netgraph/ng_nat: Add RFC 6598/Carrier Grade NAT support

This extends upon the RFC 6598 support to libalias/ipfw in r357092.

Reviewed By: manpages (bcr), donner, adrian, kp
Differential Revision: https://reviews.freebsd.org/D23461

(cherry picked from commit 5fe433a6e4d8cab6b64284698301afc0c55a9db2)

Git Hash: e600af01eeba79f7cc407a778f1d7b4f004900c1
Git Author: nc@FreeBSD.org

MFC r357053 by markj: ng_nat: Pass IPv6 packets through.

ng_nat implements NAT for IPv4 traffic only. When connected to an
ng_ether node it erroneously handled IPv6 packets as well.

This change is not sufficient: ng_nat does not do any validation of IP
packets in this mode, even though they have not yet passed through
ip_input().

PR: 243096
Reported by: Robert James Hernandez <rob@sarcasticadmin.com>
Reviewed by: julian
Differential Revision: https://reviews.freebsd.org/D23080

MFC r342168,357786: Allow ng_nat to be attached to a ethernet interface

Allow ng_nat to be attached to a ethernet interface directly via ng_ether(4)
or the likes. Add new control message types: setdlt and getdlt to switch
from default DLT_RAW (no encapsulation) to DLT_EN10MB (ethernet).

Submitted by: sobomax
Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D18535
Relnotes: yes

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Cleanup unnecessary semicolons from the kernel.

Found with devel/coccinelle.

Add NGM_NAT_LIBALIAS_INFO command, that reports internal stats
of libalias instance. To be used in the mpd5 daemon.

Submitted by: Dmitry Luhtionov <dmitryluhtionov gmail.com>

After r241245 it appeared that in_delayed_cksum(), which still expects
host byte order, was sometimes called with net byte order. Since we are
moving towards net byte order throughout the stack, the function was
converted to expect net byte order, and its consumers fixed appropriately:
- ip_output(), ipfilter(4) not changed, since already call
in_delayed_cksum() with header in net byte order.
- divert(4), ng_nat(4), ipfw_nat(4) now don't need to swap byte order
there and back.
- mrouting code and IPv6 ipsec now need to switch byte order there and
back, but I hope, this is temporary solution.
- In ipsec(4) shifted switch to net byte order prior to in_delayed_cksum().
- pf_route() catches up on r241245 changes to ip_output().

Sync ng_nat with recent (r222806) ipfw_nat changes:

Make a behaviour of the libalias based in-kernel NAT a bit closer to
how natd(8) does work. natd(8) drops packets only when libalias returns
PKT_ALIAS_IGNORED and "deny_incoming" option is set, but ipfw_nat
always did drop packets that were not aliased, even if they should
not be aliased and just are going through.

Also add SCTP support: mark response packets to skip firewall processing.

MFC after: 1 month

LibAliasInit() should allocate memory with M_WAITOK flag. Modify it
and its callers.

Node constructor methods are supposed to be called in syscall
context always. Convert nodes to consistently use M_WAITOK flag
for memory allocation.

Reviewed by: julian

Retire the MALLOC and FREE macros. They are an abomination unto style(9).

MFC after: 3 months

Pass really available buffer size to libalias instead of MCLBYTES constant.
MCLBYTES constant were used with believe that m_megapullup() always moves
date into a fresh cluster that may become not so.

Add support for the libalias redirect functionality.

Submitted by: Vadim Goncharov <vadim_nuclight@mail.ru>

Add support for setmode and settarget messages.

Approved by: glebius (mentor)

Allow node to bypass traffic while no alias address defined.

Approved by: glebius (mentor)

Return value PKT_ALIAS_FOUND_HEADER_FRAGMENT isn't an error case. The
packet shouldn't be dropped.

Submitted by: Alexander Motin <mav alkar.net>

Correctly calculate length of IP header.

Submitted by: Eugene Hartmann <eugene tpsb.com.ru>

Remove m_megapullup from ng_nat and put it under libalias.

Approved by: gleb

Fix result of some mechanical change that I did some time ago, when
writing this node.

- After LibAlias processing check for TCP packet with th_x2 field
set. If found, then recalculate its checksum.
- Remove debugging printfs.
- Slightly rearrange code in ng_nat_rcvdata().

Approved by: re (scottl)

Move assertion below initializer.

Submitted by: Noritoshi Demizu
Pointy hat to: glebius

- Assert that mbuf length equals packet length.
- Tell libalias, that we have MCLBYTES to play with.
- Obtain length of data in mbuf from updated IP header.

ng_nat - a netgraph(4) node, which does NAT