IPv4 into IPv6 address here,
-	 *	and compare IPv6 addresses.
 	 */
 	if (ip.ip_src.s_addr != nat64_get_ip4(&ip6->ip6_dst)) {
-		DPRINTF(DP_GENERIC, "Inner source doesn't match destination ",
+		DPRINTF(DP_GENERIC, "Inner source doesn't match destination: "
 		    "%04x vs %04x", ip.ip_src.s_addr,
 		    nat64_get_ip4(&ip6->ip6_dst));
 		goto freeit;
 	}
-#endif
 	/*
 	 * Create new mbuf for ICMPv6 datagram.
 	 * NOTE: len is data length just after inner IP header.
@@ -1174,6 +1172,12 @@
 	m_freem(m);
 	NAT64STAT_INC(&cfg->stats, dropped);
 	return (NULL);
+}
+
+static uint32_t
+nat64_get_ip4(struct in6_addr *addr)
+{
+	return addr->__u6_addr.__u6_addr32[3];
 }
 
 int


_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[email protected]"

Reply via email to