Commit Graph

17 Commits

Author SHA1 Message Date
chao an e3a6c16944 net/ip: fix compile break if disable NET_TCP
1.
ipfrag/ipv4_frag.c: In function ‘ipv4_fragin’:
ipfrag/ipv4_frag.c:184:22: warning: ‘head’ may be used uninitialized in this function [-Wmaybe-uninitialized]
  184 |   ipv4->len[1] = head->io_pktlen & 0xff;
      |                  ~~~~^~~~~~~~~~~
ipfrag/ipv4_frag.c:123:21: note: ‘head’ was declared here
  123 |   FAR struct iob_s *head;
      |                     ^~~~

2.
devif/ipv6_input.c: In function ‘ipv6_in’:
devif/ipv6_input.c:60:33: error: ‘TCPIPv6BUF’ undeclared (first use in this function); did you mean ‘UDPIPv6BUF’?
   60 | #define PAYLOAD ((FAR uint8_t *)TCPIPv6BUF)
      |                                 ^~~~~~~~~~

3.
nat/ipv4_nat.c: In function ‘ipv4_nat_inbound_icmp’:
nat/ipv4_nat.c:67:30: error: ‘TCP_HDRLEN’ undeclared (first use in this function); did you mean ‘UDP_HDRLEN’?
   67 |   ((proto) == IP_PROTO_TCP ? TCP_HDRLEN : \
      |                              ^~~~~~~~~~
nat/ipv4_nat.c:323:47: note: in expansion of macro ‘L4_HDRLEN’
  323 |             inner_l4hdrlen = MIN(inner_l4len, L4_HDRLEN(inner->proto));
      |                                               ^~~~~~~~~

Signed-off-by: chao an <anchao@xiaomi.com>
2023-02-07 12:46:40 +02:00
Zhe Weng cb958e5d69 net/nat: Clear entries when NAT will be disabled
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-12-24 12:05:20 +08:00
Zhe Weng 902a6dcad2 net/nat: Support isolation between multiple WAN devices by saving external ip
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-12-24 12:05:20 +08:00
Zhe Weng 0ceee72239 net/nat: modify chksum_adjust and MANIP_IPADDR macro for better readability
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-12-24 12:05:20 +08:00
Zhe Weng 7bd2195fde net/nat: Fix misused d_draddr in select_port
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-12-23 19:40:19 +08:00
Zhe Weng a9da1fff28 net/nat: Add auto reclaim logic for NAT entries.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-12-22 20:20:12 +08:00
Zhe Weng 879c337e30 net/nat: Use hashtable to optimize performance
Performance tested on simulator:

Before optimization:      -25% bandwidth @2k entries, -64% @10k entries
hashtable size=  2(1bit): -24% bandwidth @2k entries, -65% @10k entries
hashtable size=  4(2bits):-15% bandwidth @2k entries, -51% @10k entries
hashtable size= 32(5bits): -3% bandwidth @2k entries, -14% @10k entries
hashtable size=256(8bits): -1% bandwidth @2k entries,  -3% @10k entries

Note: Tested on worst performance, the earliest entry will be the worst.

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-12-22 20:20:12 +08:00
Zhe Weng f416fd86bb net/ipfwd: Support ICMP error reply when forwarding IPv4
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-12-02 15:26:45 +08:00
Zhe Weng 9aefd6717c net/nat: Add support for ICMP Error Message
Support DEST_UNREACHABLE, TIME_EXCEEDED and PARAMETER_PROBLEM ICMP types in NAT.

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-12-01 22:45:22 +08:00
Zhe Weng 23dfdeacab net/nat: Split out ipv4_nat_in/outbound_internal
Split out ipv4_nat_in/outbound_internal which returns entry instead of error code, for later ICMP error types, does not change any current logic.

Reason: Outer packet doesn't have information of port, so we need to find entry by inner packet, and apply the entry to outer packet.

| Outer Packet: SRC = Peer IP<No Port>, DST = External IP<No Port> |
| Inner Packet: SRC = External IP:Port, DST = Peer IP:Port         |

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-12-01 22:45:22 +08:00
Zhe Weng 8b211128f1 net/nat: Support param to manipulate src or dest
This commit is for later ICMP error types processing, and does not change any current logic.

Reason for supporting both side of modification is that an inbound ICMP Error MSG may carry original packet like this:

|          IP HDR: SRC = Peer IP,       DST = External IP |
|        ICMP HDR: ERROR MSG                              |
| <Origin> IP HDR: SRC = External IP,   DST = Peer IP     |
| <Origin> L4 HDR: SRC = External Port, DST = Peer Port   |

So we need to support inbound translation (External -> Local) on SRC or DST of each header.

And so do the outbound direction.

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-12-01 22:45:22 +08:00
Zhe Weng a3a669a5f6 net/nat: Add UDP support
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-11-11 14:36:55 +08:00
Zhe Weng 8d401db5b9 net/nat: Add ICMP ECHO (REQUEST & REPLY) support
Support ICMP ECHO REQUEST & REPLY. Id of ICMP is processed like port of TCP in NAT. However, our ICMP stack doesn't have a method to manage id allocation like tcp_selectport(), the id is set by apps (like icmp_ping.c) without conflict avoidance, so not adding such conflict avoidance logic to ICMP stack when implementing NAT.

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-11-11 14:36:55 +08:00
Zhe Weng f498102512 net: select NAT external port by tcp_selectport for TCP
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-11-11 14:36:55 +08:00
Zhe Weng 8239ddeef4 net/nat: Add TCP entry expiration logic
Add TCP entry expiration logic for NAT, with entries changed from sq to dq for fast removal.

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-11-11 14:36:55 +08:00
Zhe Weng 0a4e01d712 net: verify NAT port usage in tcp_selectport
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-11-11 14:36:55 +08:00
Zhe Weng b595430578 net: add basic NAT workflow
Add basic functions for NAT (NAPT), remaining some logic unimplemented (UDP, ICMP, port assignment, etc). NAT for TCP can work now (unless port conflicts).
Outbound: LAN ->  Forward  ->  NAT(only if targeting at WAN)  -> WAN
Inbound:  WAN ->  NAT(only from WAN, change dest) -> Forward  -> LAN

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-11-11 14:36:55 +08:00