Otherwise, the IP address is always considered to conflict, and the ipv6
address cannot be effectively obtained.
Later we will look at how to perform conflict detection on L3 network cards
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
Now we only supports conntrack info from NAT entries, to let our apps in user space know the mapping status in NAT.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
I found `struct ipv*_nat_entry` is missing `_s` suffix, but the name is too long in some cases, so maybe `ipv*_nat_entry_t` could be better.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Notes:
1. This version of NAT66 is a stateful one like NAT44, corresponding to Linux's MASQUERADE target of ip6tables. We can support stateless NAT66 & NPTv6 later by slightly modify the address & port selection logic (maybe just match the rules and skip the entry find).
2. We're using same flag `IFF_NAT` for both NAT44 & NAT66 to make control easier. Which means, if we enable NAT, both NAT44 & NAT66 will be enabled. If we don't want one of them, we can just disable that one in Kconfig.
3. Maybe we can accelerate the checksum adjustment by pre-calculate a difference of checksum, and apply it to each packet, instead of calling `net_chksum_adjust` each time. Just a thought, maybe do it later.
4. IP fragment segments on NAT66 connections are not supported yet.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
To prepare for future IPv6 NAT functions.
- Rename common ipv4_nat_xxx to nat_xxx
- Move some common definitions into header
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Because CAN is a broadcast protocol, each conn needs to be given independent data to avoid mutual interference.
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
The symmetric NAT limits one external port to be used with only one peer ip:port.
Note:
1. To avoid using too much #ifdef, we're always passing peer_ip and peer_port as arguments, but won't use them under full cone NAT, let the compiler optimize them.
2. We need to find port binding without peer ip:port, so don't add peer ip:port into hash key.
3. Symmetric NAT needs to *select another external port if a port is used by any other NAT entry*, this behavior is exactly same as Full Cone NAT, so we don't need to change anything related to `ipv4_nat_port_inuse`.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Fix minor problems when reading codes:
- icmpv6_autoconfig: Call net_unlock before return
- pkt_sendmsg: Return error for types other than SOCK_RAW
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
1. Don't assert on IGMP inside ICMP, just ignore it.
2. Check we have full IP header inside ICMP payload before accessing it.
3. `inner_l4hdrbak` need to be `L4_MAXHDRLEN`, not `L4_MAXHDRLEN/2`.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
https://github.com/apache/nuttx/pull/11384 has changed the source
address selection of UDP from raddr to laddr, but not all UDP
connections have laddr set, then we need to fallback to get source from
raddr.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Support longest prefix match routing described as "Longest Match" in
RFC 1812, Section 5.2.4.3, Page 75.
Introduced `prefixlen` to indicate the prefix length of currently
founded route, and only looks up for longer prefix in all later steps.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
If we only enable one of `CONFIG_NET_ARP_SEND` and
`CONFIG_NET_ICMPv6_NEIGHBOR`, both IPv4 and IPv6 traffic will send
ARP or NDP, which causes problem.
Example:
`CONFIG_NET_ARP_SEND=n`
`CONFIG_NET_ICMPv6_NEIGHBOR=y`
Wrong:
IPv4 traffic (`PF_INET`) goes into `icmpv6_neighbor`, which
definitely causes problem.
Correct:
IPv4 traffic doesn't call anything, IPv6 traffic calls `icmpv6_neighbor`
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Follow the posix standard:
If no messages are available to be received and the peer has
performed an orderly shutdown, recv() shall return 0.
Signed-off-by: Bowen Wang <wangbowen6@xiaomi.com>
When peer->lc_cfpcount == LOCAL_NCONTROLFDS,
Line 122: peer->lc_cfps[peer->lc_cfpcount++] = filep2; access
out-of-range
Signed-off-by: Bowen Wang <wangbowen6@xiaomi.com>
In this case, remote addr is all zero, and the length of the
ip header is not recognized as ipv6_is_ipv4, This will cause
problems in subsequent data filling.
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>