X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/d9a64523371fa019c4575bb400cbbc3a50ac9903..0a7de7458d150b5d4dffc935ba399be265ef0a1a:/bsd/net/nat464_utils.c?ds=sidebyside diff --git a/bsd/net/nat464_utils.c b/bsd/net/nat464_utils.c index 495ac6cfd..fd99d34b5 100644 --- a/bsd/net/nat464_utils.c +++ b/bsd/net/nat464_utils.c @@ -100,22 +100,24 @@ nat464_synthesize_ipv6(ifnet_t ifp, const struct in_addr *addrv4, struct in6_add { static const struct in6_addr well_known_prefix = { .__u6_addr.__u6_addr8 = {0x00, 0x64, 0xff, 0x9b, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00}, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, }; struct ipv6_prefix nat64prefixes[NAT64_MAX_NUM_PREFIXES]; int error = 0, i = 0; /* Below call is not optimized as it creates a copy of prefixes */ - if ((error = ifnet_get_nat64prefix(ifp, nat64prefixes)) != 0) - return (error); + if ((error = ifnet_get_nat64prefix(ifp, nat64prefixes)) != 0) { + return error; + } for (i = 0; i < NAT64_MAX_NUM_PREFIXES; i++) { - if (nat64prefixes[i].prefix_len != 0) + if (nat64prefixes[i].prefix_len != 0) { break; + } } - VERIFY (i < NAT64_MAX_NUM_PREFIXES); + VERIFY(i < NAT64_MAX_NUM_PREFIXES); struct in6_addr prefix = nat64prefixes[i].ipv6_prefix; int prefix_len = nat64prefixes[i].prefix_len; @@ -130,43 +132,44 @@ nat464_synthesize_ipv6(ifnet_t ifp, const struct in_addr *addrv4, struct in6_add IN_6TO4_RELAY_ANYCAST(ntohl(addrv4->s_addr)) || // 192.88.99.0/24 6to4 Relay Anycast IN_MULTICAST(ntohl(addrv4->s_addr)) || // 224.0.0.0/4 Multicast INADDR_BROADCAST == addrv4->s_addr) { // 255.255.255.255/32 Limited Broadcast - return (-1); + return -1; } /* Check for the well-known prefix */ if (prefix_len == NAT64_PREFIX_LEN_96 && IN6_ARE_ADDR_EQUAL(&prefix, &well_known_prefix)) { // https://tools.ietf.org/html/rfc6052#section-3.1 if (IN_PRIVATE(ntohl(addrv4->s_addr)) || // 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 Private-Use - IN_SHARED_ADDRESS_SPACE(ntohl(addrv4->s_addr))) // 100.64.0.0/10 Shared Address Space - return (-1); + IN_SHARED_ADDRESS_SPACE(ntohl(addrv4->s_addr))) { // 100.64.0.0/10 Shared Address Space + return -1; + } } memcpy(ptr, (char *)&prefix, prefix_len); switch (prefix_len) { - case NAT64_PREFIX_LEN_96: - memcpy(ptr + 12, ptrv4, 4); - break; - case NAT64_PREFIX_LEN_64: - memcpy(ptr + 9, ptrv4, 4); - break; - case NAT64_PREFIX_LEN_56: - memcpy(ptr + 7, ptrv4, 1); - memcpy(ptr + 9, ptrv4 + 1, 3); - break; - case NAT64_PREFIX_LEN_48: - memcpy(ptr + 6, ptrv4, 2); - memcpy(ptr + 9, ptrv4 + 2, 2); - break; - case NAT64_PREFIX_LEN_40: - memcpy(ptr + 5, ptrv4, 3); - memcpy(ptr + 9, ptrv4 + 3, 1); - break; - case NAT64_PREFIX_LEN_32: - memcpy(ptr + 4, ptrv4, 4); - break; - default: - panic("NAT64-prefix len is wrong: %u\n", prefix_len); + case NAT64_PREFIX_LEN_96: + memcpy(ptr + 12, ptrv4, 4); + break; + case NAT64_PREFIX_LEN_64: + memcpy(ptr + 9, ptrv4, 4); + break; + case NAT64_PREFIX_LEN_56: + memcpy(ptr + 7, ptrv4, 1); + memcpy(ptr + 9, ptrv4 + 1, 3); + break; + case NAT64_PREFIX_LEN_48: + memcpy(ptr + 6, ptrv4, 2); + memcpy(ptr + 9, ptrv4 + 2, 2); + break; + case NAT64_PREFIX_LEN_40: + memcpy(ptr + 5, ptrv4, 3); + memcpy(ptr + 9, ptrv4 + 3, 1); + break; + case NAT64_PREFIX_LEN_32: + memcpy(ptr + 4, ptrv4, 4); + break; + default: + panic("NAT64-prefix len is wrong: %u\n", prefix_len); } if (clat_debug) { @@ -175,7 +178,7 @@ nat464_synthesize_ipv6(ifnet_t ifp, const struct in_addr *addrv4, struct in6_add inet_ntop(AF_INET6, (void *)addr, buf, sizeof(buf)))); } - return (error); + return error; } /* Synthesize ipv4 from ipv6 */ @@ -186,15 +189,17 @@ nat464_synthesize_ipv4(ifnet_t ifp, const struct in6_addr *addr, struct in_addr int error = 0, i = 0; /* Below call is not optimized as it creates a copy of prefixes */ - if ((error = ifnet_get_nat64prefix(ifp, nat64prefixes)) != 0) + if ((error = ifnet_get_nat64prefix(ifp, nat64prefixes)) != 0) { return error; + } for (i = 0; i < NAT64_MAX_NUM_PREFIXES; i++) { - if (nat64prefixes[i].prefix_len != 0) + if (nat64prefixes[i].prefix_len != 0) { break; + } } - VERIFY (i < NAT64_MAX_NUM_PREFIXES); + VERIFY(i < NAT64_MAX_NUM_PREFIXES); struct in6_addr prefix = nat64prefixes[i].ipv6_prefix; int prefix_len = nat64prefixes[i].prefix_len; @@ -202,59 +207,60 @@ nat464_synthesize_ipv4(ifnet_t ifp, const struct in6_addr *addr, struct in_addr char *ptrv4 = __DECONST(void *, addrv4); char *ptr = __DECONST(void *, addr); - if (memcmp(addr, &prefix, prefix_len) != 0) - return (-1); + if (memcmp(addr, &prefix, prefix_len) != 0) { + return -1; + } switch (prefix_len) { - case NAT64_PREFIX_LEN_96: - memcpy(ptrv4, ptr + 12, 4); - break; - case NAT64_PREFIX_LEN_64: - memcpy(ptrv4, ptr + 9, 4); - break; - case NAT64_PREFIX_LEN_56: - memcpy(ptrv4, ptr + 7, 1); - memcpy(ptrv4 + 1, ptr + 9, 3); - break; - case NAT64_PREFIX_LEN_48: - memcpy(ptrv4, ptr + 6, 2); - memcpy(ptrv4 + 2, ptr + 9, 2); - break; - case NAT64_PREFIX_LEN_40: - memcpy(ptrv4, ptr + 5, 3); - memcpy(ptrv4 + 3, ptr + 9, 1); - break; - case NAT64_PREFIX_LEN_32: - memcpy(ptrv4, ptr + 4, 4); - break; - default: - panic("NAT64-prefix len is wrong: %u\n", - prefix_len); + case NAT64_PREFIX_LEN_96: + memcpy(ptrv4, ptr + 12, 4); + break; + case NAT64_PREFIX_LEN_64: + memcpy(ptrv4, ptr + 9, 4); + break; + case NAT64_PREFIX_LEN_56: + memcpy(ptrv4, ptr + 7, 1); + memcpy(ptrv4 + 1, ptr + 9, 3); + break; + case NAT64_PREFIX_LEN_48: + memcpy(ptrv4, ptr + 6, 2); + memcpy(ptrv4 + 2, ptr + 9, 2); + break; + case NAT64_PREFIX_LEN_40: + memcpy(ptrv4, ptr + 5, 3); + memcpy(ptrv4 + 3, ptr + 9, 1); + break; + case NAT64_PREFIX_LEN_32: + memcpy(ptrv4, ptr + 4, 4); + break; + default: + panic("NAT64-prefix len is wrong: %u\n", + prefix_len); } - if(clat_debug) { + if (clat_debug) { char buf[MAX_IPv4_STR_LEN]; clat_log2((LOG_DEBUG, "%s desynthesized to %s\n", __func__, inet_ntop(AF_INET, (void *)addrv4, buf, sizeof(buf)))); } - return (error); + return error; } -#define PTR_IP(field) ((int32_t)offsetof(struct ip, field)) -#define PTR_IP6(field) ((int32_t)offsetof(struct ip6_hdr, field)) +#define PTR_IP(field) ((int32_t)offsetof(struct ip, field)) +#define PTR_IP6(field) ((int32_t)offsetof(struct ip6_hdr, field)) /* - Translate the ICMP header -*/ + * Translate the ICMP header + */ int nat464_translate_icmp(int naf, void *arg) { - struct icmp *icmp4; - struct icmp6_hdr *icmp6; - uint32_t mtu; - int32_t ptr = -1; - uint8_t type; - uint8_t code; + struct icmp *icmp4; + struct icmp6_hdr *icmp6; + uint32_t mtu; + int32_t ptr = -1; + uint8_t type; + uint8_t code; switch (naf) { case AF_INET: @@ -285,7 +291,7 @@ nat464_translate_icmp(int naf, void *arg) code = ICMP_UNREACH_PORT; break; default: - return (-1); + return -1; } break; case ICMP6_PACKET_TOO_BIG: @@ -303,25 +309,25 @@ nat464_translate_icmp(int naf, void *arg) code = ICMP_PARAMPROB_ERRATPTR; ptr = ntohl(icmp6->icmp6_pptr); - if (ptr == PTR_IP6(ip6_vfc)) + if (ptr == PTR_IP6(ip6_vfc)) { ; /* preserve */ - else if (ptr == PTR_IP6(ip6_vfc) + 1) + } else if (ptr == PTR_IP6(ip6_vfc) + 1) { ptr = PTR_IP(ip_tos); - else if (ptr == PTR_IP6(ip6_plen) || - ptr == PTR_IP6(ip6_plen) + 1) + } else if (ptr == PTR_IP6(ip6_plen) || + ptr == PTR_IP6(ip6_plen) + 1) { ptr = PTR_IP(ip_len); - else if (ptr == PTR_IP6(ip6_nxt)) + } else if (ptr == PTR_IP6(ip6_nxt)) { ptr = PTR_IP(ip_p); - else if (ptr == PTR_IP6(ip6_hlim)) + } else if (ptr == PTR_IP6(ip6_hlim)) { ptr = PTR_IP(ip_ttl); - else if (ptr >= PTR_IP6(ip6_src) && - ptr < PTR_IP6(ip6_dst)) + } else if (ptr >= PTR_IP6(ip6_src) && + ptr < PTR_IP6(ip6_dst)) { ptr = PTR_IP(ip_src); - else if (ptr >= PTR_IP6(ip6_dst) && - ptr < (int32_t)sizeof(struct ip6_hdr)) + } else if (ptr >= PTR_IP6(ip6_dst) && + ptr < (int32_t)sizeof(struct ip6_hdr)) { ptr = PTR_IP(ip_dst); - else { - return (-1); + } else { + return -1; } break; case ICMP6_PARAMPROB_NEXTHEADER: @@ -329,19 +335,20 @@ nat464_translate_icmp(int naf, void *arg) code = ICMP_UNREACH_PROTOCOL; break; default: - return (-1); + return -1; } break; default: - return (-1); + return -1; } icmp6->icmp6_type = type; icmp6->icmp6_code = code; /* aligns well with a icmpv4 nextmtu */ icmp6->icmp6_mtu = htonl(mtu); /* icmpv4 pptr is a one most significant byte */ - if (ptr >= 0) + if (ptr >= 0) { icmp6->icmp6_pptr = htonl(ptr << 24); + } break; case AF_INET6: @@ -389,7 +396,7 @@ nat464_translate_icmp(int naf, void *arg) mtu += 20; break; default: - return (-1); + return -1; } break; case ICMP_TIMXCEED: @@ -405,41 +412,42 @@ nat464_translate_icmp(int naf, void *arg) code = ICMP6_PARAMPROB_HEADER; break; default: - return (-1); + return -1; } ptr = icmp4->icmp_pptr; - if (ptr == 0 || ptr == PTR_IP(ip_tos)) + if (ptr == 0 || ptr == PTR_IP(ip_tos)) { ; /* preserve */ - else if (ptr == PTR_IP(ip_len) || - ptr == PTR_IP(ip_len) + 1) + } else if (ptr == PTR_IP(ip_len) || + ptr == PTR_IP(ip_len) + 1) { ptr = PTR_IP6(ip6_plen); - else if (ptr == PTR_IP(ip_ttl)) + } else if (ptr == PTR_IP(ip_ttl)) { ptr = PTR_IP6(ip6_hlim); - else if (ptr == PTR_IP(ip_p)) + } else if (ptr == PTR_IP(ip_p)) { ptr = PTR_IP6(ip6_nxt); - else if (ptr >= PTR_IP(ip_src) && - ptr < PTR_IP(ip_dst)) + } else if (ptr >= PTR_IP(ip_src) && + ptr < PTR_IP(ip_dst)) { ptr = PTR_IP6(ip6_src); - else if (ptr >= PTR_IP(ip_dst) && - ptr < (int32_t)sizeof(struct ip)) + } else if (ptr >= PTR_IP(ip_dst) && + ptr < (int32_t)sizeof(struct ip)) { ptr = PTR_IP6(ip6_dst); - else { - return (-1); + } else { + return -1; } break; default: - return (-1); + return -1; } icmp4->icmp_type = type; icmp4->icmp_code = code; icmp4->icmp_nextmtu = htons(mtu); - if (ptr >= 0) + if (ptr >= 0) { icmp4->icmp_void = htonl(ptr); + } break; } - return (0); + return 0; } /* @@ -463,8 +471,8 @@ nat464_translate_icmp(int naf, void *arg) */ int nat464_translate_icmp_ip(pbuf_t *pbuf, uint32_t off, uint64_t *tot_len, uint32_t *off2, - uint8_t proto2, uint8_t ttl2, uint64_t tot_len2, struct nat464_addr *src, - struct nat464_addr *dst, protocol_family_t af, protocol_family_t naf) + uint8_t proto2, uint8_t ttl2, uint64_t tot_len2, struct nat464_addr *src, + struct nat464_addr *dst, protocol_family_t af, protocol_family_t naf) { struct ip *ip4 = NULL; struct ip6_hdr *ip6 = NULL; @@ -472,8 +480,9 @@ nat464_translate_icmp_ip(pbuf_t *pbuf, uint32_t off, uint64_t *tot_len, uint32_t int hlen = 0, olen = 0; if (af == naf || (af != AF_INET && af != AF_INET6) || - (naf != AF_INET && naf != AF_INET6)) - return (-1); + (naf != AF_INET && naf != AF_INET6)) { + return -1; + } /* old header */ olen = *off2 - off; @@ -482,8 +491,9 @@ nat464_translate_icmp_ip(pbuf_t *pbuf, uint32_t off, uint64_t *tot_len, uint32_t /* Modify the pbuf to accommodate the new header */ hdr = pbuf_resize_segment(pbuf, off, olen, hlen); - if (hdr == NULL) - return (-1); + if (hdr == NULL) { + return -1; + } /* translate inner ip/ip6 header */ switch (naf) { @@ -496,10 +506,11 @@ nat464_translate_icmp_ip(pbuf_t *pbuf, uint32_t off, uint64_t *tot_len, uint32_t ip4->ip_id = rfc6864 ? 0 : htons(ip_randomid()); ip4->ip_off = htons(IP_DF); ip4->ip_ttl = ttl2; - if (proto2 == IPPROTO_ICMPV6) + if (proto2 == IPPROTO_ICMPV6) { ip4->ip_p = IPPROTO_ICMP; - else + } else { ip4->ip_p = proto2; + } ip4->ip_src = src->natv4addr; ip4->ip_dst = dst->natv4addr; ip4->ip_sum = pbuf_inet_cksum(pbuf, 0, 0, ip4->ip_hl << 2); @@ -518,14 +529,16 @@ nat464_translate_icmp_ip(pbuf_t *pbuf, uint32_t off, uint64_t *tot_len, uint32_t bzero(ip6, sizeof(*ip6)); ip6->ip6_vfc = IPV6_VERSION; ip6->ip6_plen = htons(tot_len2 - olen); - if (proto2 == IPPROTO_ICMP) + if (proto2 == IPPROTO_ICMP) { ip6->ip6_nxt = IPPROTO_ICMPV6; - else + } else { ip6->ip6_nxt = proto2; - if (!ttl2 || ttl2 > IPV6_DEFHLIM) + } + if (!ttl2 || ttl2 > IPV6_DEFHLIM) { ip6->ip6_hlim = IPV6_DEFHLIM; - else + } else { ip6->ip6_hlim = ttl2; + } ip6->ip6_src = src->natv6addr; ip6->ip6_dst = dst->natv6addr; @@ -544,7 +557,7 @@ nat464_translate_icmp_ip(pbuf_t *pbuf, uint32_t off, uint64_t *tot_len, uint32_t *off2 += hlen - olen; *tot_len += hlen - olen; - return (0); + return 0; } /* * @brief The function inserts IPv6 fragmentation header @@ -567,22 +580,25 @@ nat464_insert_frag46(pbuf_t *pbuf, uint16_t ip_id_val, uint16_t frag_offset, /* Insert IPv6 fragmentation header */ if (pbuf_resize_segment(pbuf, sizeof(struct ip6_hdr), 0, - sizeof(struct ip6_frag)) == NULL) - return (-1); + sizeof(struct ip6_frag)) == NULL) { + return -1; + } p_ip6h = mtod(pbuf->pb_mbuf, struct ip6_hdr *); p_ip6_frag = (struct ip6_frag *)pbuf_contig_segment(pbuf, sizeof(struct ip6_hdr), sizeof(struct ip6_frag)); - if (p_ip6_frag == NULL) - return (-1); + if (p_ip6_frag == NULL) { + return -1; + } /* Populate IPv6 fragmentation header */ p_ip6_frag->ip6f_nxt = p_ip6h->ip6_nxt; p_ip6_frag->ip6f_reserved = 0; p_ip6_frag->ip6f_offlg = (frag_offset) << 3; - if (!is_last_frag) + if (!is_last_frag) { p_ip6_frag->ip6f_offlg |= 0x1; + } p_ip6_frag->ip6f_offlg = htons(p_ip6_frag->ip6f_offlg); p_ip6_frag->ip6f_ident = ip_id_val; @@ -591,7 +607,7 @@ nat464_insert_frag46(pbuf_t *pbuf, uint16_t ip_id_val, uint16_t frag_offset, p_ip6h->ip6_plen = htons(ntohs(p_ip6h->ip6_plen) + sizeof(struct ip6_frag)); - return (0); + return 0; } int @@ -613,15 +629,16 @@ nat464_translate_64(pbuf_t *pbuf, int off, uint8_t tos, * 2. If IPv6 stack in kernel internally generates a * message destined for a synthesized IPv6 end-point. */ - if (pbuf->pb_ifp == NULL) - return (NT_DROP); + if (pbuf->pb_ifp == NULL) { + return NT_DROP; + } if (*proto == IPPROTO_FRAGMENT) { p_frag6 = (struct ip6_frag *)pbuf_contig_segment(pbuf, sizeof(struct ip6_hdr), sizeof(struct ip6_frag)); if (p_frag6 == NULL) { ip6stat.ip6s_clat464_in_64frag_transfail_drop++; - return (NT_DROP); + return NT_DROP; } frag6 = *p_frag6; @@ -636,8 +653,9 @@ nat464_translate_64(pbuf_t *pbuf, int off, uint8_t tos, } ip4 = (struct ip *)pbuf_resize_segment(pbuf, 0, off, sizeof(*ip4)); - if (ip4 == NULL) - return (NT_DROP); + if (ip4 == NULL) { + return NT_DROP; + } ip4->ip_v = 4; ip4->ip_hl = 5; ip4->ip_tos = tos; @@ -657,8 +675,9 @@ nat464_translate_64(pbuf_t *pbuf, int off, uint8_t tos, */ ip4->ip_id = ntohl(frag6.ip6f_ident) & 0xffff; ip4->ip_id = htons(ip4->ip_id); - if(frag6.ip6f_offlg & IP6F_MORE_FRAG) + if (frag6.ip6f_offlg & IP6F_MORE_FRAG) { ip_frag_off |= IP_MF; + } ip4->ip_off = htons(ip_frag_off); } else { ip4->ip_off |= htons(IP_DF); @@ -668,8 +687,9 @@ nat464_translate_64(pbuf_t *pbuf, int off, uint8_t tos, * Defer calculating ip_sum for ICMPv6 as we do it * later in Protocol translation */ - if (*proto != IPPROTO_ICMPV6) + if (*proto != IPPROTO_ICMPV6) { ip4->ip_sum = pbuf_inet_cksum(pbuf, 0, 0, ip4->ip_hl << 2); + } if (clat_debug) { char buf1[MAX_IPv4_STR_LEN], buf2[MAX_IPv4_STR_LEN]; @@ -679,7 +699,7 @@ nat464_translate_64(pbuf_t *pbuf, int off, uint8_t tos, inet_ntop(AF_INET, (void *)&ip4->ip_src, buf1, sizeof(buf1)), inet_ntop(AF_INET, (void *)&ip4->ip_dst, buf2, sizeof(buf2)))); } - return (NT_NAT64); + return NT_NAT64; } /* * @brief The routine translates the IPv4 header to IPv6 header. @@ -694,7 +714,7 @@ nat464_translate_64(pbuf_t *pbuf, int off, uint8_t tos, * @param tot_len Total payload length * * @return NT_NAT64 if IP header translation is successful, else error - */ + */ int nat464_translate_46(pbuf_t *pbuf, int off, uint8_t tos, uint8_t proto, uint8_t ttl, struct in6_addr src_v6, @@ -702,16 +722,18 @@ nat464_translate_46(pbuf_t *pbuf, int off, uint8_t tos, { struct ip6_hdr *ip6; - if (pbuf->pb_ifp == NULL) - return (NT_DROP); + if (pbuf->pb_ifp == NULL) { + return NT_DROP; + } /* * Trim the buffer from head of size equal to to off (which is equal to * the size of IP header and prepend IPv6 header length to the buffer - */ + */ ip6 = (struct ip6_hdr *)pbuf_resize_segment(pbuf, 0, off, sizeof(*ip6)); - if (ip6 == NULL) - return (NT_DROP); + if (ip6 == NULL) { + return NT_DROP; + } ip6->ip6_flow = htonl((6 << 28) | (tos << 20)); ip6->ip6_plen = htons(tot_len - off); ip6->ip6_nxt = proto; @@ -727,7 +749,7 @@ nat464_translate_46(pbuf_t *pbuf, int off, uint8_t tos, inet_ntop(AF_INET6, (void *)&ip6->ip6_src, buf1, sizeof(buf1)), inet_ntop(AF_INET6, (void *)&ip6->ip6_dst, buf2, sizeof(buf2)))); } - return (NT_NAT64); + return NT_NAT64; } /* Handle the next protocol checksum */ @@ -742,7 +764,7 @@ nat464_translate_46(pbuf_t *pbuf, int off, uint8_t tos, * @param naf New family * * @return void - */ + */ int nat464_translate_proto(pbuf_t *pbuf, struct nat464_addr *osrc, struct nat464_addr *odst, uint8_t oproto, protocol_family_t af, @@ -803,14 +825,15 @@ nat464_translate_proto(pbuf_t *pbuf, struct nat464_addr *osrc, * and adjust checksums */ if (*proto == IPPROTO_ICMP) { - if (naf != PF_INET6) - return (NT_DROP); + if (naf != PF_INET6) { + return NT_DROP; + } *proto = IPPROTO_ICMPV6; - } - else if (*proto == IPPROTO_ICMPV6) { - if (naf != PF_INET) - return (NT_DROP); + } else if (*proto == IPPROTO_ICMPV6) { + if (naf != PF_INET) { + return NT_DROP; + } *proto = IPPROTO_ICMP; /* Recalculate IP checksum as proto field has changed */ @@ -825,15 +848,17 @@ nat464_translate_proto(pbuf_t *pbuf, struct nat464_addr *osrc, struct udphdr *uh = (struct udphdr *)pbuf_contig_segment(pbuf, hlen, sizeof(*uh)); - if (uh == NULL) - return (NT_DROP); + if (uh == NULL) { + return NT_DROP; + } if (!(*pbuf->pb_csum_flags & (CSUM_UDP | CSUM_PARTIAL)) && uh->uh_sum == 0 && af == PF_INET && naf == PF_INET6) { uh->uh_sum = pbuf_inet6_cksum(pbuf, IPPROTO_UDP, hlen, ntohs(ip6h->ip6_plen)); - if (uh->uh_sum == 0) + if (uh->uh_sum == 0) { uh->uh_sum = 0xffff; + } goto done; } @@ -844,21 +869,22 @@ nat464_translate_proto(pbuf_t *pbuf, struct nat464_addr *osrc, struct tcphdr *th = (struct tcphdr *)pbuf_contig_segment(pbuf, hlen, sizeof(*th)); - if (th == NULL) - return (NT_DROP); + if (th == NULL) { + return NT_DROP; + } psum = &th->th_sum; break; } } - /* + /* * Translate the protocol header, update IP header if needed, * calculate checksums and update the checksum flags. */ switch (*proto) { case IPPROTO_UDP: - /* Fall through */ + /* Fall through */ case IPPROTO_TCP: { /* @@ -867,8 +893,9 @@ nat464_translate_proto(pbuf_t *pbuf, struct nat464_addr *osrc, * that has not yet been one's complemented. */ if (direction == NT_OUT && - (*pbuf->pb_csum_flags & CSUM_DELAY_DATA)) + (*pbuf->pb_csum_flags & CSUM_DELAY_DATA)) { do_ones_complement = TRUE; + } nat464_addr_cksum_fixup(psum, osrc, (struct nat464_addr *)nsrc, af, naf, (*proto == IPPROTO_UDP) ? 1 : 0, do_ones_complement); @@ -878,8 +905,9 @@ nat464_translate_proto(pbuf_t *pbuf, struct nat464_addr *osrc, break; } case IPPROTO_ICMP: { - if (naf != PF_INET6) /* allow only v6 as naf for ICMP */ - return (NT_DROP); + if (naf != PF_INET6) { /* allow only v6 as naf for ICMP */ + return NT_DROP; + } struct icmp *icmph = NULL; struct icmp6_hdr *icmp6h = NULL; @@ -887,12 +915,14 @@ nat464_translate_proto(pbuf_t *pbuf, struct nat464_addr *osrc, icmph = (struct icmp*) pbuf_contig_segment(pbuf, hlen, ICMP_MINLEN); - if (icmph == NULL) - return (NT_DROP); + if (icmph == NULL) { + return NT_DROP; + } /* Translate the ICMP header */ - if (nat464_translate_icmp(PF_INET6, icmph) != 0) - return (NT_DROP); + if (nat464_translate_icmp(PF_INET6, icmph) != 0) { + return NT_DROP; + } *proto = IPPROTO_ICMPV6; icmp6h = (struct icmp6_hdr *)(uintptr_t)icmph; @@ -904,9 +934,10 @@ nat464_translate_proto(pbuf_t *pbuf, struct nat464_addr *osrc, ip2off = hlen + sizeof(*icmp6h); struct ip *iph2; iph2 = (struct ip*) pbuf_contig_segment(pbuf, ip2off, - sizeof (*iph2)); - if (iph2 == NULL) - return (NT_DROP); + sizeof(*iph2)); + if (iph2 == NULL) { + return NT_DROP; + } hlen2 = ip2off + (iph2->ip_hl << 2); tot_len2 = ntohs(iph2->ip_len); @@ -916,15 +947,16 @@ nat464_translate_proto(pbuf_t *pbuf, struct nat464_addr *osrc, if (nat464_translate_icmp_ip(pbuf, ip2off, &tot_len, &hlen2, iph2->ip_p, iph2->ip_ttl, tot_len2, (struct nat464_addr *)ndst, (struct nat464_addr *)nsrc, - PF_INET, PF_INET6) != 0) - return (NT_DROP); + PF_INET, PF_INET6) != 0) { + return NT_DROP; + } /* Update total length/payload length for outer header */ switch (naf) { case PF_INET: - iph->ip_len = htons(tot_len); + iph->ip_len = htons(tot_len); break; case PF_INET6: - ip6h->ip6_plen = htons(tot_len - hlen); + ip6h->ip6_plen = htons(tot_len - hlen); break; } iph2 = NULL; @@ -941,10 +973,11 @@ nat464_translate_proto(pbuf_t *pbuf, struct nat464_addr *osrc, icmph = NULL; icmp6h = NULL; break; - } + } case IPPROTO_ICMPV6: - { if (naf != PF_INET) /* allow only v4 as naf for ICMPV6 */ - return (NT_DROP); + { if (naf != PF_INET) { /* allow only v4 as naf for ICMPV6 */ + return NT_DROP; + } struct icmp6_hdr *icmp6h = NULL; struct icmp *icmph = NULL; @@ -952,12 +985,14 @@ nat464_translate_proto(pbuf_t *pbuf, struct nat464_addr *osrc, icmp6h = (struct icmp6_hdr*) pbuf_contig_segment(pbuf, hlen, sizeof(*icmp6h)); - if (icmp6h == NULL) - return (NT_DROP); + if (icmp6h == NULL) { + return NT_DROP; + } /* Translate the ICMP header */ - if (nat464_translate_icmp(PF_INET, icmp6h) != 0) - return (NT_DROP); + if (nat464_translate_icmp(PF_INET, icmp6h) != 0) { + return NT_DROP; + } *proto = IPPROTO_ICMP; icmph = (struct icmp *)(uintptr_t)icmp6h; @@ -969,9 +1004,10 @@ nat464_translate_proto(pbuf_t *pbuf, struct nat464_addr *osrc, ip2off = hlen + ICMP_MINLEN; struct ip6_hdr *iph2; iph2 = (struct ip6_hdr*) pbuf_contig_segment(pbuf, ip2off, - sizeof (*iph2)); - if (iph2 == NULL) - return (NT_DROP); + sizeof(*iph2)); + if (iph2 == NULL) { + return NT_DROP; + } /* hlen2 points to end of inner IP header from the beginning */ hlen2 = ip2off + sizeof(struct ip6_hdr); @@ -980,16 +1016,17 @@ nat464_translate_proto(pbuf_t *pbuf, struct nat464_addr *osrc, if (nat464_translate_icmp_ip(pbuf, ip2off, &tot_len, &hlen2, iph2->ip6_nxt, iph2->ip6_hlim, tot_len2, (struct nat464_addr *)ndst, (struct nat464_addr *)nsrc, - PF_INET6, PF_INET) != 0) - return (NT_DROP); + PF_INET6, PF_INET) != 0) { + return NT_DROP; + } /* Update total length for outer header */ switch (naf) { case PF_INET: - iph->ip_len = htons(tot_len); + iph->ip_len = htons(tot_len); break; case PF_INET6: - ip6h->ip6_plen = htons(tot_len - hlen); + ip6h->ip6_plen = htons(tot_len - hlen); break; } iph2 = NULL; @@ -1007,8 +1044,7 @@ nat464_translate_proto(pbuf_t *pbuf, struct nat464_addr *osrc, icmp6h = NULL; icmph = NULL; - break; - } + break;} /* * https://tools.ietf.org/html/rfc7915#section-5.1.1 @@ -1020,7 +1056,7 @@ nat464_translate_proto(pbuf_t *pbuf, struct nat464_addr *osrc, case IPPROTO_ROUTING: case IPPROTO_DSTOPTS: case IPPROTO_AH: - return (NT_DROP); + return NT_DROP; case IPPROTO_FRAGMENT: /* @@ -1032,7 +1068,7 @@ nat464_translate_proto(pbuf_t *pbuf, struct nat464_addr *osrc, break; default: - return (NT_DROP); + return NT_DROP; } done: @@ -1044,12 +1080,15 @@ done: (pbuf->pb_mbuf)->m_pkthdr.csum_tx_stuff += CLAT46_HDR_EXPANSION_OVERHD; } - if(*pbuf->pb_csum_flags & CSUM_TCP) + if (*pbuf->pb_csum_flags & CSUM_TCP) { *pbuf->pb_csum_flags |= CSUM_TCPIPV6; - if(*pbuf->pb_csum_flags & CSUM_UDP) + } + if (*pbuf->pb_csum_flags & CSUM_UDP) { *pbuf->pb_csum_flags |= CSUM_UDPIPV6; - if (*pbuf->pb_csum_flags & CSUM_FRAGMENT) + } + if (*pbuf->pb_csum_flags & CSUM_FRAGMENT) { *pbuf->pb_csum_flags |= CSUM_FRAGMENT_IPV6; + } /* Clear IPv4 checksum flags */ *pbuf->pb_csum_flags &= ~(CSUM_IP | CSUM_IP_FRAGS | CSUM_DELAY_DATA | CSUM_FRAGMENT); @@ -1063,7 +1102,7 @@ done: } #endif } - return (NT_NAT64); + return NT_NAT64; } /* Fix the proto checksum for address change */ @@ -1072,7 +1111,7 @@ nat464_addr_cksum_fixup(uint16_t *pc, struct nat464_addr *ao, struct nat464_addr protocol_family_t af, protocol_family_t naf, uint8_t u, boolean_t do_ones_complement) { /* Currently we only support v4 to v6 and vice versa */ - VERIFY (af != naf); + VERIFY(af != naf); switch (af) { case PF_INET: @@ -1080,28 +1119,28 @@ nat464_addr_cksum_fixup(uint16_t *pc, struct nat464_addr *ao, struct nat464_addr case PF_INET6: if (do_ones_complement) { *pc = ~nat464_cksum_fixup(nat464_cksum_fixup( - nat464_cksum_fixup(nat464_cksum_fixup(nat464_cksum_fixup( - nat464_cksum_fixup(nat464_cksum_fixup(nat464_cksum_fixup(~*pc, - ao->nataddr16[0], an->nataddr16[0], u), - ao->nataddr16[1], an->nataddr16[1], u), - 0, an->nataddr16[2], u), - 0, an->nataddr16[3], u), - 0, an->nataddr16[4], u), - 0, an->nataddr16[5], u), - 0, an->nataddr16[6], u), - 0, an->nataddr16[7], u); + nat464_cksum_fixup(nat464_cksum_fixup(nat464_cksum_fixup( + nat464_cksum_fixup(nat464_cksum_fixup(nat464_cksum_fixup(~*pc, + ao->nataddr16[0], an->nataddr16[0], u), + ao->nataddr16[1], an->nataddr16[1], u), + 0, an->nataddr16[2], u), + 0, an->nataddr16[3], u), + 0, an->nataddr16[4], u), + 0, an->nataddr16[5], u), + 0, an->nataddr16[6], u), + 0, an->nataddr16[7], u); } else { *pc = nat464_cksum_fixup(nat464_cksum_fixup( - nat464_cksum_fixup(nat464_cksum_fixup(nat464_cksum_fixup( - nat464_cksum_fixup(nat464_cksum_fixup(nat464_cksum_fixup(*pc, - ao->nataddr16[0], an->nataddr16[0], u), - ao->nataddr16[1], an->nataddr16[1], u), - 0, an->nataddr16[2], u), - 0, an->nataddr16[3], u), - 0, an->nataddr16[4], u), - 0, an->nataddr16[5], u), - 0, an->nataddr16[6], u), - 0, an->nataddr16[7], u); + nat464_cksum_fixup(nat464_cksum_fixup(nat464_cksum_fixup( + nat464_cksum_fixup(nat464_cksum_fixup(nat464_cksum_fixup(*pc, + ao->nataddr16[0], an->nataddr16[0], u), + ao->nataddr16[1], an->nataddr16[1], u), + 0, an->nataddr16[2], u), + 0, an->nataddr16[3], u), + 0, an->nataddr16[4], u), + 0, an->nataddr16[5], u), + 0, an->nataddr16[6], u), + 0, an->nataddr16[7], u); } break; } @@ -1115,16 +1154,16 @@ nat464_addr_cksum_fixup(uint16_t *pc, struct nat464_addr *ao, struct nat464_addr switch (naf) { case PF_INET: *pc = nat464_cksum_fixup(nat464_cksum_fixup( - nat464_cksum_fixup(nat464_cksum_fixup(nat464_cksum_fixup( - nat464_cksum_fixup(nat464_cksum_fixup(nat464_cksum_fixup(*pc, - ao->nataddr16[0], an->nataddr16[0], u), - ao->nataddr16[1], an->nataddr16[1], u), - ao->nataddr16[2], 0, u), - ao->nataddr16[3], 0, u), - ao->nataddr16[4], 0, u), - ao->nataddr16[5], 0, u), - ao->nataddr16[6], 0, u), - ao->nataddr16[7], 0, u); + nat464_cksum_fixup(nat464_cksum_fixup(nat464_cksum_fixup( + nat464_cksum_fixup(nat464_cksum_fixup(nat464_cksum_fixup(*pc, + ao->nataddr16[0], an->nataddr16[0], u), + ao->nataddr16[1], an->nataddr16[1], u), + ao->nataddr16[2], 0, u), + ao->nataddr16[3], 0, u), + ao->nataddr16[4], 0, u), + ao->nataddr16[5], 0, u), + ao->nataddr16[6], 0, u), + ao->nataddr16[7], 0, u); break; } break; @@ -1136,14 +1175,16 @@ nat464_cksum_fixup(uint16_t cksum, uint16_t old, uint16_t new, uint8_t udp) { uint32_t l; - if (udp && !cksum) - return (0); + if (udp && !cksum) { + return 0; + } l = cksum + old - new; l = (l >> 16) + (l & 0xffff); l = l & 0xffff; - if (udp && !l) - return (0xffff); - return (l); + if (udp && !l) { + return 0xffff; + } + return l; } /* CLAT46 event handlers */ @@ -1151,62 +1192,61 @@ void in6_clat46_eventhdlr_callback(struct eventhandler_entry_arg arg0 __unused, in6_clat46_evhdlr_code_t in6_clat46_ev_code, pid_t epid, uuid_t euuid) { - struct kev_msg ev_msg; - struct kev_netevent_clat46_data clat46_event_data; + struct kev_msg ev_msg; + struct kev_netevent_clat46_data clat46_event_data; - bzero(&ev_msg, sizeof(ev_msg)); - bzero(&clat46_event_data, sizeof(clat46_event_data)); + bzero(&ev_msg, sizeof(ev_msg)); + bzero(&clat46_event_data, sizeof(clat46_event_data)); - ev_msg.vendor_code = KEV_VENDOR_APPLE; - ev_msg.kev_class = KEV_NETWORK_CLASS; - ev_msg.kev_subclass = KEV_NETEVENT_SUBCLASS; - ev_msg.event_code = KEV_NETEVENT_CLAT46_EVENT; + ev_msg.vendor_code = KEV_VENDOR_APPLE; + ev_msg.kev_class = KEV_NETWORK_CLASS; + ev_msg.kev_subclass = KEV_NETEVENT_SUBCLASS; + ev_msg.event_code = KEV_NETEVENT_CLAT46_EVENT; - bzero(&clat46_event_data, sizeof(clat46_event_data)); - clat46_event_data.clat46_event_code = in6_clat46_ev_code; - clat46_event_data.epid = epid; - uuid_copy(clat46_event_data.euuid, euuid); + bzero(&clat46_event_data, sizeof(clat46_event_data)); + clat46_event_data.clat46_event_code = in6_clat46_ev_code; + clat46_event_data.epid = epid; + uuid_copy(clat46_event_data.euuid, euuid); - ev_msg.dv[0].data_ptr = &clat46_event_data; - ev_msg.dv[0].data_length = sizeof(clat46_event_data); + ev_msg.dv[0].data_ptr = &clat46_event_data; + ev_msg.dv[0].data_length = sizeof(clat46_event_data); - kev_post_msg(&ev_msg); + kev_post_msg(&ev_msg); } static void in6_clat46_event_callback(void *arg) { - struct kev_netevent_clat46_data *p_in6_clat46_ev = - (struct kev_netevent_clat46_data *)arg; + struct kev_netevent_clat46_data *p_in6_clat46_ev = + (struct kev_netevent_clat46_data *)arg; - EVENTHANDLER_INVOKE(&in6_clat46_evhdlr_ctxt, in6_clat46_event, - p_in6_clat46_ev->clat46_event_code, p_in6_clat46_ev->epid, - p_in6_clat46_ev->euuid); + EVENTHANDLER_INVOKE(&in6_clat46_evhdlr_ctxt, in6_clat46_event, + p_in6_clat46_ev->clat46_event_code, p_in6_clat46_ev->epid, + p_in6_clat46_ev->euuid); } -struct in6_clat46_event_nwk_wq_entry -{ - struct nwk_wq_entry nwk_wqe; - struct kev_netevent_clat46_data in6_clat46_ev_arg; +struct in6_clat46_event_nwk_wq_entry { + struct nwk_wq_entry nwk_wqe; + struct kev_netevent_clat46_data in6_clat46_ev_arg; }; void in6_clat46_event_enqueue_nwk_wq_entry(in6_clat46_evhdlr_code_t in6_clat46_event_code, pid_t epid, uuid_t euuid) { - struct in6_clat46_event_nwk_wq_entry *p_ev = NULL; + struct in6_clat46_event_nwk_wq_entry *p_ev = NULL; - MALLOC(p_ev, struct in6_clat46_event_nwk_wq_entry *, - sizeof(struct in6_clat46_event_nwk_wq_entry), - M_NWKWQ, M_WAITOK | M_ZERO); + MALLOC(p_ev, struct in6_clat46_event_nwk_wq_entry *, + sizeof(struct in6_clat46_event_nwk_wq_entry), + M_NWKWQ, M_WAITOK | M_ZERO); - p_ev->nwk_wqe.func = in6_clat46_event_callback; - p_ev->nwk_wqe.is_arg_managed = TRUE; - p_ev->nwk_wqe.arg = &p_ev->in6_clat46_ev_arg; + p_ev->nwk_wqe.func = in6_clat46_event_callback; + p_ev->nwk_wqe.is_arg_managed = TRUE; + p_ev->nwk_wqe.arg = &p_ev->in6_clat46_ev_arg; - p_ev->in6_clat46_ev_arg.clat46_event_code = in6_clat46_event_code; - p_ev->in6_clat46_ev_arg.epid = epid; - uuid_copy(p_ev->in6_clat46_ev_arg.euuid, euuid); + p_ev->in6_clat46_ev_arg.clat46_event_code = in6_clat46_event_code; + p_ev->in6_clat46_ev_arg.epid = epid; + uuid_copy(p_ev->in6_clat46_ev_arg.euuid, euuid); - nwk_wq_enqueue((struct nwk_wq_entry*)p_ev); + nwk_wq_enqueue((struct nwk_wq_entry*)p_ev); }