aboutsummaryrefslogtreecommitdiff
path: root/lib/libpfctl/libpfctl.c
diff options
context:
space:
mode:
authorKurosawa Takahiro <takahiro.kurosawa@gmail.com>2021-04-13 08:50:00 +0000
committerKristof Provost <kp@FreeBSD.org>2021-05-11 15:04:45 +0000
commite49799dcf14e7026f377d26a70fe0a3a3d15390a (patch)
tree8b0788dd824a3407cb6df0697a014445517f052d /lib/libpfctl/libpfctl.c
parent0d0eb707b43e2b222434a98265db1fe7c3e3f3a8 (diff)
downloadsrc-e49799dcf14e7026f377d26a70fe0a3a3d15390a.tar.gz
src-e49799dcf14e7026f377d26a70fe0a3a3d15390a.zip
pf: Implement the NAT source port selection of MAP-E Customer Edge
MAP-E (RFC 7597) requires special care for selecting source ports in NAT operation on the Customer Edge because a part of bits of the port numbers are used by the Border Relay to distinguish another side of the IPv4-over-IPv6 tunnel. PR: 254577 Reviewed by: kp Differential Revision: https://reviews.freebsd.org/D29468 (cherry picked from commit 2aa21096c7349390f22aa5d06b373a575baed1b4)
Diffstat (limited to 'lib/libpfctl/libpfctl.c')
-rw-r--r--lib/libpfctl/libpfctl.c24
1 files changed, 24 insertions, 0 deletions
diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c
index 6b191514320e..c2147e1b04c1 100644
--- a/lib/libpfctl/libpfctl.c
+++ b/lib/libpfctl/libpfctl.c
@@ -202,6 +202,18 @@ pf_nvrule_addr_to_rule_addr(const nvlist_t *nvl, struct pf_rule_addr *addr)
}
static void
+pfctl_nv_add_mape(nvlist_t *nvparent, const char *name,
+ const struct pf_mape_portset *mape)
+{
+ nvlist_t *nvl = nvlist_create(0);
+
+ nvlist_add_number(nvl, "offset", mape->offset);
+ nvlist_add_number(nvl, "psidlen", mape->psidlen);
+ nvlist_add_number(nvl, "psid", mape->psid);
+ nvlist_add_nvlist(nvparent, name, nvl);
+}
+
+static void
pfctl_nv_add_pool(nvlist_t *nvparent, const char *name,
const struct pfctl_pool *pool)
{
@@ -216,11 +228,20 @@ pfctl_nv_add_pool(nvlist_t *nvparent, const char *name,
ports[1] = pool->proxy_port[1];
nvlist_add_number_array(nvl, "proxy_port", ports, 2);
nvlist_add_number(nvl, "opts", pool->opts);
+ pfctl_nv_add_mape(nvl, "mape", &pool->mape);
nvlist_add_nvlist(nvparent, name, nvl);
}
static void
+pf_nvmape_to_mape(const nvlist_t *nvl, struct pf_mape_portset *mape)
+{
+ mape->offset = nvlist_get_number(nvl, "offset");
+ mape->psidlen = nvlist_get_number(nvl, "psidlen");
+ mape->psid = nvlist_get_number(nvl, "psid");
+}
+
+static void
pf_nvpool_to_pool(const nvlist_t *nvl, struct pfctl_pool *pool)
{
size_t len;
@@ -235,6 +256,9 @@ pf_nvpool_to_pool(const nvlist_t *nvl, struct pfctl_pool *pool)
pool->tblidx = nvlist_get_number(nvl, "tblidx");
pf_nvuint_16_array(nvl, "proxy_port", 2, pool->proxy_port, NULL);
pool->opts = nvlist_get_number(nvl, "opts");
+
+ if (nvlist_exists_nvlist(nvl, "mape"))
+ pf_nvmape_to_mape(nvlist_get_nvlist(nvl, "mape"), &pool->mape);
}
static void