Commit Graph

56 Commits

Author SHA1 Message Date
Zhe Weng
f7181676b7 net: Support IP packet filter
Add a firewall compatible with Linux's iptables and ip6tables, with chains at similar points in the packet processing path.

NIC ─> ipv[46]_input ┬> ipv[46]_forward ─> [FORWARD] ┬> devif_poll_out ─> NIC
                     │                               │
                     │          ┌>  tcp  ┐           │
                     │          ├>  udp  ┤           │
                     └> [INPUT] ┼> icmp  ┼> [OUTPUT] ┘
                                ├> icmp6 ┤
                                └>  ...  ┘

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2024-06-20 09:43:05 +08:00
Zhe Weng
f3b34c84c2 net/nat: Support IPv6 Masquerading (NAT66)
Notes:
1. This version of NAT66 is a stateful one like NAT44, corresponding to Linux's MASQUERADE target of ip6tables.  We can support stateless NAT66 & NPTv6 later by slightly modify the address & port selection logic (maybe just match the rules and skip the entry find).
2. We're using same flag `IFF_NAT` for both NAT44 & NAT66 to make control easier.  Which means, if we enable NAT, both NAT44 & NAT66 will be enabled.  If we don't want one of them, we can just disable that one in Kconfig.
3. Maybe we can accelerate the checksum adjustment by pre-calculate a difference of checksum, and apply it to each packet, instead of calling `net_chksum_adjust` each time.  Just a thought, maybe do it later.
4. IP fragment segments on NAT66 connections are not supported yet.

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2024-04-11 22:23:29 +08:00
Petteri Aimonen
cb161940c2 udp: Add support for SO_TIMESTAMP
Adds support for timestamping received UDP packets, either in
hardware or in kernel. Builds on the existing support of SO_TIMESTAMP
for SocketCAN.

Implementation uses CLOCK_REALTIME for timestamping to match the
behavior of Linux. This could be made configurable in future if needed.
2023-11-18 03:10:29 -08:00
Zhe Weng
d44e19d115 mm/iob: Add support for increasing length in iob_update_pktlen
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2023-08-22 16:34:21 +09:00
Zhe Weng
1cf3147626 net/netdev: Avoid hardcoded guardsize when using d_iob
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2023-01-18 14:41:07 +08:00
luojun1234
ff3733b5b5 Support fragmentation and reassembly
Signed-off-by: luojun1 <luojun1@xiaomi.com>
2023-01-17 14:01:37 +08:00
chao an
8fc1e524ab net/ip: return success if the packet was forwarded.
The incoming packet should not be input to ip layer if the packet has been forwarded

Signed-off-by: chao an <anchao@xiaomi.com>
2022-12-04 15:59:43 -03:00
Xiang Xiao
43bda3282f net/arp: Move arp_ipin and arp_out to private header file
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
2022-12-04 20:39:21 +08:00
chao an
34d2cde8a8 net/l2/l3/l4: add support of iob offload
1. Add new config CONFIG_NET_LL_GUARDSIZE to isolation of l2 stack,
   which will benefit l3(IP) layer for multi-MAC(l2) implementation,
   especially in some NICs such as celluler net driver.

new configuration options: CONFIG_NET_LL_GUARDSIZE

CONFIG_NET_LL_GUARDSIZE will reserved l2 buffer header size of
network buffer to isolate the L2/L3 (MAC/IP) data on network layer,
which will be beneficial to L3 network layer protocol transparent
transmission and forwarding

------------------------------------------------------------
Layout of frist iob entry:

        iob_data (aligned by CONFIG_IOB_ALIGNMENT)
            |
            |                  io_offset(CONFIG_NET_LL_GUARDSIZE)
            |                                |
            -------------------------------------------------
      iob   |            Reserved            |    io_len    |
            -------------------------------------------------

-------------------------------------------------------------
Layout of different NICs implementation:

        iob_data (aligned by CONFIG_IOB_ALIGNMENT)
            |
            |                 io_offset(CONFIG_NET_LL_GUARDSIZE)
            |                                |
            -------------------------------------------------
 Ethernet   |       Reserved    | ETH_HDRLEN |    io_len    |
            ---------------------------------|---------------
 8021Q      |   Reserved  | ETH_8021Q_HDRLEN |    io_len    |
            ---------------------------------|---------------
 ipforward  |            Reserved            |    io_len    |
            -------------------------------------------------

--------------------------------------------------------------------

2. Support iob offload to l2 driver to avoid unnecessary memory copy

Support send/receive iob vectors directly between the NICs and l3/l4
stack to avoid unnecessary memory copies, especially on hardware that
supports Scatter/gather, which can greatly improve performance.

new interface to support iob offload:

  ------------------------------------------
  |    IOB version     |     original      |
  |----------------------------------------|
  |  devif_iob_poll()  |   devif_poll()    |
  |       ...          |       ...         |
  ------------------------------------------

--------------------------------------------------------------------

1> NIC hardware support Scatter/gather transfer

TX:

                tcp_poll()/udp_poll()/pkt_poll()/...(l3|l4)
                           /              \
                          /                \
devif_poll_[l3|l4]_connections()     devif_iob_send() (nocopy:udp/icmp/...)
           /                                   \      (copy:tcp)
          /                                     \
  devif_iob_poll("NIC"_txpoll)                callback() // "NIC"_txpoll
                                                  |
                            dev->d_iob:           |
                                                ---------------         ---------------
                             io_data       iob1 |  |          |    iob3 |  |          |
                                    \           ---------------         ---------------
                                  ---------------  |       --------------- |
                             iob0 |  |          |  |  iob2 |  |          | |
                                  ---------------  |       --------------- |
                                     \             |          /           /
                                        \          |       /           /
                                   ----------------------------------------------
                    NICs io vector |    |    |    |    |    |    |    |    |    |
                                   ----------------------------------------------

RX:

  [tcp|udp|icmp|...]ipv[4|6]_data_handler()(iob_concat/append to readahead)
                    |
                    |
      [tcp|udp|icmp|...]_ipv[4|6]_in()/...
                    |
                    |
          pkt/ipv[4/6]_input()/...
                    |
                    |
     NICs io vector receive(iov_base to each iobs)

--------------------------------------------------------------------

2> CONFIG_IOB_BUFSIZE is greater than MTU:

TX:

"(CONFIG_IOB_BUFSIZE) > (MAX_NETDEV_PKTSIZE + CONFIG_NET_GUARDSIZE + CONFIG_NET_LL_GUARDSIZE)"

                tcp_poll()/udp_poll()/pkt_poll()/...(l3|l4)
                           /              \
                          /                \
devif_poll_[l3|l4]_connections()     devif_iob_send() (nocopy:udp/icmp/...)
           /                                   \      (copy:tcp)
          /                                     \
  devif_iob_poll("NIC"_txpoll)                callback() // "NIC"_txpoll
                                                  |
                                             "NIC"_send()
                          (dev->d_iob->io_data[CONFIG_NET_LL_GUARDSIZE - NET_LL_HDRLEN(dev)])

RX:

  [tcp|udp|icmp|...]ipv[4|6]_data_handler()(iob_concat/append to readahead)
                    |
                    |
      [tcp|udp|icmp|...]_ipv[4|6]_in()/...
                    |
                    |
          pkt/ipv[4/6]_input()/...
                    |
                    |
     NICs io vector receive(iov_base to io_data)

--------------------------------------------------------------------

3> Compatible with all old flat buffer NICs

TX:
                tcp_poll()/udp_poll()/pkt_poll()/...(l3|l4)
                           /              \
                          /                \
devif_poll_[l3|l4]_connections()     devif_iob_send() (nocopy:udp/icmp/...)
           /                                   \      (copy:tcp)
          /                                     \
  devif_iob_poll(devif_poll_callback())  devif_poll_callback() /* new interface, gather iobs to flat buffer */
       /                                           \
      /                                             \
 devif_poll("NIC"_txpoll)                     "NIC"_send()(dev->d_buf)

RX:

  [tcp|udp|icmp|...]ipv[4|6]_data_handler()(iob_concat/append to readahead)
                    |
                    |
      [tcp|udp|icmp|...]_ipv[4|6]_in()/...
                    |
                    |
               netdev_input()  /* new interface, Scatter/gather flat/iob buffer */
                    |
                    |
          pkt/ipv[4|6]_input()/...
                    |
                    |
    NICs io vector receive(Orignal flat buffer)

3. Iperf passthrough on NuttX simulator:

  -------------------------------------------------
  |  Protocol      | Server | Client |            |
  |-----------------------------------------------|
  |  TCP           |  813   |   834  |  Mbits/sec |
  |  TCP(Offload)  | 1720   |  1100  |  Mbits/sec |
  |  UDP           |   22   |   757  |  Mbits/sec |
  |  UDP(Offload)  |   25   |  1250  |  Mbits/sec |
  -------------------------------------------------

Signed-off-by: chao an <anchao@xiaomi.com>
2022-12-03 11:47:04 +08:00
Zhe Weng
da6ab79d65 net/ipv4_input: Set IPv4 flag at the same place as ipv6_input
Set IPv4 flag before processing ipforward, otherwise the ICMP packet responded by ipforward may sometimes be regarded as IPv6.

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-12-02 15:26:45 +08:00
chao an
a0bce18192 net/ipv4: fix shadows declaration
devif/ipv4_input.c: In function ‘ipv4_in’:
devif/ipv4_input.c:305:15: warning: declaration of ‘ret’ shadows a previous local [-Wshadow]
  305 |           int ret = ipv4_forward(dev, ipv4);
      |               ^~~
devif/ipv4_input.c:151:7: note: shadowed declaration is here
  151 |   int ret = OK;
      |       ^~~

Signed-off-by: chao an <anchao@xiaomi.com>
2022-12-01 09:38:33 +08:00
liyi
391b501639 net: extract l3 header build code into new functions
Signed-off-by: liyi <liyi25@xiaomi.com>
2022-11-29 18:36:15 +08:00
chao an
615845d9a6 net/devif: add common interface to build L2 headers
So we can hide the implementation details of L2 NICs.

Signed-off-by: chao an <anchao@xiaomi.com>
2022-11-28 14:44:15 +01:00
Xiang Xiao
4663987e66 Fix devif/ipv4_input.c:405:1: warning: label ‘done’ defined but not used [-Wunused-label]
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Signed-off-by: chao an <anchao@xiaomi.com>
2022-11-27 18:01:38 +08:00
chao an
6fa60627eb net/devif/ip: build l2 header on the IP layer
Signed-off-by: chao an <anchao@xiaomi.com>
2022-11-27 12:13:45 +08:00
Zhe Weng
b595430578 net: add basic NAT workflow
Add basic functions for NAT (NAPT), remaining some logic unimplemented (UDP, ICMP, port assignment, etc). NAT for TCP can work now (unless port conflicts).
Outbound: LAN ->  Forward  ->  NAT(only if targeting at WAN)  -> WAN
Inbound:  WAN ->  NAT(only from WAN, change dest) -> Forward  -> LAN

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-11-11 14:36:55 +08:00
chao an
a8d3286258 net: move device buffer define to common header
Signed-off-by: chao an <anchao@xiaomi.com>
2022-10-28 00:32:16 -04:00
chao.an
9cb17841d8 net/sockopt: move BINDTODEVICE to socket level
rename the UDP_BINDTODEVICE to SO_BINDTODEVICE to follow the linux
style to be compatible with non-UDP protocol binding requirements

Signed-off-by: chao.an <anchao@xiaomi.com>
2022-08-25 17:56:52 +08:00
Sebastien Lorquet
6bd36d64e3 Packet dropped in IPv4/v6 input is now an info, not a warning 2022-06-09 16:07:34 +02:00
Petro Karashchenko
08043fb5bc net: unify FAR keyword usage for all net buffer memory mapped buffers
Signed-off-by: Petro Karashchenko <petro.karashchenko@gmail.com>
2022-01-20 01:42:56 +08:00
Gregory Nutt
7332d2decf net/: Add missing packet filtering checks
NuttX provides the UDP_BINDTODEVICE socket option.  This is a UDP protocol-specific implementation of the semi-standard Linux SO_BINDTODEVICE socket option:  "SO_BINDTODEVICE forces packets on the socket to only egress the bound interface, regardless of what the IP routing table would normally choose. Similarly only packets which ingress the bound interface will be received on the socket, packets from other interfaces will not be delivered to the socket." https://codingrelic.geekhold.com/2009/10/code-snippet-sobindtodevice.html

If CONFIG_NET_UDP_BINDTODEVICE is selected and a UDP socket is bound to the device, then unrecognized packets UDP packets must not be dropped, but must be forwarded along to the bound socket unconditionally.

It the typical case, this should have no impact.  It does effect the applications that use DHCP and do select the UDP_BINDTODEVICE socket option.

This PR replace existing improper logic in the code and also the improper attempts to fix problems from PR #3601 and PR #3598.  Those changes are improper because they expose DHCP appliction dependencies in the OS, breaking modularity and independence of the OS and application.

Tested with stm32f4discovery:netnsh with CONFIG_NET_UDP_BINDTODEVICE.  A proper DHCP test setup is needed, however.
2021-04-29 12:47:02 +08:00
chao.an
38e2c4ba53 net/ip: fix nxstyle warning
Signed-off-by: chao.an <anchao@xiaomi.com>
2021-01-30 16:04:39 -08:00
chao.an
ab148bc69f net/ip: do not drop the udp packet from IP layer
this change to support receive the udp data from the specified
port without obtaining the address.

e.g: disable the Bootstrap flag on dhcpc handshake

Reference:
RFC1542: Clarifications and Extensions for the Bootstrap Protocol.

Signed-off-by: chao.an <anchao@xiaomi.com>
2021-01-30 16:04:39 -08:00
Brennan Ashton
68b526b335 tcp: Remove incomplete support for TCP reassembly 2020-12-09 07:25:26 -08:00
Gregory Nutt
a52ceac13e net/: Now handles reception of IPv4 packets with larger IPv4 headers containing options. 2019-08-31 12:25:30 -06:00
Gregory Nutt
9bdde04636 net/Kconfig: Ethernet packet buffer size cannot be permitted to go below 1294 is IPv6 is selected. 2019-08-31 09:08:32 -06:00
Gregory Nutt
f6b00e1966 tools/nxstyle.c: Fix logic error that prevent detecion of '/' and '/=' as operators. net/: Minor updates resulting from testing tools/nxstyle. 2019-03-11 12:48:39 -06:00
Xiang Xiao
44bcd2c44d net/: add NET_ICMP[v6]_NO_STACK for usrsock case 2018-11-09 11:25:57 -06:00
Gregory Nutt
22cd0d47fa This commit attempts remove some long standard confusion in naming and some actual problems that result from the naming confusion. The basic problem is the standard MTU does not include the size of the Ethernet header. For clarity, I changed the naming of most things called MTU to PKTSIZE. For example, CONFIG_NET_ETH_MTU is now CONFIG_NET_ETH_PKTSIZE.
This makes the user interface a little hostile.  People thing of an MTU of 1500 bytes, but the corresponding packet is really 1514 bytes (including the 14 byte Ethernet header).  A more friendly solution would configure the MTU (as before), but then derive the packet buffer size by adding the MAC header length.  Instead, we define the packet buffer size then derive the MTU.

The MTU is not common currency in networking.  On the wire, the only real issue is the MSS which is derived from MTU by subtracting the IP header and TCP header sizes (for the case of TCP).  Now it is derived for the PKTSIZE by subtracting the IP header, the TCP header, and the MAC header sizes.  So we should be all good and without the recurring 14 byte error in MTU's and MSS's.

Squashed commit of the following:

    Trivial update to fix some spacing issues.
    net/: Rename several macros containing _MTU to _PKTSIZE.
    net/: Rename CONFIG_NET_SLIP_MTU to CONFIG_NET_SLIP_PKTSIZE and similarly for CONFIG_NET_TUN_MTU.  These are not the MTU which does not include the size of the link layer header.  These are the full size of the packet buffer memory (minus any GUARD bytes).
    net/: Rename CONFIG_NET_6LOWPAN_MTU to CONFIG_NET_6LOWPAN_PKTSIZE and similarly for CONFIG_NET_TUN_MTU.  These are not the MTU which does not include the size of the link layer header.  These are the full size of the packet buffer memory (minus any GUARD bytes).
    net/: Rename CONFIG_NET_ETH_MTU to CONFIG_NET_ETH_PKTSIZE.  This is not the MTU which does not include the size of the link layer header.  This is the full size of the packet buffer memory (minus any GUARD bytes).
    net/: Rename the file d_mtu in the network driver structure to d_pktsize.  That value saved there is not the MTU.  The packetsize is the memory large enough to hold the maximum packet PLUS the size of the link layer header.  The MTU does not include the link layer header.
2018-07-04 14:10:40 -06:00
Gregory Nutt
715d561c41 Trivial spelling corrections in comments; update some comments in a Kconfig file. 2018-06-24 15:01:49 -06:00
Gregory Nutt
433f29eea2 net/: Rename CONFIG_TCP_REASSEMBLY to CONFIG_IPv4_REASSEMBLY. Add some fixes to get a clen compile with CONFIG_IPv4_REASSEMBLY enabled. There are several problems with the current implementation: It is untested (and depends on CONFIG_EXPERMIMENTAL). It uses some Ethernet specific definitions (and depends on CONFIG_NET_ETHERNET). There is only a single reassembly buffer. The last two issues prevent use of this feature in any context where IPv4 packets may be reassembled for multiple network devices concurrently). 2018-06-24 12:06:12 -06:00
Gregory Nutt
c93320ccd6 net/: Fix some issues with regard to UDP broadcast handling. This is Bitbucket Issue #77. This commit tentatively closes the issues, subject to verification. 2017-11-22 12:06:36 -06:00
Gregory Nutt
835ae2999d networking: Move a little more to the inet/ subdirectory. 2017-08-07 13:03:23 -06:00
Gregory Nutt
799b2d5671 Update comments. 2017-07-17 07:14:12 -06:00
Gregory Nutt
803235ad4b IP forwaring: Rename some files to get closer to other naming conventions. 2017-07-07 18:45:58 -06:00
Gregory Nutt
7258f1cbfc IP forwarding: Move to separate directory. A few fixes from early testing; In TUN driver, do all polling on worker thread. Otherwise, the stack gets very deep. 2017-07-07 18:33:06 -06:00
Gregory Nutt
04716a65a5 IP forwading: Add optional support to forward broadcast and multicast packets. 2017-07-06 07:26:01 -06:00
Gregory Nutt
b297066eb9 IP Forwarding: Add IPv4 packet forwarding logic. Initial commit is an untested clone of the IPv6 forwarding logic with a few minor logic changes for IPv4. 2017-07-05 15:12:29 -06:00
Gregory Nutt
d5207efb5a Be consistent... Use Name: consistent in function headers vs Function: 2017-04-21 16:33:14 -06:00
Jussi Kivilinna
cd3c9634c8 Add user-space networking stack API (usrsock)
User-space networking stack API allows user-space daemon to
provide TCP/IP stack implementation for NuttX network.

Main use for this is to allow use and seamless integration of
HW-provided TCP/IP stacks to NuttX.

For example, user-space daemon can translate /dev/usrsock
API requests to HW TCP/IP API requests while rest of the
user-space can access standard socket API, with socket
descriptors that can be used with NuttX system calls.
2017-03-31 08:58:14 -06:00
Gregory Nutt
1dabbd8489 Costmetic changes 2016-10-24 16:18:30 -06:00
Gregory Nutt
d40a473f72 Without lowsyslog() *llwarn() is not useful. Eliminate and replace with *warn(). 2016-06-20 09:37:08 -06:00
Gregory Nutt
7d0950bb22 net/: Change some nerr() ERRORS to nwarn() WARNINGS. Anomolous network events are not errors. 2016-06-12 07:09:37 -06:00
Gregory Nutt
f4fcdcdb4d net/: Change some *err() message to *info() messages if what was a *dbg() message does not indicate and error condition. 2016-06-11 17:37:21 -06:00
Gregory Nutt
e99301d7c2 Rename *lldbg to *llerr 2016-06-11 14:55:27 -06:00
Gregory Nutt
a81a467a40 Networking: In both IPv6 and IPv4 incoming logic: (1) Should check if the packet size is large enough before trying to access the packet length in the IP header. (2) In the comparison between the IP length and the full packet length, need to subtract the size of the link layer header before making the comparison or we will get false positives (i.e., the packet is really too small). 2016-06-09 13:16:47 -06:00
Gregory Nutt
6af3ba78b9 Remove CONFIG_NET_PINGADDRCONF. This was a uIP way of assigning IP addresses, but is not standard and not a appropriate feature in general. 2015-12-01 07:48:56 -06:00
Gregory Nutt
6209c51206 net/: More clean-up of spacing/alignment issues 2015-10-08 15:10:04 -06:00
Gregory Nutt
ab50e9d04d Networking: Get rid of g_ipv4_allzeroaddr and g_ipv4_alloneaddr. It is more efficient and more intuitive to use INADDR_ANY and INADDR_BROADCAST 2015-05-29 15:16:11 -06:00
Gregory Nutt
f4bb7f14e1 Networking: Clean up network status collection and presentation for IPv6 2015-01-24 08:26:12 -06:00