Notes:
1. This version of NAT66 is a stateful one like NAT44, corresponding to Linux's MASQUERADE target of ip6tables. We can support stateless NAT66 & NPTv6 later by slightly modify the address & port selection logic (maybe just match the rules and skip the entry find).
2. We're using same flag `IFF_NAT` for both NAT44 & NAT66 to make control easier. Which means, if we enable NAT, both NAT44 & NAT66 will be enabled. If we don't want one of them, we can just disable that one in Kconfig.
3. Maybe we can accelerate the checksum adjustment by pre-calculate a difference of checksum, and apply it to each packet, instead of calling `net_chksum_adjust` each time. Just a thought, maybe do it later.
4. IP fragment segments on NAT66 connections are not supported yet.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Adds support for timestamping received UDP packets, either in
hardware or in kernel. Builds on the existing support of SO_TIMESTAMP
for SocketCAN.
Implementation uses CLOCK_REALTIME for timestamping to match the
behavior of Linux. This could be made configurable in future if needed.
Set IPv4 flag before processing ipforward, otherwise the ICMP packet responded by ipforward may sometimes be regarded as IPv6.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
devif/ipv4_input.c: In function ‘ipv4_in’:
devif/ipv4_input.c:305:15: warning: declaration of ‘ret’ shadows a previous local [-Wshadow]
305 | int ret = ipv4_forward(dev, ipv4);
| ^~~
devif/ipv4_input.c:151:7: note: shadowed declaration is here
151 | int ret = OK;
| ^~~
Signed-off-by: chao an <anchao@xiaomi.com>
Add basic functions for NAT (NAPT), remaining some logic unimplemented (UDP, ICMP, port assignment, etc). NAT for TCP can work now (unless port conflicts).
Outbound: LAN -> Forward -> NAT(only if targeting at WAN) -> WAN
Inbound: WAN -> NAT(only from WAN, change dest) -> Forward -> LAN
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
rename the UDP_BINDTODEVICE to SO_BINDTODEVICE to follow the linux
style to be compatible with non-UDP protocol binding requirements
Signed-off-by: chao.an <anchao@xiaomi.com>
NuttX provides the UDP_BINDTODEVICE socket option. This is a UDP protocol-specific implementation of the semi-standard Linux SO_BINDTODEVICE socket option: "SO_BINDTODEVICE forces packets on the socket to only egress the bound interface, regardless of what the IP routing table would normally choose. Similarly only packets which ingress the bound interface will be received on the socket, packets from other interfaces will not be delivered to the socket." https://codingrelic.geekhold.com/2009/10/code-snippet-sobindtodevice.html
If CONFIG_NET_UDP_BINDTODEVICE is selected and a UDP socket is bound to the device, then unrecognized packets UDP packets must not be dropped, but must be forwarded along to the bound socket unconditionally.
It the typical case, this should have no impact. It does effect the applications that use DHCP and do select the UDP_BINDTODEVICE socket option.
This PR replace existing improper logic in the code and also the improper attempts to fix problems from PR #3601 and PR #3598. Those changes are improper because they expose DHCP appliction dependencies in the OS, breaking modularity and independence of the OS and application.
Tested with stm32f4discovery:netnsh with CONFIG_NET_UDP_BINDTODEVICE. A proper DHCP test setup is needed, however.
this change to support receive the udp data from the specified
port without obtaining the address.
e.g: disable the Bootstrap flag on dhcpc handshake
Reference:
RFC1542: Clarifications and Extensions for the Bootstrap Protocol.
Signed-off-by: chao.an <anchao@xiaomi.com>
This makes the user interface a little hostile. People thing of an MTU of 1500 bytes, but the corresponding packet is really 1514 bytes (including the 14 byte Ethernet header). A more friendly solution would configure the MTU (as before), but then derive the packet buffer size by adding the MAC header length. Instead, we define the packet buffer size then derive the MTU.
The MTU is not common currency in networking. On the wire, the only real issue is the MSS which is derived from MTU by subtracting the IP header and TCP header sizes (for the case of TCP). Now it is derived for the PKTSIZE by subtracting the IP header, the TCP header, and the MAC header sizes. So we should be all good and without the recurring 14 byte error in MTU's and MSS's.
Squashed commit of the following:
Trivial update to fix some spacing issues.
net/: Rename several macros containing _MTU to _PKTSIZE.
net/: Rename CONFIG_NET_SLIP_MTU to CONFIG_NET_SLIP_PKTSIZE and similarly for CONFIG_NET_TUN_MTU. These are not the MTU which does not include the size of the link layer header. These are the full size of the packet buffer memory (minus any GUARD bytes).
net/: Rename CONFIG_NET_6LOWPAN_MTU to CONFIG_NET_6LOWPAN_PKTSIZE and similarly for CONFIG_NET_TUN_MTU. These are not the MTU which does not include the size of the link layer header. These are the full size of the packet buffer memory (minus any GUARD bytes).
net/: Rename CONFIG_NET_ETH_MTU to CONFIG_NET_ETH_PKTSIZE. This is not the MTU which does not include the size of the link layer header. This is the full size of the packet buffer memory (minus any GUARD bytes).
net/: Rename the file d_mtu in the network driver structure to d_pktsize. That value saved there is not the MTU. The packetsize is the memory large enough to hold the maximum packet PLUS the size of the link layer header. The MTU does not include the link layer header.
User-space networking stack API allows user-space daemon to
provide TCP/IP stack implementation for NuttX network.
Main use for this is to allow use and seamless integration of
HW-provided TCP/IP stacks to NuttX.
For example, user-space daemon can translate /dev/usrsock
API requests to HW TCP/IP API requests while rest of the
user-space can access standard socket API, with socket
descriptors that can be used with NuttX system calls.