From d22ebf66ca6b83f9c1a741476393cdbf822abf6c Mon Sep 17 00:00:00 2001
From: Stefan Schmidt <stefan.schmidt@huawei.com>
Date: Fri, 4 Jun 2021 17:16:29 +0200
Subject: [PATCH] tayga: Add initial recipe for NAT64 userspace daemon

In a IPv4-only home network (also for a IPV4-only ISP link) we need a
NAT64 to have Thread and Matter devices, which are IPv6, connected.

Fixes: https://git.ostc-eu.org/OSTC/planning/core-os/-/issues/175

Signed-off-by: Stefan Schmidt <stefan.schmidt@huawei.com>
---
 .../tayga/files/tayga.conf                    | 97 +++++++++++++++++++
 .../tayga/files/tayga.service                 | 14 +++
 .../recipes-connectivity/tayga/tayga_0.9.2.bb | 28 ++++++
 3 files changed, 139 insertions(+)
 create mode 100644 meta-ohos-staging/recipes-connectivity/tayga/files/tayga.conf
 create mode 100644 meta-ohos-staging/recipes-connectivity/tayga/files/tayga.service
 create mode 100644 meta-ohos-staging/recipes-connectivity/tayga/tayga_0.9.2.bb

diff --git a/meta-ohos-staging/recipes-connectivity/tayga/files/tayga.conf b/meta-ohos-staging/recipes-connectivity/tayga/files/tayga.conf
new file mode 100644
index 00000000..7dae4af4
--- /dev/null
+++ b/meta-ohos-staging/recipes-connectivity/tayga/files/tayga.conf
@@ -0,0 +1,97 @@
+#
+# Configuration file for TAYGA 0.9.2
+#
+
+#
+# TUN device that TAYGA will use to exchange IPv4 and IPv6 packets with the
+# kernel.  You may use any name you like, but `nat64' is recommended.
+#
+# This device may be created before starting the tayga daemon by running
+# `tayga --mktun`.  This allows routing and firewall rules to be set up prior
+# to commencement of packet translation.
+#
+# Mandatory.
+#
+tun-device nat64
+
+#
+# TAYGA's IPv4 address.  This is NOT your router's IPv4 address!  TAYGA
+# requires its own address because it acts as an IPv4 and IPv6 router, and
+# needs to be able to send ICMP messages.  TAYGA will also respond to ICMP
+# echo requests (ping) at this address.
+#
+# This address can safely be located inside the dynamic-pool prefix.
+#
+# Mandatory.
+#
+ipv4-addr 172.16.10.1
+
+#
+# TAYGA's IPv6 address.  This is NOT your router's IPv6 address!  TAYGA
+# requires its own address because it acts as an IPv4 and IPv6 router, and
+# needs to be able to send ICMP messages.  TAYGA will also respond to ICMP
+# echo requests (ping6) at this address.
+#
+# You can leave ipv6-addr unspecified and TAYGA will construct its IPv6
+# address using ipv4-addr and the NAT64 prefix.
+#
+# Optional if the NAT64 prefix is specified, otherwise mandatory.  It is also
+# mandatory if the NAT64 prefix is 64:ff9b::/96 and ipv4-addr is a private
+# (RFC1918) address.
+#
+ipv6-addr 2001:db8:1::1
+
+#
+# The NAT64 prefix.  The IPv4 address space is mapped into the IPv6 address
+# space by prepending this prefix to the IPv4 address.  Using a /96 prefix is
+# recommended in most situations, but all lengths specified in RFC 6052 are
+# supported.
+#
+# This must be a prefix selected from your organization's IPv6 address space
+# or the Well-Known Prefix 64:ff9b::/96.  Note that using the Well-Known
+# Prefix will prohibit IPv6 hosts from contacting IPv4 hosts that have private
+# (RFC1918) addresses, per RFC 6052.
+#
+# The NAT64 prefix need not be specified if all required address mappings are
+# listed in `map' directives.  (See below.)
+#
+# Optional.
+#
+# prefix 2001:db8:1:ffff::/96
+prefix 64:ff9b::/96
+
+#
+# Dynamic pool prefix.  IPv6 hosts which send traffic through TAYGA (and do
+# not correspond to a static map or an IPv4-translatable address in the NAT64
+# prefix) will be assigned an IPv4 address from the dynamic pool.  Dynamic
+# maps are valid for 124 minutes after the last matching packet is seen.
+#
+# If no unassigned addresses remain in the dynamic pool (or no dynamic pool is
+# configured), packets from unknown IPv6 hosts will be rejected with an ICMP
+# unreachable error.
+#
+# Optional.
+#
+dynamic-pool 172.16.10.0/24
+
+#
+# Persistent data storage directory.  The dynamic.map file, which saves the
+# dynamic maps that are created from dynamic-pool, is stored in this
+# directory.  Omit if you do not need these maps to be persistent between
+# instances of TAYGA.
+#
+# Optional.
+#
+data-dir /var/spool/tayga
+
+#
+# Establishes a single-host map.  If an IPv6 host should be consistently
+# reachable at a specific IPv4 address, the mapping can be specified in a
+# `map' directive.  (IPv6 hosts numbered with an IPv4-translatable address do
+# not need map directives.)
+#
+# IPv4 addresses specified in the `map' directive can safely be located inside
+# the dynamic-pool prefix.
+#
+# Optional.
+#
diff --git a/meta-ohos-staging/recipes-connectivity/tayga/files/tayga.service b/meta-ohos-staging/recipes-connectivity/tayga/files/tayga.service
new file mode 100644
index 00000000..5240e461
--- /dev/null
+++ b/meta-ohos-staging/recipes-connectivity/tayga/files/tayga.service
@@ -0,0 +1,14 @@
+# SPDX-FileCopyrightText: Huawei Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+[Unit]
+Description=Tayga NAT64
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/sbin/tayga --nodetach --config /etc/tayga.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-ohos-staging/recipes-connectivity/tayga/tayga_0.9.2.bb b/meta-ohos-staging/recipes-connectivity/tayga/tayga_0.9.2.bb
new file mode 100644
index 00000000..04b50604
--- /dev/null
+++ b/meta-ohos-staging/recipes-connectivity/tayga/tayga_0.9.2.bb
@@ -0,0 +1,28 @@
+# SPDX-FileCopyrightText: Huawei Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+SUMMARY = "TAYGA Simple, no-fuss NAT64 for Linux"
+DESCRIPTION = "TAYGA is an out-of-kernel stateless NAT64 implementation for \
+    Linux that uses the TUN driver to exchange IPv4 and IPv6 packets with the \
+    kernel. It is intended to provide production-quality NAT64 service for \
+    networks where dedicated NAT64 hardware would be overkill."
+SECTION = "net"
+LICENSE="GPLv2"
+LIC_FILES_CHKSUM="file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
+
+SRC_URI= "http://www.litech.org/tayga/tayga-0.9.2.tar.bz2 \
+          file://tayga.conf \
+          file://tayga.service"
+
+SRC_URI[sha256sum] = "2b1f7927a9d2dcff9095aff3c271924b052ccfd2faca9588b277431a44f0009c"
+
+inherit autotools systemd
+
+SYSTEMD_SERVICE_${PN} = "tayga.service"
+
+do_install_append() {
+    install -d ${D}${systemd_unitdir}/system/
+    install -m 0644 ${WORKDIR}/tayga.service ${D}${systemd_unitdir}/system/
+    install -m 0644 ${WORKDIR}/tayga.conf ${D}${sysconfdir}
+}
-- 
GitLab