add ipv6 nat support

trunk/configs/boards/MI-R3P-PB/kernel-4.4.x.config

@@ -948,7 +948,6 @@ CONFIG_MAC80211_STA_HASH_MAX_SIZE=0
 # CONFIG_NFC is not set
 # CONFIG_LWTUNNEL is not set
 CONFIG_HW_NAT=y
-# CONFIG_RA_NAT_NONE is not set
 CONFIG_RA_NAT_NONE=y
 # CONFIG_RA_NAT_HW is not set
 # CONFIG_SHORTCUT_FE is not set

trunk/user/rc/firewall_ex.c

@@ -678,13 +678,13 @@ include_masquerade(FILE *fp, char *wan_if, char *wan_ip, char *lan_net, int is_f
  char *dtype = "POSTROUTING";
 
  if (is_fullcone) {
- fprintf(fp, "-A %s -o %s -s %s -j MASQUERADE --mode fullcone\n", dtype, wan_if, lan_net);
- } else {
- if (wan_ip)
- fprintf(fp, "-A %s -o %s -s %s -j SNAT --to-source %s\n", dtype, wan_if, lan_net, wan_ip);
- else
- fprintf(fp, "-A %s -o %s -s %s -j MASQUERADE\n", dtype, wan_if, lan_net);
- }
+  fprintf(fp, "-A %s -o %s -s %s -j MASQUERADE --mode fullcone\n", dtype, wan_if, lan_net);
+  } else {
+  if (wan_ip)
+  fprintf(fp, "-A %s -o %s -s %s -j SNAT --to-source %s\n", dtype, wan_if, lan_net, wan_ip);
+  else
+  fprintf(fp, "-A %s -o %s -s %s -j MASQUERADE\n", dtype, wan_if, lan_net);
+  }
 }
 
 static int
@@ -1567,6 +1567,7 @@ ip6t_filter_rules(char *man_if, char *wan_if, char *lan_if,
  /* Clamp TCP MSS to PMTU of WAN interface before accepting RELATED packets */
  if ((ipv6_type != IPV6_NATIVE_STATIC && ipv6_type != IPV6_NATIVE_DHCP6) || tcp_mss_need)
  fprintf(fp, "-A %s%s -o %s -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu\n", dtype, " !", lan_if);
+
 
  /* Pass related connections, skip rest of checks */
  fprintf(fp, "-A %s -m %s %s -j %s\n", dtype, CT_STATE, "ESTABLISHED,RELATED", "ACCEPT");
@@ -1713,6 +1714,29 @@ ip6t_mangle_rules(char *man_if)
  doSystem("ip6tables-restore %s", ipt_file);
 }
 
+static void
+ip6t_nat_rules(char *man_if)
+{
+ FILE *fp;
+ const char *ipt_file = "/tmp/ip6t_nat.rules";
+
+ if (!(fp=fopen(ipt_file, "w")))
+ return;
+
+ fprintf(fp, "*%s\n", "nat");
+ fprintf(fp, ":%s %s [0:0]\n", "PREROUTING", "ACCEPT");
+ fprintf(fp, ":%s %s [0:0]\n", "INPUT", "ACCEPT");
+ fprintf(fp, ":%s %s [0:0]\n", "OUTPUT", "ACCEPT");
+ fprintf(fp, ":%s %s [0:0]\n", "POSTROUTING", "ACCEPT");
+ fprintf(fp, "-A POSTROUTING -s fc00:101:101::1/64 -j MASQUERADE\n");}
+ fprintf(fp, "COMMIT\n\n");
+ fclose(fp);
+
+ if (is_module_loaded("ip6table_nat"))
+ doSystem("ip6tables-restore %s", ipt_file);
+}
+
+
 #endif
 
 static int
@@ -2216,5 +2240,6 @@ start_firewall_ex(void)
  module_smart_unload("iptable_raw", 0);
  module_smart_unload("iptable_mangle", 0);
  module_smart_unload("ip6table_mangle", 0);
+ module_smart_unload("ip6table_nat", 0);
 }
 

trunk/user/rc/net.c

@@ -583,6 +583,7 @@ reload_nat_modules(void)
  int hwnat_allow = is_hwnat_allow();
  int hwnat_loaded = is_hwnat_loaded();
  int hw_nat_mode = nvram_get_int("hw_nat_mode");
+ int ipv6_nat = nvram_get_int("ip6_lan_auto");
 #endif
 
  if (!get_ap_mode())
@@ -673,6 +674,10 @@ reload_nat_modules(void)
  else
  {doSystem("iwpriv %s set hw_nat_register=%d", IFNAME_2G_MAIN, 0);
  doSystem("iwpriv %s set hw_nat_register=%d", IFNAME_5G_MAIN, 0);}
+ if(ipv6_nat==1)
+ {doSystem("echo 7 1 > /sys/kernel/debug/hnat/hnat_setting");}
+ else
+ {doSystem("echo 7 0 > /sys/kernel/debug/hnat/hnat_setting");}
 #endif
  }
  }

trunk/user/rc/net6.c

@@ -175,6 +175,7 @@ void full_restart_ipv6(int ipv6_type_old)
  full_restart_wan();
  if (!is_dns_dhcpd_run())
  start_dns_dhcpd(0);
+ reload_nat_modules();
  }
 #if defined (APP_NFSD)
  run_nfsd();

trunk/user/shared/defaults.c

@@ -442,7 +442,7 @@ struct nvram_pair router_defaults[] = {
  { "ip6_dns3", "" },
 
  { "ip6_lan_auto", "0" },
- { "ip6_lan_addr", "" },
+ { "ip6_lan_addr", "fc00:101:101::1" },
  { "ip6_lan_size", "64" },
  { "ip6_lan_radv", "1" },
  { "ip6_lan_dhcp", "1" },