If the CAN stack receiving packets fast, but the application layer reading packets slow. Then `conn->readahead` will continue to grow, leading to memory leaks. Finally CAN stack potentially starve out all IOB buffers. To prevent memory leaks, users can restrict can socket buffer length.
Signed-off-by: gaohedong <gaohedong@xiaomi.com>
In "psock_send_eventhandler",when retransmit count bigger TCP_MAXRTX nuttx will set release wrb. But before this it will also set "conn->tx_unacked = 0" if we only retransmit one packet(conn->tx_unacked == sent),and In func "tcp_timer" only "conn->tx_unacked > 0" will close the tcp conn. So app will never close if nuttx retransmit over max timers.
Signed-off-by: meijian <meijian@xiaomi.com>
Otherwise, the IP address is always considered to conflict, and the ipv6
address cannot be effectively obtained.
Later we will look at how to perform conflict detection on L3 network cards
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
Now we only supports conntrack info from NAT entries, to let our apps in user space know the mapping status in NAT.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
I found `struct ipv*_nat_entry` is missing `_s` suffix, but the name is too long in some cases, so maybe `ipv*_nat_entry_t` could be better.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Notes:
1. This version of NAT66 is a stateful one like NAT44, corresponding to Linux's MASQUERADE target of ip6tables. We can support stateless NAT66 & NPTv6 later by slightly modify the address & port selection logic (maybe just match the rules and skip the entry find).
2. We're using same flag `IFF_NAT` for both NAT44 & NAT66 to make control easier. Which means, if we enable NAT, both NAT44 & NAT66 will be enabled. If we don't want one of them, we can just disable that one in Kconfig.
3. Maybe we can accelerate the checksum adjustment by pre-calculate a difference of checksum, and apply it to each packet, instead of calling `net_chksum_adjust` each time. Just a thought, maybe do it later.
4. IP fragment segments on NAT66 connections are not supported yet.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
To prepare for future IPv6 NAT functions.
- Rename common ipv4_nat_xxx to nat_xxx
- Move some common definitions into header
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Because CAN is a broadcast protocol, each conn needs to be given independent data to avoid mutual interference.
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
The symmetric NAT limits one external port to be used with only one peer ip:port.
Note:
1. To avoid using too much #ifdef, we're always passing peer_ip and peer_port as arguments, but won't use them under full cone NAT, let the compiler optimize them.
2. We need to find port binding without peer ip:port, so don't add peer ip:port into hash key.
3. Symmetric NAT needs to *select another external port if a port is used by any other NAT entry*, this behavior is exactly same as Full Cone NAT, so we don't need to change anything related to `ipv4_nat_port_inuse`.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Fix minor problems when reading codes:
- icmpv6_autoconfig: Call net_unlock before return
- pkt_sendmsg: Return error for types other than SOCK_RAW
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
1. Don't assert on IGMP inside ICMP, just ignore it.
2. Check we have full IP header inside ICMP payload before accessing it.
3. `inner_l4hdrbak` need to be `L4_MAXHDRLEN`, not `L4_MAXHDRLEN/2`.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
https://github.com/apache/nuttx/pull/11384 has changed the source
address selection of UDP from raddr to laddr, but not all UDP
connections have laddr set, then we need to fallback to get source from
raddr.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Support longest prefix match routing described as "Longest Match" in
RFC 1812, Section 5.2.4.3, Page 75.
Introduced `prefixlen` to indicate the prefix length of currently
founded route, and only looks up for longer prefix in all later steps.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
If we only enable one of `CONFIG_NET_ARP_SEND` and
`CONFIG_NET_ICMPv6_NEIGHBOR`, both IPv4 and IPv6 traffic will send
ARP or NDP, which causes problem.
Example:
`CONFIG_NET_ARP_SEND=n`
`CONFIG_NET_ICMPv6_NEIGHBOR=y`
Wrong:
IPv4 traffic (`PF_INET`) goes into `icmpv6_neighbor`, which
definitely causes problem.
Correct:
IPv4 traffic doesn't call anything, IPv6 traffic calls `icmpv6_neighbor`
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Follow the posix standard:
If no messages are available to be received and the peer has
performed an orderly shutdown, recv() shall return 0.
Signed-off-by: Bowen Wang <wangbowen6@xiaomi.com>
When peer->lc_cfpcount == LOCAL_NCONTROLFDS,
Line 122: peer->lc_cfps[peer->lc_cfpcount++] = filep2; access
out-of-range
Signed-off-by: Bowen Wang <wangbowen6@xiaomi.com>
In this case, remote addr is all zero, and the length of the
ip header is not recognized as ipv6_is_ipv4, This will cause
problems in subsequent data filling.
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
move the accept logic into connect flow.
In order to successfully establish a blocking connection between
the client and server on the same thread.
nonblock is not affected, and the block connect is now the same
as the nonblock flow, other apis are not affected.
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
The `xxx_ipv6multicast` function in each driver is not adapted to
multiple IPv6 addresses yet, and they're redundant, so try to take them
into common code.
Change:
1. Add MAC `g_ipv6_ethallnodes` and `g_ipv6_ethallrouters` in
`icmpv6_devinit` and call them in `netdev_register`
2. Add multicast MAC for Neighbor Solicitation when adding any IPv6
address, and remove them when IPv6 address is removed
3. Select `NET_MCASTGROUP` when `NET_ICMPv6` because now we need
`d_addmac` when we have ICMPv6
Note:
We want modules outside net stack to call functions like
`netdev_ipv6_add` and never touch the related MAC address, so these MAC
functions are added as internal functions to `net/netdev/netdev.h`
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
When CONFIG_NET_TCP_WRITE_BUFFERS is enabled, iobs are used for
both queuing data from application, and for assembling packets
for sending. If there is a system-wide shortage of iobs, it could
happen that there is not enough free space to form any packets
to send. The buffers allocated for TCP data also can't be released
until the packet is sent.
Normally this should be avoided by setting suitable values for
CONFIG_IOB_NBUFFERS and CONFIG_IOB_THROTTLE. The default values
are ok for light usage, but can run out when using multiple
simultaneous TCP streams.
Before this commit, iob shortage would cause TCP connections to
get stuck and eventually timeout. With this change, TCP stack
sends smaller packets, eventually freeing some buffers from the
write queue.
Previously ipv6 multi-address support decided packet source
address based on its destination. This doesn't work if NuttX
device has multiple addresses within same subnet.
Instead when a packet is a response to existing connection,
the source address should be based on the destination address
used in the received packet.
Commit 8a63d29c removed `devif_iob_send` from `udp_sendto_buffered`
workflow, `devif_iob_send` drops too big packet. Now we still need a
place to check the packet length, otherwise a packet larger than MTU
may be sent to the net driver.
In case of similar problem happens somewhere else, this commit also
adds a check in `netdev_upperhalf`, and count these cases into
`NETDEV_TXERRORS`.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
- When receiving Router Advertisement Message, if Managed Address
Configuration flag is set, we should ignore the Autonomous
Address-configuration flag, and obtain the IPv6 address via the
stateful process.
Signed-off-by: liqinhui <liqinhui@xiaomi.com>
Adds support for timestamping received UDP packets, either in
hardware or in kernel. Builds on the existing support of SO_TIMESTAMP
for SocketCAN.
Implementation uses CLOCK_REALTIME for timestamping to match the
behavior of Linux. This could be made configurable in future if needed.
If the flag is not set, The flag is affected by the previously sent and
received packets, L2 header may be filled with ipv6
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
When implementing IPv6-related logic, we found the `net_ipv6_pref2mask`
and `net_ipv6addr_copy` are using different argument order:
```
net_ipv6addr_copy(ifaddr->addr, addr);
net_ipv6_pref2mask(preflen, ifaddr->mask);
```
Change the order to:
```
net_ipv6addr_copy(ifaddr->addr, addr);
net_ipv6_pref2mask(ifaddr->mask, preflen);
```
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
1. Supporting `SIOCSIFADDR` and `SIOCDIFADDR` with Linux in6_ifreq struct to manage ipv6 addresses.
Ref: https://man7.org/linux/man-pages/man7/netdevice.7.html
2. Supporting alias like 'eth0:0' for multiple IPv6 addresses, to keep previous ioctl `SIOCGLIFADDR`, `SIOCSLIFADDR`, `SIOCGLIFNETMASK` and `SIOCSLIFNETMASK` working.
Ref: https://man7.org/linux/man-pages/man8/ifconfig.8.html
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Note that user-space related code, like procfs and lifreq related ioctl commands, are not touched in this commit.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Compatible with previous usage, because may network drivers are using old member name to print logs, and there's no significant need to change them now.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Prepare for multiple IPv6 addresses per net device, then we can notify
add/remove of a single address later.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
add ref count for ipv4 multicast and leave the multicast group when close
behavior alignment with linux.
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
some tools use this command to distinguish which device returned via getifaddrs() are wireless network device.
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>