Use the newly-added logging helpers from logging.h and add a -v option to
increase the effective log level.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Add rewriting of ICMP headers to nat64. This is specified in RFC6145, and
the implementation here follows that. The support is only partial, in
particular, in that the payload of ICMP error messages is not rewritten,
even though the RFC specifies that they should be.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
IPv6 doesn't support fragmentation, so make sure IPv4 packets are not
fragmented in-flight either.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
We insert a v4-via-v6 route on the interface to direct packets to the v4
subnet to the right interface, where it will be rewritten by the BPF
program. We also create a fake neighbour entry so the kernel won't do
neighbour resolution when sending the pre-rewrite packet. The egress BPF
program will use bpf_redirect_neigh() to do proper neighbour resolution for
the actual destination after rewriting the packet.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Turns out the atomics just needed to operate on a 64-bit variable, we
didn't actually need a newer compiler.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Endianness fixes for IP header length, need to also rewrite Ethernet
protocol. Also use direct packet access instead of skb_store_bytes().
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
This adds an initial version of a NAT64 translator in BPF. It compiles and
loads, but doesn't actually appear to work yet.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
