Since the IPv6 madness is not enough introduce NAT64 -- which is actually

"af-to" a generic IP version translator for pf(4).
Not everything perfect yet but lets fix these things in the tree.
Insane amount of work done by sperreault@, mikeb@ and reyk@.
Looked over by mcbride@ henning@ and myself at eurobsdcon.
OK mcbride@ and general put it in from deraadt@

3 files changed, 224 insertions, 3 deletions

diff --git a/sys/netinet/in.c b/sys/netinet/in.c
index 9167486dd95..a611aae8f0c 100644
--- a/sys/netinet/in.c
+++ b/sys/netinet/in.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: in.c,v 1.68 2011/07/06 01:57:37 dlg Exp $	*/
+/*	$OpenBSD: in.c,v 1.69 2011/10/13 18:23:40 claudio Exp $	*/
 /*	$NetBSD: in.c,v 1.26 1996/02/13 23:41:39 christos Exp $	*/
 
 /*
@@ -87,7 +87,6 @@
 
 #ifdef INET
 
-int in_mask2len(struct in_addr *);
 void in_len2mask(struct in_addr *, int);
 int in_lifaddr_ioctl(struct socket *, u_long, caddr_t,
 	struct ifnet *);
diff --git a/sys/netinet/in_var.h b/sys/netinet/in_var.h
index ec3530d1d6a..e87aee999f2 100644
--- a/sys/netinet/in_var.h
+++ b/sys/netinet/in_var.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: in_var.h,v 1.16 2010/11/17 19:25:49 henning Exp $	*/
+/*	$OpenBSD: in_var.h,v 1.17 2011/10/13 18:23:40 claudio Exp $	*/
 /*	$NetBSD: in_var.h,v 1.16 1996/02/13 23:42:15 christos Exp $	*/
 
 /*
@@ -212,6 +212,10 @@ struct	in_multi *in_addmulti(struct in_addr *, struct ifnet *);
 void	in_delmulti(struct in_multi *);
 void	in_ifscrub(struct ifnet *, struct in_ifaddr *);
 int	in_control(struct socket *, u_long, caddr_t, struct ifnet *);
+
+int	inet_nat64(int, const void *, void *, const void *, u_int8_t);
+int	inet_nat46(int, const void *, void *, const void *, u_int8_t);
+int	in_mask2len(struct in_addr *);
 #endif
 
 
diff --git a/sys/netinet/inet_nat64.c b/sys/netinet/inet_nat64.c
new file mode 100644
index 00000000000..c184525977d
--- /dev/null
+++ b/sys/netinet/inet_nat64.c
@@ -0,0 +1,218 @@
+/*	$OpenBSD: inet_nat64.c,v 1.1 2011/10/13 18:23:40 claudio Exp $	*/
+/*	$vantronix: inet_nat64.c,v 1.2 2011/02/28 14:57:58 mike Exp $	*/
+
+/*
+ * Copyright (c) 2011 Reyk Floeter <reyk@vantronix.net>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/param.h>
+#include <sys/socket.h>
+#ifdef _KERNEL
+#include <sys/mbuf.h>
+#include <netinet/in.h>
+#else
+#include <netinet/in.h>
+#include <errno.h>
+#endif
+
+union inet_nat64_addr {
+	u_int32_t	 u32[4];
+	u_int8_t	 u8[16];
+};
+
+u_int32_t inet_nat64_mask(u_int32_t, u_int32_t, u_int8_t);
+
+int	  inet_nat64(int, const void *, void *, const void *, u_int8_t);
+int	  inet_nat64_inet(const void *, void *, const void *, u_int8_t);
+int	  inet_nat64_inet6(const void *, void *, const void *, u_int8_t);
+
+int	  inet_nat46(int, const void *, void *, const void *, u_int8_t);
+int	  inet_nat46_inet(const void *, void *, const void *, u_int8_t);
+int	  inet_nat46_inet6(const void *, void *, const void *, u_int8_t);
+
+u_int32_t
+inet_nat64_mask(u_int32_t src, u_int32_t pfx, u_int8_t pfxlen)
+{
+	u_int32_t	u32;
+	if (pfxlen == 0)
+		return (src);
+	else if (pfxlen > 32)
+		pfxlen = 32;
+	u32 =
+	    (src & ~htonl(0xffffffff << (32 - pfxlen))) |
+	    (pfx & htonl(0xffffffff << (32 - pfxlen)));
+	return (u32);
+
+}
+
+int
+inet_nat64(int af, const void *src, void *dst,
+    const void *pfx, u_int8_t pfxlen)
+{
+	switch (af) {
+	case AF_INET:
+		return (inet_nat64_inet(src, dst, pfx, pfxlen));
+	case AF_INET6:
+		return (inet_nat64_inet6(src, dst, pfx, pfxlen));
+	default:
+#ifndef _KERNEL
+		errno = EAFNOSUPPORT;
+#endif
+		return (-1);
+	}
+	/* NOTREACHED */
+}
+
+int
+inet_nat64_inet(const void *src, void *dst, const void *pfx, u_int8_t pfxlen)
+{
+	const union inet_nat64_addr	*s = src;
+	const union inet_nat64_addr	*p = pfx;
+	union inet_nat64_addr		*d = dst;
+	int				 i, j;
+
+	switch (pfxlen) {
+	case 32:
+	case 40:
+	case 48:
+	case 56:
+	case 64:
+	case 96:
+		i = pfxlen / 8;
+		break;
+	default:
+		if (pfxlen < 96 || pfxlen > 128) {
+#ifndef _KERNEL
+			errno = EINVAL;
+#endif
+			return (-1);
+		}
+
+		/* as an extension, mask out any other bits */
+		d->u32[0] = inet_nat64_mask(s->u32[3], p->u32[3],
+		    (u_int8_t)(32 - (128 - pfxlen)));
+		return (0);
+	}
+
+	/* fill the octets with the source and skip reserved octet 8 */
+	for (j = 0; j < 4; j++) {
+		if (i == 8)
+			i++;
+		d->u8[j] = s->u8[i++];
+	}
+
+	return (0);
+}
+
+int
+inet_nat64_inet6(const void *src, void *dst, const void *pfx, u_int8_t pfxlen)
+{
+	const union inet_nat64_addr	*s = src;
+	const union inet_nat64_addr	*p = pfx;
+	union inet_nat64_addr		*d = dst;
+	int				 i, j;
+
+	/* first copy the prefix octets to the destination */
+	*d = *p;
+
+	switch (pfxlen) {
+	case 32:
+	case 40:
+	case 48:
+	case 56:
+	case 64:
+	case 96:
+		i = pfxlen / 8;
+		break;
+	default:
+		if (pfxlen < 96 || pfxlen > 128) {
+#ifndef _KERNEL
+			errno = EINVAL;
+#endif
+			return (-1);
+		}
+
+		/* as an extension, mask out any other bits */
+		d->u32[3] = inet_nat64_mask(s->u32[0], p->u32[3],
+		    (u_int8_t)(32 - (128 - pfxlen)));
+		return (0);
+	}
+
+	/* octet 8 is reserved and must be set to zero */
+	d->u8[8] = 0;
+
+	/* fill the other octets with the source and skip octet 8 */
+	for (j = 0; j < 4; j++) {
+		if (i == 8)
+			i++;
+		d->u8[i++] = s->u8[j];
+	}
+
+	return (0);
+}
+
+int
+inet_nat46(int af, const void *src, void *dst,
+    const void *pfx, u_int8_t pfxlen)
+{
+	if (pfxlen > 32) {
+#ifndef _KERNEL
+		errno = EINVAL;
+#endif
+		return (-1);
+	}
+
+	switch (af) {
+	case AF_INET:
+		return (inet_nat46_inet(src, dst, pfx, pfxlen));
+	case AF_INET6:
+		return (inet_nat46_inet6(src, dst, pfx, pfxlen));
+	default:
+#ifndef _KERNEL
+		errno = EAFNOSUPPORT;
+#endif
+		return (-1);
+	}
+	/* NOTREACHED */
+}
+
+int
+inet_nat46_inet(const void *src, void *dst, const void *pfx, u_int8_t pfxlen)
+{
+	const union inet_nat64_addr	*s = src;
+	const union inet_nat64_addr	*p = pfx;
+	union inet_nat64_addr		*d = dst;
+
+	/* set the remaining bits to the source */
+	d->u32[0] = inet_nat64_mask(s->u32[3], p->u32[0], pfxlen);
+
+	return (0);
+}
+
+int
+inet_nat46_inet6(const void *src, void *dst, const void *pfx, u_int8_t pfxlen)
+{
+	const union inet_nat64_addr	*s = src;
+	const union inet_nat64_addr	*p = pfx;
+	union inet_nat64_addr		*d = dst;
+
+	/* set the initial octets to zero */
+	d->u32[0] = d->u32[1] = d->u32[2] = 0;
+
+	/* now set the remaining bits to the source */
+	d->u32[3] = inet_nat64_mask(s->u32[0], p->u32[0], pfxlen);
+
+	return (0);
+}