Notes:
1. This version of NAT66 is a stateful one like NAT44, corresponding to Linux's MASQUERADE target of ip6tables. We can support stateless NAT66 & NPTv6 later by slightly modify the address & port selection logic (maybe just match the rules and skip the entry find).
2. We're using same flag `IFF_NAT` for both NAT44 & NAT66 to make control easier. Which means, if we enable NAT, both NAT44 & NAT66 will be enabled. If we don't want one of them, we can just disable that one in Kconfig.
3. Maybe we can accelerate the checksum adjustment by pre-calculate a difference of checksum, and apply it to each packet, instead of calling `net_chksum_adjust` each time. Just a thought, maybe do it later.
4. IP fragment segments on NAT66 connections are not supported yet.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
To prepare for future IPv6 NAT functions.
- Rename common ipv4_nat_xxx to nat_xxx
- Move some common definitions into header
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Because CAN is a broadcast protocol, each conn needs to be given independent data to avoid mutual interference.
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
The symmetric NAT limits one external port to be used with only one peer ip:port.
Note:
1. To avoid using too much #ifdef, we're always passing peer_ip and peer_port as arguments, but won't use them under full cone NAT, let the compiler optimize them.
2. We need to find port binding without peer ip:port, so don't add peer ip:port into hash key.
3. Symmetric NAT needs to *select another external port if a port is used by any other NAT entry*, this behavior is exactly same as Full Cone NAT, so we don't need to change anything related to `ipv4_nat_port_inuse`.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Fix minor problems when reading codes:
- icmpv6_autoconfig: Call net_unlock before return
- pkt_sendmsg: Return error for types other than SOCK_RAW
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
1. Don't assert on IGMP inside ICMP, just ignore it.
2. Check we have full IP header inside ICMP payload before accessing it.
3. `inner_l4hdrbak` need to be `L4_MAXHDRLEN`, not `L4_MAXHDRLEN/2`.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
https://github.com/apache/nuttx/pull/11384 has changed the source
address selection of UDP from raddr to laddr, but not all UDP
connections have laddr set, then we need to fallback to get source from
raddr.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Support longest prefix match routing described as "Longest Match" in
RFC 1812, Section 5.2.4.3, Page 75.
Introduced `prefixlen` to indicate the prefix length of currently
founded route, and only looks up for longer prefix in all later steps.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
If we only enable one of `CONFIG_NET_ARP_SEND` and
`CONFIG_NET_ICMPv6_NEIGHBOR`, both IPv4 and IPv6 traffic will send
ARP or NDP, which causes problem.
Example:
`CONFIG_NET_ARP_SEND=n`
`CONFIG_NET_ICMPv6_NEIGHBOR=y`
Wrong:
IPv4 traffic (`PF_INET`) goes into `icmpv6_neighbor`, which
definitely causes problem.
Correct:
IPv4 traffic doesn't call anything, IPv6 traffic calls `icmpv6_neighbor`
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Follow the posix standard:
If no messages are available to be received and the peer has
performed an orderly shutdown, recv() shall return 0.
Signed-off-by: Bowen Wang <wangbowen6@xiaomi.com>
When peer->lc_cfpcount == LOCAL_NCONTROLFDS,
Line 122: peer->lc_cfps[peer->lc_cfpcount++] = filep2; access
out-of-range
Signed-off-by: Bowen Wang <wangbowen6@xiaomi.com>
In this case, remote addr is all zero, and the length of the
ip header is not recognized as ipv6_is_ipv4, This will cause
problems in subsequent data filling.
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
move the accept logic into connect flow.
In order to successfully establish a blocking connection between
the client and server on the same thread.
nonblock is not affected, and the block connect is now the same
as the nonblock flow, other apis are not affected.
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
The `xxx_ipv6multicast` function in each driver is not adapted to
multiple IPv6 addresses yet, and they're redundant, so try to take them
into common code.
Change:
1. Add MAC `g_ipv6_ethallnodes` and `g_ipv6_ethallrouters` in
`icmpv6_devinit` and call them in `netdev_register`
2. Add multicast MAC for Neighbor Solicitation when adding any IPv6
address, and remove them when IPv6 address is removed
3. Select `NET_MCASTGROUP` when `NET_ICMPv6` because now we need
`d_addmac` when we have ICMPv6
Note:
We want modules outside net stack to call functions like
`netdev_ipv6_add` and never touch the related MAC address, so these MAC
functions are added as internal functions to `net/netdev/netdev.h`
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
When CONFIG_NET_TCP_WRITE_BUFFERS is enabled, iobs are used for
both queuing data from application, and for assembling packets
for sending. If there is a system-wide shortage of iobs, it could
happen that there is not enough free space to form any packets
to send. The buffers allocated for TCP data also can't be released
until the packet is sent.
Normally this should be avoided by setting suitable values for
CONFIG_IOB_NBUFFERS and CONFIG_IOB_THROTTLE. The default values
are ok for light usage, but can run out when using multiple
simultaneous TCP streams.
Before this commit, iob shortage would cause TCP connections to
get stuck and eventually timeout. With this change, TCP stack
sends smaller packets, eventually freeing some buffers from the
write queue.
Previously ipv6 multi-address support decided packet source
address based on its destination. This doesn't work if NuttX
device has multiple addresses within same subnet.
Instead when a packet is a response to existing connection,
the source address should be based on the destination address
used in the received packet.
Commit 8a63d29c removed `devif_iob_send` from `udp_sendto_buffered`
workflow, `devif_iob_send` drops too big packet. Now we still need a
place to check the packet length, otherwise a packet larger than MTU
may be sent to the net driver.
In case of similar problem happens somewhere else, this commit also
adds a check in `netdev_upperhalf`, and count these cases into
`NETDEV_TXERRORS`.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
- When receiving Router Advertisement Message, if Managed Address
Configuration flag is set, we should ignore the Autonomous
Address-configuration flag, and obtain the IPv6 address via the
stateful process.
Signed-off-by: liqinhui <liqinhui@xiaomi.com>
Adds support for timestamping received UDP packets, either in
hardware or in kernel. Builds on the existing support of SO_TIMESTAMP
for SocketCAN.
Implementation uses CLOCK_REALTIME for timestamping to match the
behavior of Linux. This could be made configurable in future if needed.
If the flag is not set, The flag is affected by the previously sent and
received packets, L2 header may be filled with ipv6
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
When implementing IPv6-related logic, we found the `net_ipv6_pref2mask`
and `net_ipv6addr_copy` are using different argument order:
```
net_ipv6addr_copy(ifaddr->addr, addr);
net_ipv6_pref2mask(preflen, ifaddr->mask);
```
Change the order to:
```
net_ipv6addr_copy(ifaddr->addr, addr);
net_ipv6_pref2mask(ifaddr->mask, preflen);
```
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
1. Supporting `SIOCSIFADDR` and `SIOCDIFADDR` with Linux in6_ifreq struct to manage ipv6 addresses.
Ref: https://man7.org/linux/man-pages/man7/netdevice.7.html
2. Supporting alias like 'eth0:0' for multiple IPv6 addresses, to keep previous ioctl `SIOCGLIFADDR`, `SIOCSLIFADDR`, `SIOCGLIFNETMASK` and `SIOCSLIFNETMASK` working.
Ref: https://man7.org/linux/man-pages/man8/ifconfig.8.html
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Note that user-space related code, like procfs and lifreq related ioctl commands, are not touched in this commit.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Compatible with previous usage, because may network drivers are using old member name to print logs, and there's no significant need to change them now.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Prepare for multiple IPv6 addresses per net device, then we can notify
add/remove of a single address later.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
add ref count for ipv4 multicast and leave the multicast group when close
behavior alignment with linux.
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
some tools use this command to distinguish which device returned via getifaddrs() are wireless network device.
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
For datagram unix sockets, the `SO_SNDBUF` value imposes an upper limit on the size of outgoing datagrams.
Note: We don't support to change the buffer size yet, so only add support to getsockopt now.
Refs: https://man7.org/linux/man-pages/man7/unix.7.html
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
1. Both IPv6 addresses and net masks should be stored in network byte
order
2. Fix last 2 bytes of mask applying (although it seldom triggers)
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Allows setting the advertised route lifetime, and also to set
it to 0 for advertising only the prefix.
From RFC4861:
A router might want to send Router Advertisements without advertising
itself as a default router. For instance, a router might advertise
prefixes for stateless address autoconfiguration while not wishing to
forward packets. Such a router sets the Router Lifetime field in
outgoing advertisements to zero.
==1729315==ERROR: AddressSanitizer: heap-use-after-free on address 0xf0501d60 at pc 0x032ffe43 bp 0xef4ed158 sp 0xef4ed148
READ of size 2 at 0xf0501d60 thread T0
#0 0x32ffe42 in nxsem_wait semaphore/sem_wait.c:94
#1 0x3548cf5 in _net_timedwait utils/net_lock.c:97
#2 0x3548f48 in net_sem_timedwait utils/net_lock.c:236
#3 0x3548f8c in net_sem_wait utils/net_lock.c:318
#4 0x350124d in local_accept local/local_accept.c:246
#5 0x3492719 in psock_accept socket/accept.c:149
#6 0x3492bcc in accept4 socket/accept.c:280
#7 0x662dc04 in accept net/lib_accept.c:50
#8 0x55c81ab in kvdb_loop kvdb/server.c:415
#9 0x55c860a in kvdbd_main kvdb/server.c:458
#10 0x33d968b in nxtask_startup sched/task_startup.c:70
#11 0x32ec039 in nxtask_start task/task_start.c:134
#12 0x34109be in pre_start sim/sim_initialstate.c:52
0xf0501d60 is located 288 bytes inside of 420-byte region [0xf0501c40,0xf0501de4)
freed by thread T0 here:
#0 0xf7aa6a3f in __interceptor_free ../../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127
#1 0x73aa06e in host_free sim/posix/sim_hostmemory.c:192
#2 0x34131d6 in mm_free sim/sim_heap.c:230
#3 0x3409388 in free umm_heap/umm_free.c:49
#4 0x35631f3 in local_free local/local_conn.c:225
#5 0x3563f75 in local_release local/local_release.c:129
#6 0x34f5a32 in local_close local/local_sockif.c:785
#7 0x3496ee8 in psock_close socket/net_close.c:102
#8 0x36500bc in sock_file_close socket/socket.c:115
#9 0x3635f6c in file_close vfs/fs_close.c:74
#10 0x3632439 in nx_close_from_tcb inode/fs_files.c:670
#11 0x36324f3 in nx_close inode/fs_files.c:697
#12 0x3632557 in close inode/fs_files.c:735
#13 0x55be289 in property_set_ kvdb/client.c:210
#14 0x55c0309 in property_set_int32_ kvdb/common.c:226
#15 0x55c03f5 in property_set_int32_oneway kvdb/common.c:236
Signed-off-by: ligd <liguiding1@xiaomi.com>
Changed implementation to use the Kernel network stack when
usrsock daemon returns an error.
This change allows the Kernel network stack to be used instead
of UsrSock when opening a Socket at a time when a VPN configured
with TUN is enabled.
Some use cases, such as VPN, use both the device's network
stack with the Usrsock daemon and the Kernel's network stack.
Therefore, remove NET_TCP_NO_STACK/NET_UDP_NO_STACK select
from Usrsock's Kconfig.
The previous iob_trimhead added dev->iob->io_offset, so if the
input frame is not merged into the ofo segment, we need to reset
dev->iob->io_offset so that the subsequent tcp_send can properly
assemble packets.
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
We may just free some TCP connections before monitor stopped, e.g.
sacrificie a TCP conn in `tcp_alloc` will just call `tcp_free` and reuse
the connection. But we noticed that the TCP monitor is not released in
`tcp_free` because it is mounted on `conn->connevents` instead of
`conn->sconn.list` while `tcp_free` only release the latter.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
with nonblocking sockets, POLLOUT is returned when the application
calls poll even if the send buffer is full
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
Normally, `SO_ERROR` for disconn events will be set by `tcp_poll_eventhandler`, but when the socket is closed before poll, we should also set the `SO_ERROR`.
On Linux, `tcp_poll` returns `EPOLLERR` event when `sk->sk_err` has value but doesn't let `poll` fail (doesn't set `errno`). https://github.com/torvalds/linux/blob/v6.5/net/ipv4/tcp.c#L594-L596
Note: `sk->sk_err` can be get by socket option `SO_ERROR` on Linux, so `POLLERR` will always be together with `SO_ERROR`.
Common libs like curl may try to read `SO_ERROR` on `POLLERR`.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Summary
The following compilation error occurs after configuring CONFIG_DEBUG_OPTLEVEL="-O3"
CC: local/local_fifo.c In file included from local/local_fifo.c:25:
In function 'local_format_name',
inlined from 'local_cs_name' at local/local_fifo.c:101:3,
inlined from 'local_create_fifos' at local/local_fifo.c:431:3:
local/local_fifo.c:84:16: error: '%x' directive output may be truncated writing between 1 and 8 bytes into a region of size between 5 and 112 [-Werror=format-truncation=]
84 | CONFIG_NET_LOCAL_VFS_PATH "/%s%s%" PRIx32,
| ^~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: wangming9 <wangming9@xiaomi.com>
conn->sendsize is used in rpmsg_socket_ept_cb() and
rpmsg_socket_connect_internal(), the connected event may be missed
as stated below:
1. in rpmsg_socket_connect_internal(), judge conn->sendsize == 0
and prepare to wait sendsem;
2. interrupt by rptun thread, rpmsg_socket_ept_cb() is called to
update conn->sendsize and post the sendsem, but the no one wait
rx sem yet, so not post (see rpmsg_socket_post());
3. return to rpmsg_socket_connect_internal() to wait the sendsem, but
has miss the connected event.
So add recvlock in rpmsg_socket_connect_internal() also.
Signed-off-by: Bowen Wang <wangbowen6@xiaomi.com>
After the sack is enabled and the ofosegs has gap, tcp cannot update the
tx_unacked, so the peer received packets are retransmitted after the
timer timeout.
So update tx_unacked first.
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>