[Differential] D23737: nat64: Get the IPv4 address from a NAT64 address when comparing addresses in a ICMP translate

Tue, 18 Feb 2020 08:26:14 -0800 

neel_neelc.org updated this revision to Diff 68488.
neel_neelc.org edited the summary of this revision.
neel_neelc.org added a comment.


  Here, I also compare the destination addresses. Is this what you want?

REPOSITORY
  rS FreeBSD src repository

CHANGES SINCE LAST UPDATE
  https://reviews.freebsd.org/D23737?vs=68476&id=68488

CHANGES SINCE LAST ACTION
  https://reviews.freebsd.org/D23737/new/

REVISION DETAIL
  https://reviews.freebsd.org/D23737

AFFECTED FILES
  sys/netpfil/ipfw/nat64/nat64_translate.c

EMAIL PREFERENCES
  https://reviews.freebsd.org/settings/panel/emailpreferences/

To: neel_neelc.org, ae
Cc: imp, ae, melifaro, #contributor_reviews_base, freebsd-net-list, mmacy, 
kpraveen.lkml_gmail.com, marcnarc_gmail.com, simonvella_gmail.com, 
novice_techie.com, tommi.pernila_iki.fi

diff --git a/sys/netpfil/ipfw/nat64/nat64_translate.c b/sys/netpfil/ipfw/nat64/nat64_translate.c
--- a/sys/netpfil/ipfw/nat64/nat64_translate.c
+++ b/sys/netpfil/ipfw/nat64/nat64_translate.c
@@ -91,6 +91,8 @@
 static int nat64_direct_output(struct ifnet *, struct mbuf *,
     struct sockaddr *, struct nat64_counters *, void *);
 
+static uint32_t nat64_get_ip4(struct in6_addr *addr);
+
 struct nat64_methods {
 	nat64_output_t		output;
 	nat64_output_one_t	output_one;
@@ -1061,20 +1063,25 @@
 		    m->m_pkthdr.len);
 		goto freeit;
 	}
-#if 0
 	/*
 	 * Check that inner source matches the outer destination.
-	 * XXX: We need some method to convert IPv4 into IPv6 address here,
-	 *	and compare IPv6 addresses.
 	 */
 	if (ip.ip_src.s_addr != nat64_get_ip4(&ip6->ip6_dst)) {
-		DPRINTF(DP_GENERIC, "Inner source doesn't match destination ",
+		DPRINTF(DP_GENERIC, "Inner source doesn't match destination: "
 		    "%04x vs %04x", ip.ip_src.s_addr,
 		    nat64_get_ip4(&ip6->ip6_dst));
 		goto freeit;
 	}
-#endif
 	/*
+	 * Check that inner source matches the outer destination.
+	 */
+	if (ip.ip_dst.s_addr != nat64_get_ip4(&ip6->ip6_src)) {
+		DPRINTF(DP_GENERIC, "Inner destination doesn't match source: "
+		    "%04x vs %04x", ip.ip_dst.s_addr,
+		    nat64_get_ip4(&ip6->ip6_src));
+		goto freeit;
+	}
+	/*
 	 * Create new mbuf for ICMPv6 datagram.
 	 * NOTE: len is data length just after inner IP header.
 	 */
@@ -1174,6 +1181,12 @@
 	m_freem(m);
 	NAT64STAT_INC(&cfg->stats, dropped);
 	return (NULL);
+}
+
+static uint32_t
+nat64_get_ip4(struct in6_addr *addr)
+{
+	return addr->__u6_addr.__u6_addr32[3];
 }
 
 int


_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[email protected]"

Reply via email to