Date: Tue, 18 Feb 2020 16:25:39 +0000 From: "neel_neelc.org (Neel Chauhan)" <phabric-noreply@FreeBSD.org> To: Phabricator <phabric-noreply@FreeBSD.org> Cc: freebsd-net@freebsd.org Subject: [Differential] D23737: nat64: Get the IPv4 address from a NAT64 address when comparing addresses in a ICMP translate Message-ID: <10db919ccfa33b2ab3c1ebf701642b42@localhost.localdomain> In-Reply-To: <differential-rev-PHID-DREV-s3egeuka5skf4yqccitk-req@reviews.freebsd.org> References: <differential-rev-PHID-DREV-s3egeuka5skf4yqccitk-req@reviews.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] neel_neelc.org updated this revision to Diff 68488. neel_neelc.org edited the summary of this revision. neel_neelc.org added a comment. Here, I also compare the destination addresses. Is this what you want? REPOSITORY rS FreeBSD src repository CHANGES SINCE LAST UPDATE https://reviews.freebsd.org/D23737?vs=68476&id=68488 CHANGES SINCE LAST ACTION https://reviews.freebsd.org/D23737/new/ REVISION DETAIL https://reviews.freebsd.org/D23737 AFFECTED FILES sys/netpfil/ipfw/nat64/nat64_translate.c EMAIL PREFERENCES https://reviews.freebsd.org/settings/panel/emailpreferences/ To: neel_neelc.org, ae Cc: imp, ae, melifaro, #contributor_reviews_base, freebsd-net-list, mmacy, kpraveen.lkml_gmail.com, marcnarc_gmail.com, simonvella_gmail.com, novice_techie.com, tommi.pernila_iki.fi [-- Attachment #2 --] diff --git a/sys/netpfil/ipfw/nat64/nat64_translate.c b/sys/netpfil/ipfw/nat64/nat64_translate.c --- a/sys/netpfil/ipfw/nat64/nat64_translate.c +++ b/sys/netpfil/ipfw/nat64/nat64_translate.c @@ -91,6 +91,8 @@ static int nat64_direct_output(struct ifnet *, struct mbuf *, struct sockaddr *, struct nat64_counters *, void *); +static uint32_t nat64_get_ip4(struct in6_addr *addr); + struct nat64_methods { nat64_output_t output; nat64_output_one_t output_one; @@ -1061,20 +1063,25 @@ m->m_pkthdr.len); goto freeit; } -#if 0 /* * Check that inner source matches the outer destination. - * XXX: We need some method to convert IPv4 into IPv6 address here, - * and compare IPv6 addresses. */ if (ip.ip_src.s_addr != nat64_get_ip4(&ip6->ip6_dst)) { - DPRINTF(DP_GENERIC, "Inner source doesn't match destination ", + DPRINTF(DP_GENERIC, "Inner source doesn't match destination: " "%04x vs %04x", ip.ip_src.s_addr, nat64_get_ip4(&ip6->ip6_dst)); goto freeit; } -#endif /* + * Check that inner source matches the outer destination. + */ + if (ip.ip_dst.s_addr != nat64_get_ip4(&ip6->ip6_src)) { + DPRINTF(DP_GENERIC, "Inner destination doesn't match source: " + "%04x vs %04x", ip.ip_dst.s_addr, + nat64_get_ip4(&ip6->ip6_src)); + goto freeit; + } + /* * Create new mbuf for ICMPv6 datagram. * NOTE: len is data length just after inner IP header. */ @@ -1174,6 +1181,12 @@ m_freem(m); NAT64STAT_INC(&cfg->stats, dropped); return (NULL); +} + +static uint32_t +nat64_get_ip4(struct in6_addr *addr) +{ + return addr->__u6_addr.__u6_addr32[3]; } int
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?10db919ccfa33b2ab3c1ebf701642b42>