Commit Graph

33 Commits

Author SHA1 Message Date
Zhe Weng
f7181676b7 net: Support IP packet filter
Add a firewall compatible with Linux's iptables and ip6tables, with chains at similar points in the packet processing path.

NIC ─> ipv[46]_input ┬> ipv[46]_forward ─> [FORWARD] ┬> devif_poll_out ─> NIC
                     │                               │
                     │          ┌>  tcp  ┐           │
                     │          ├>  udp  ┤           │
                     └> [INPUT] ┼> icmp  ┼> [OUTPUT] ┘
                                ├> icmp6 ┤
                                └>  ...  ┘

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2024-06-20 09:43:05 +08:00
Zhe Weng
f3b34c84c2 net/nat: Support IPv6 Masquerading (NAT66)
Notes:
1. This version of NAT66 is a stateful one like NAT44, corresponding to Linux's MASQUERADE target of ip6tables.  We can support stateless NAT66 & NPTv6 later by slightly modify the address & port selection logic (maybe just match the rules and skip the entry find).
2. We're using same flag `IFF_NAT` for both NAT44 & NAT66 to make control easier.  Which means, if we enable NAT, both NAT44 & NAT66 will be enabled.  If we don't want one of them, we can just disable that one in Kconfig.
3. Maybe we can accelerate the checksum adjustment by pre-calculate a difference of checksum, and apply it to each packet, instead of calling `net_chksum_adjust` each time.  Just a thought, maybe do it later.
4. IP fragment segments on NAT66 connections are not supported yet.

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2024-04-11 22:23:29 +08:00
Zhe Weng
2a342d2424 net/netdev: Add netdev_iob_clone helper
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2024-03-29 11:52:24 +08:00
chao an
589d4a9f8e net/semantic/parser: fix compile warning found by sparse
Reference:
https://linux.die.net/man/1/sparse

Signed-off-by: chao an <anchao@xiaomi.com>
2023-05-30 23:00:00 +08:00
zhanghongyu
9f8d418cd1 forward: copy iob when broadcast forward
since iob offload, ipvx_dev_forward will remove d_iob, if there are multiple
devices, d_iob will be NULL when dev_forward is entered second time. and the
device that receives the packet cannot process the packet after forwarding it
so the iob copy is added.

Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
2023-05-06 03:18:08 +08:00
zhanghongyu
6c73221dd4 forward: limit the forwarding range of broadcast packets
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
2023-04-22 19:24:46 +08:00
luojun1234
ff3733b5b5 Support fragmentation and reassembly
Signed-off-by: luojun1 <luojun1@xiaomi.com>
2023-01-17 14:01:37 +08:00
Zhe Weng
6e9053265c net/ipfwd: fix ipv4_dev_forward after IOB offload.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-12-06 17:03:47 +08:00
chao an
34d2cde8a8 net/l2/l3/l4: add support of iob offload
1. Add new config CONFIG_NET_LL_GUARDSIZE to isolation of l2 stack,
   which will benefit l3(IP) layer for multi-MAC(l2) implementation,
   especially in some NICs such as celluler net driver.

new configuration options: CONFIG_NET_LL_GUARDSIZE

CONFIG_NET_LL_GUARDSIZE will reserved l2 buffer header size of
network buffer to isolate the L2/L3 (MAC/IP) data on network layer,
which will be beneficial to L3 network layer protocol transparent
transmission and forwarding

------------------------------------------------------------
Layout of frist iob entry:

        iob_data (aligned by CONFIG_IOB_ALIGNMENT)
            |
            |                  io_offset(CONFIG_NET_LL_GUARDSIZE)
            |                                |
            -------------------------------------------------
      iob   |            Reserved            |    io_len    |
            -------------------------------------------------

-------------------------------------------------------------
Layout of different NICs implementation:

        iob_data (aligned by CONFIG_IOB_ALIGNMENT)
            |
            |                 io_offset(CONFIG_NET_LL_GUARDSIZE)
            |                                |
            -------------------------------------------------
 Ethernet   |       Reserved    | ETH_HDRLEN |    io_len    |
            ---------------------------------|---------------
 8021Q      |   Reserved  | ETH_8021Q_HDRLEN |    io_len    |
            ---------------------------------|---------------
 ipforward  |            Reserved            |    io_len    |
            -------------------------------------------------

--------------------------------------------------------------------

2. Support iob offload to l2 driver to avoid unnecessary memory copy

Support send/receive iob vectors directly between the NICs and l3/l4
stack to avoid unnecessary memory copies, especially on hardware that
supports Scatter/gather, which can greatly improve performance.

new interface to support iob offload:

  ------------------------------------------
  |    IOB version     |     original      |
  |----------------------------------------|
  |  devif_iob_poll()  |   devif_poll()    |
  |       ...          |       ...         |
  ------------------------------------------

--------------------------------------------------------------------

1> NIC hardware support Scatter/gather transfer

TX:

                tcp_poll()/udp_poll()/pkt_poll()/...(l3|l4)
                           /              \
                          /                \
devif_poll_[l3|l4]_connections()     devif_iob_send() (nocopy:udp/icmp/...)
           /                                   \      (copy:tcp)
          /                                     \
  devif_iob_poll("NIC"_txpoll)                callback() // "NIC"_txpoll
                                                  |
                            dev->d_iob:           |
                                                ---------------         ---------------
                             io_data       iob1 |  |          |    iob3 |  |          |
                                    \           ---------------         ---------------
                                  ---------------  |       --------------- |
                             iob0 |  |          |  |  iob2 |  |          | |
                                  ---------------  |       --------------- |
                                     \             |          /           /
                                        \          |       /           /
                                   ----------------------------------------------
                    NICs io vector |    |    |    |    |    |    |    |    |    |
                                   ----------------------------------------------

RX:

  [tcp|udp|icmp|...]ipv[4|6]_data_handler()(iob_concat/append to readahead)
                    |
                    |
      [tcp|udp|icmp|...]_ipv[4|6]_in()/...
                    |
                    |
          pkt/ipv[4/6]_input()/...
                    |
                    |
     NICs io vector receive(iov_base to each iobs)

--------------------------------------------------------------------

2> CONFIG_IOB_BUFSIZE is greater than MTU:

TX:

"(CONFIG_IOB_BUFSIZE) > (MAX_NETDEV_PKTSIZE + CONFIG_NET_GUARDSIZE + CONFIG_NET_LL_GUARDSIZE)"

                tcp_poll()/udp_poll()/pkt_poll()/...(l3|l4)
                           /              \
                          /                \
devif_poll_[l3|l4]_connections()     devif_iob_send() (nocopy:udp/icmp/...)
           /                                   \      (copy:tcp)
          /                                     \
  devif_iob_poll("NIC"_txpoll)                callback() // "NIC"_txpoll
                                                  |
                                             "NIC"_send()
                          (dev->d_iob->io_data[CONFIG_NET_LL_GUARDSIZE - NET_LL_HDRLEN(dev)])

RX:

  [tcp|udp|icmp|...]ipv[4|6]_data_handler()(iob_concat/append to readahead)
                    |
                    |
      [tcp|udp|icmp|...]_ipv[4|6]_in()/...
                    |
                    |
          pkt/ipv[4/6]_input()/...
                    |
                    |
     NICs io vector receive(iov_base to io_data)

--------------------------------------------------------------------

3> Compatible with all old flat buffer NICs

TX:
                tcp_poll()/udp_poll()/pkt_poll()/...(l3|l4)
                           /              \
                          /                \
devif_poll_[l3|l4]_connections()     devif_iob_send() (nocopy:udp/icmp/...)
           /                                   \      (copy:tcp)
          /                                     \
  devif_iob_poll(devif_poll_callback())  devif_poll_callback() /* new interface, gather iobs to flat buffer */
       /                                           \
      /                                             \
 devif_poll("NIC"_txpoll)                     "NIC"_send()(dev->d_buf)

RX:

  [tcp|udp|icmp|...]ipv[4|6]_data_handler()(iob_concat/append to readahead)
                    |
                    |
      [tcp|udp|icmp|...]_ipv[4|6]_in()/...
                    |
                    |
               netdev_input()  /* new interface, Scatter/gather flat/iob buffer */
                    |
                    |
          pkt/ipv[4|6]_input()/...
                    |
                    |
    NICs io vector receive(Orignal flat buffer)

3. Iperf passthrough on NuttX simulator:

  -------------------------------------------------
  |  Protocol      | Server | Client |            |
  |-----------------------------------------------|
  |  TCP           |  813   |   834  |  Mbits/sec |
  |  TCP(Offload)  | 1720   |  1100  |  Mbits/sec |
  |  UDP           |   22   |   757  |  Mbits/sec |
  |  UDP(Offload)  |   25   |  1250  |  Mbits/sec |
  -------------------------------------------------

Signed-off-by: chao an <anchao@xiaomi.com>
2022-12-03 11:47:04 +08:00
Zhe Weng
f416fd86bb net/ipfwd: Support ICMP error reply when forwarding IPv4
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-12-02 15:26:45 +08:00
Zhe Weng
b595430578 net: add basic NAT workflow
Add basic functions for NAT (NAPT), remaining some logic unimplemented (UDP, ICMP, port assignment, etc). NAT for TCP can work now (unless port conflicts).
Outbound: LAN ->  Forward  ->  NAT(only if targeting at WAN)  -> WAN
Inbound:  WAN ->  NAT(only from WAN, change dest) -> Forward  -> LAN

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-11-11 14:36:55 +08:00
chao an
a8d3286258 net: move device buffer define to common header
Signed-off-by: chao an <anchao@xiaomi.com>
2022-10-28 00:32:16 -04:00
wengzhe
6b7fe6ea8e net/ipforward: fix typo in ipv4_dev_forward
f_domain is used to determine protocol family when CONFIG_NET_IPv4 and CONFIG_NET_IPv6 are both defined, but not correctly used in ipv4_dev_forward because of typo (there's not a config named CONFIG_NET_IPv5) which may cause IPv4 packets to be forwarded as IPv6.

Signed-off-by: wengzhe <wengzhe@xiaomi.com>
2022-10-10 19:31:39 +08:00
Xiang Xiao
ba9486de4a iob: Remove iob_user_e enum and related code
since it is impossible to track producer and consumer
correctly if TCP/IP stack pass IOB directly to netdev

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
2022-08-15 08:41:20 +03:00
Petro Karashchenko
9551de7115 net: use HTONS, NTOHS, HTONL, NTOHL macro in kernel code
Signed-off-by: Petro Karashchenko <petro.karashchenko@gmail.com>
2022-01-18 10:59:47 +01:00
Xiang Xiao
5b2a17b892 Include assert.h in necessary place
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
2021-06-08 13:06:08 -07:00
Alin Jerpelea
37d5c1b0d9 net: Author Gregory Nutt: update licenses to Apache
Gregory Nutt has submitted the SGA and we can migrate the licenses
 to Apache.

Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
2021-02-20 00:38:18 -08:00
Alin Jerpelea
7dc7ef45f1 net: nxstyle fixes
Nxstyle fixes to pass CI.

Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
2021-02-20 00:38:18 -08:00
Xiang Xiao
cde88cabcc Run codespell -w with the latest dictonary again
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
2020-02-23 22:27:46 +01:00
Xiang Xiao
bd4e8e19d3 Run codespell -w against all files
and fix the wrong correction
2020-02-22 14:45:07 -06:00
Xiang Xiao
6a3c2aded6 Fix wait loop and void cast (#24)
* Simplify EINTR/ECANCEL error handling

1. Add semaphore uninterruptible wait function
2 .Replace semaphore wait loop with a single uninterruptible wait
3. Replace all sem_xxx to nxsem_xxx

* Unify the void cast usage

1. Remove void cast for function because many place ignore the returned value witout cast
2. Replace void cast for variable with UNUSED macro
2020-01-02 10:54:43 -06:00
Gregory Nutt
3b275fcf4e net/: Run nxstyle against all C files. 2019-10-25 11:31:42 -06:00
Nathan Hartman
366053e464 Fix typos, 1 in a #define, others in comments. This changes one definition: _MQ_TIMEDRECIEVE is changed to _MQ_TIMEDRECEIVE. It appears this symbol is not used anywhere. 2019-09-11 08:56:56 -06:00
Gregory Nutt
c5066f9f4c net/ipforward/ipv4_forward.c: Correct some errors introduced with commit a52ceac13e. Noted by Adam Porter. 2019-09-06 16:01:38 -06:00
Gregory Nutt
a52ceac13e net/: Now handles reception of IPv4 packets with larger IPv4 headers containing options. 2019-08-31 12:25:30 -06:00
Anthony Merlino
70404ed0dc Merged in antmerlino/nuttx/iobinstrumentation (pull request #1001)
Iobinstrumentation

* mm/iob: Introduces producer/consumer id to every iob call. This is so that the calls can be instrumented to monitor the IOB resources.

* iob instrumentation - Merges producer/consumer enumeration for simpler IOB user.

* fs/procfs: Starts adding support for /proc/iobinfo

* fs/procfs: Finishes first pass of simple IOB user stastics and /proc/iobinfo entry

Approved-by: Gregory Nutt <gnutt@nuttx.org>
2019-08-16 22:42:25 +00:00
Gregory Nutt
7d2b250cbc net/netdev: All utility functions that lookup network devices should begin with netdev_findby_. Also correct some comments and the name of a formal parameter. 2018-10-29 12:21:22 -06:00
Gregory Nutt
22cd0d47fa This commit attempts remove some long standard confusion in naming and some actual problems that result from the naming confusion. The basic problem is the standard MTU does not include the size of the Ethernet header. For clarity, I changed the naming of most things called MTU to PKTSIZE. For example, CONFIG_NET_ETH_MTU is now CONFIG_NET_ETH_PKTSIZE.
This makes the user interface a little hostile.  People thing of an MTU of 1500 bytes, but the corresponding packet is really 1514 bytes (including the 14 byte Ethernet header).  A more friendly solution would configure the MTU (as before), but then derive the packet buffer size by adding the MAC header length.  Instead, we define the packet buffer size then derive the MTU.

The MTU is not common currency in networking.  On the wire, the only real issue is the MSS which is derived from MTU by subtracting the IP header and TCP header sizes (for the case of TCP).  Now it is derived for the PKTSIZE by subtracting the IP header, the TCP header, and the MAC header sizes.  So we should be all good and without the recurring 14 byte error in MTU's and MSS's.

Squashed commit of the following:

    Trivial update to fix some spacing issues.
    net/: Rename several macros containing _MTU to _PKTSIZE.
    net/: Rename CONFIG_NET_SLIP_MTU to CONFIG_NET_SLIP_PKTSIZE and similarly for CONFIG_NET_TUN_MTU.  These are not the MTU which does not include the size of the link layer header.  These are the full size of the packet buffer memory (minus any GUARD bytes).
    net/: Rename CONFIG_NET_6LOWPAN_MTU to CONFIG_NET_6LOWPAN_PKTSIZE and similarly for CONFIG_NET_TUN_MTU.  These are not the MTU which does not include the size of the link layer header.  These are the full size of the packet buffer memory (minus any GUARD bytes).
    net/: Rename CONFIG_NET_ETH_MTU to CONFIG_NET_ETH_PKTSIZE.  This is not the MTU which does not include the size of the link layer header.  This is the full size of the packet buffer memory (minus any GUARD bytes).
    net/: Rename the file d_mtu in the network driver structure to d_pktsize.  That value saved there is not the MTU.  The packetsize is the memory large enough to hold the maximum packet PLUS the size of the link layer header.  The MTU does not include the link layer header.
2018-07-04 14:10:40 -06:00
Dmitriy Linikov
9e8332e5c8 Merged in hardlulz/modem-3.0-nuttx/fixbuild-ipv4_forward (pull request #602)
Fixed misprint in ipv4_forward.c

Approved-by: Gregory Nutt <gnutt@nuttx.org>
2018-02-20 18:23:48 +00:00
Gregory Nutt
bd7c84b23e Remove CONFIG_NETDEV_MULTINIC. This increases code size by a little, but greatly reduces the complexity of the network code. 2017-08-08 14:24:12 -06:00
Gregory Nutt
aa2e9c15a5 IP forwarding: Major rearchitecting of the outgoing portion of the IP forwarding logic necessary into to properly received device-related forwarding events. 2017-07-07 20:19:26 -06:00
Gregory Nutt
803235ad4b IP forwaring: Rename some files to get closer to other naming conventions. 2017-07-07 18:45:58 -06:00
Gregory Nutt
7258f1cbfc IP forwarding: Move to separate directory. A few fixes from early testing; In TUN driver, do all polling on worker thread. Otherwise, the stack gets very deep. 2017-07-07 18:33:06 -06:00