Split out ipv4_nat_in/outbound_internal which returns entry instead of error code, for later ICMP error types, does not change any current logic.
Reason: Outer packet doesn't have information of port, so we need to find entry by inner packet, and apply the entry to outer packet.
| Outer Packet: SRC = Peer IP<No Port>, DST = External IP<No Port> |
| Inner Packet: SRC = External IP:Port, DST = Peer IP:Port |
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
This commit is for later ICMP error types processing, and does not change any current logic.
Reason for supporting both side of modification is that an inbound ICMP Error MSG may carry original packet like this:
| IP HDR: SRC = Peer IP, DST = External IP |
| ICMP HDR: ERROR MSG |
| <Origin> IP HDR: SRC = External IP, DST = Peer IP |
| <Origin> L4 HDR: SRC = External Port, DST = Peer Port |
So we need to support inbound translation (External -> Local) on SRC or DST of each header.
And so do the outbound direction.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Support ICMP ECHO REQUEST & REPLY. Id of ICMP is processed like port of TCP in NAT. However, our ICMP stack doesn't have a method to manage id allocation like tcp_selectport(), the id is set by apps (like icmp_ping.c) without conflict avoidance, so not adding such conflict avoidance logic to ICMP stack when implementing NAT.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Add basic functions for NAT (NAPT), remaining some logic unimplemented (UDP, ICMP, port assignment, etc). NAT for TCP can work now (unless port conflicts).
Outbound: LAN -> Forward -> NAT(only if targeting at WAN) -> WAN
Inbound: WAN -> NAT(only from WAN, change dest) -> Forward -> LAN
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Zhe Weng