aboutsummaryrefslogtreecommitdiff
path: root/sys/netpfil/pf/pf_ioctl.c
diff options
context:
space:
mode:
authorKurosawa Takahiro <takahiro.kurosawa@gmail.com>2021-04-13 08:50:00 +0000
committerKristof Provost <kp@FreeBSD.org>2021-05-11 15:04:45 +0000
commite49799dcf14e7026f377d26a70fe0a3a3d15390a (patch)
tree8b0788dd824a3407cb6df0697a014445517f052d /sys/netpfil/pf/pf_ioctl.c
parent0d0eb707b43e2b222434a98265db1fe7c3e3f3a8 (diff)
downloadsrc-e49799dcf14e7026f377d26a70fe0a3a3d15390a.tar.gz
src-e49799dcf14e7026f377d26a70fe0a3a3d15390a.zip
pf: Implement the NAT source port selection of MAP-E Customer Edge
MAP-E (RFC 7597) requires special care for selecting source ports in NAT operation on the Customer Edge because a part of bits of the port numbers are used by the Border Relay to distinguish another side of the IPv4-over-IPv6 tunnel. PR: 254577 Reviewed by: kp Differential Revision: https://reviews.freebsd.org/D29468 (cherry picked from commit 2aa21096c7349390f22aa5d06b373a575baed1b4)
Diffstat (limited to 'sys/netpfil/pf/pf_ioctl.c')
-rw-r--r--sys/netpfil/pf/pf_ioctl.c40
1 files changed, 40 insertions, 0 deletions
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 66726b754a97..5312e48c2f76 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -1646,6 +1646,36 @@ pf_addr_to_nvaddr(const struct pf_addr *paddr)
}
static int
+pf_nvmape_to_mape(const nvlist_t *nvl, struct pf_mape_portset *mape)
+{
+ int error = 0;
+
+ bzero(mape, sizeof(*mape));
+ PFNV_CHK(pf_nvuint8(nvl, "offset", &mape->offset));
+ PFNV_CHK(pf_nvuint8(nvl, "psidlen", &mape->psidlen));
+ PFNV_CHK(pf_nvuint16(nvl, "psid", &mape->psid));
+
+errout:
+ return (error);
+}
+
+static nvlist_t *
+pf_mape_to_nvmape(const struct pf_mape_portset *mape)
+{
+ nvlist_t *nvl;
+
+ nvl = nvlist_create(0);
+ if (nvl == NULL)
+ return (NULL);
+
+ nvlist_add_number(nvl, "offset", mape->offset);
+ nvlist_add_number(nvl, "psidlen", mape->psidlen);
+ nvlist_add_number(nvl, "psid", mape->psid);
+
+ return (nvl);
+}
+
+static int
pf_nvpool_to_pool(const nvlist_t *nvl, struct pf_kpool *kpool)
{
int error = 0;
@@ -1664,6 +1694,11 @@ pf_nvpool_to_pool(const nvlist_t *nvl, struct pf_kpool *kpool)
NULL));
PFNV_CHK(pf_nvuint8(nvl, "opts", &kpool->opts));
+ if (nvlist_exists_nvlist(nvl, "mape")) {
+ PFNV_CHK(pf_nvmape_to_mape(nvlist_get_nvlist(nvl, "mape"),
+ &kpool->mape));
+ }
+
errout:
return (error);
}
@@ -1688,6 +1723,11 @@ pf_pool_to_nvpool(const struct pf_kpool *pool)
pf_uint16_array_nv(nvl, "proxy_port", pool->proxy_port, 2);
nvlist_add_number(nvl, "opts", pool->opts);
+ tmp = pf_mape_to_nvmape(&pool->mape);
+ if (tmp == NULL)
+ goto error;
+ nvlist_add_nvlist(nvl, "mape", tmp);
+
return (nvl);
error: