Commit Graph

76 Commits

Author SHA1 Message Date
Zhe Weng
f7181676b7 net: Support IP packet filter
Add a firewall compatible with Linux's iptables and ip6tables, with chains at similar points in the packet processing path.

NIC ─> ipv[46]_input ┬> ipv[46]_forward ─> [FORWARD] ┬> devif_poll_out ─> NIC
                     │                               │
                     │          ┌>  tcp  ┐           │
                     │          ├>  udp  ┤           │
                     └> [INPUT] ┼> icmp  ┼> [OUTPUT] ┘
                                ├> icmp6 ┤
                                └>  ...  ┘

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2024-06-20 09:43:05 +08:00
Zhe Weng
f3b34c84c2 net/nat: Support IPv6 Masquerading (NAT66)
Notes:
1. This version of NAT66 is a stateful one like NAT44, corresponding to Linux's MASQUERADE target of ip6tables.  We can support stateless NAT66 & NPTv6 later by slightly modify the address & port selection logic (maybe just match the rules and skip the entry find).
2. We're using same flag `IFF_NAT` for both NAT44 & NAT66 to make control easier.  Which means, if we enable NAT, both NAT44 & NAT66 will be enabled.  If we don't want one of them, we can just disable that one in Kconfig.
3. Maybe we can accelerate the checksum adjustment by pre-calculate a difference of checksum, and apply it to each packet, instead of calling `net_chksum_adjust` each time.  Just a thought, maybe do it later.
4. IP fragment segments on NAT66 connections are not supported yet.

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2024-04-11 22:23:29 +08:00
Zhe Weng
2a342d2424 net/netdev: Add netdev_iob_clone helper
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2024-03-29 11:52:24 +08:00
chao an
6ee9ec7656 build: add initial cmake build system
1. Update all CMakeLists.txt to adapt to new layout
2. Fix cmake build break
3. Update all new file license
4. Fully compatible with current compilation environment(use configure.sh or cmake as you choose)

------------------

How to test

From within nuttx/. Configure:

cmake -B build -DBOARD_CONFIG=sim/nsh -GNinja
cmake -B build -DBOARD_CONFIG=sim:nsh -GNinja
cmake -B build -DBOARD_CONFIG=sabre-6quad/smp -GNinja
cmake -B build -DBOARD_CONFIG=lm3s6965-ek/qemu-flat -GNinja

(or full path in custom board) :
cmake -B build -DBOARD_CONFIG=$PWD/boards/sim/sim/sim/configs/nsh -GNinja

This uses ninja generator (install with sudo apt install ninja-build). To build:

$ cmake --build build

menuconfig:

$ cmake --build build -t menuconfig

--------------------------

2. cmake/build: reformat the cmake style by cmake-format

https://github.com/cheshirekow/cmake_format

$ pip install cmakelang

$ for i in `find -name CMakeLists.txt`;do cmake-format $i -o $i;done
$ for i in `find -name *\.cmake`;do cmake-format $i -o $i;done

Co-authored-by: Matias N <matias@protobits.dev>
Signed-off-by: chao an <anchao@xiaomi.com>
2023-07-08 13:50:48 +08:00
chao an
589d4a9f8e net/semantic/parser: fix compile warning found by sparse
Reference:
https://linux.die.net/man/1/sparse

Signed-off-by: chao an <anchao@xiaomi.com>
2023-05-30 23:00:00 +08:00
zhanghongyu
9f8d418cd1 forward: copy iob when broadcast forward
since iob offload, ipvx_dev_forward will remove d_iob, if there are multiple
devices, d_iob will be NULL when dev_forward is entered second time. and the
device that receives the packet cannot process the packet after forwarding it
so the iob copy is added.

Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
2023-05-06 03:18:08 +08:00
zhanghongyu
6c73221dd4 forward: limit the forwarding range of broadcast packets
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
2023-04-22 19:24:46 +08:00
Zhe Weng
1cf3147626 net/netdev: Avoid hardcoded guardsize when using d_iob
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2023-01-18 14:41:07 +08:00
luojun1234
ff3733b5b5 Support fragmentation and reassembly
Signed-off-by: luojun1 <luojun1@xiaomi.com>
2023-01-17 14:01:37 +08:00
chao an
8a63d29c6e net/devif_poll: optimize device buffer alloc in txpoll
Allocate the device buffer only if the protocol really need to send data.
not all protocols require the driver to prepare additional iob before
sending, especially UDP, each iob reserves l2/l3 header in advance
after prepare write buffer, net device could reuse this entry to send directly

Signed-off-by: chao an <anchao@xiaomi.com>
2023-01-13 16:41:10 +08:00
Zhe Weng
2f3e237380 net/ipfwd: limit number of ipforward struct to be less than number of IOB
If ipforward consumes all the IOB, devif_poll will not poll any more. Without polling, ipforward will not release any IOB, then all the network stack may fail with no IOB available.

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-12-09 11:20:16 +08:00
chao an
c738da048c net/ipforward: update IP buffer offset
Signed-off-by: chao an <anchao@xiaomi.com>
2022-12-07 00:01:52 +08:00
Zhe Weng
6e9053265c net/ipfwd: fix ipv4_dev_forward after IOB offload.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-12-06 17:03:47 +08:00
chao an
34d2cde8a8 net/l2/l3/l4: add support of iob offload
1. Add new config CONFIG_NET_LL_GUARDSIZE to isolation of l2 stack,
   which will benefit l3(IP) layer for multi-MAC(l2) implementation,
   especially in some NICs such as celluler net driver.

new configuration options: CONFIG_NET_LL_GUARDSIZE

CONFIG_NET_LL_GUARDSIZE will reserved l2 buffer header size of
network buffer to isolate the L2/L3 (MAC/IP) data on network layer,
which will be beneficial to L3 network layer protocol transparent
transmission and forwarding

------------------------------------------------------------
Layout of frist iob entry:

        iob_data (aligned by CONFIG_IOB_ALIGNMENT)
            |
            |                  io_offset(CONFIG_NET_LL_GUARDSIZE)
            |                                |
            -------------------------------------------------
      iob   |            Reserved            |    io_len    |
            -------------------------------------------------

-------------------------------------------------------------
Layout of different NICs implementation:

        iob_data (aligned by CONFIG_IOB_ALIGNMENT)
            |
            |                 io_offset(CONFIG_NET_LL_GUARDSIZE)
            |                                |
            -------------------------------------------------
 Ethernet   |       Reserved    | ETH_HDRLEN |    io_len    |
            ---------------------------------|---------------
 8021Q      |   Reserved  | ETH_8021Q_HDRLEN |    io_len    |
            ---------------------------------|---------------
 ipforward  |            Reserved            |    io_len    |
            -------------------------------------------------

--------------------------------------------------------------------

2. Support iob offload to l2 driver to avoid unnecessary memory copy

Support send/receive iob vectors directly between the NICs and l3/l4
stack to avoid unnecessary memory copies, especially on hardware that
supports Scatter/gather, which can greatly improve performance.

new interface to support iob offload:

  ------------------------------------------
  |    IOB version     |     original      |
  |----------------------------------------|
  |  devif_iob_poll()  |   devif_poll()    |
  |       ...          |       ...         |
  ------------------------------------------

--------------------------------------------------------------------

1> NIC hardware support Scatter/gather transfer

TX:

                tcp_poll()/udp_poll()/pkt_poll()/...(l3|l4)
                           /              \
                          /                \
devif_poll_[l3|l4]_connections()     devif_iob_send() (nocopy:udp/icmp/...)
           /                                   \      (copy:tcp)
          /                                     \
  devif_iob_poll("NIC"_txpoll)                callback() // "NIC"_txpoll
                                                  |
                            dev->d_iob:           |
                                                ---------------         ---------------
                             io_data       iob1 |  |          |    iob3 |  |          |
                                    \           ---------------         ---------------
                                  ---------------  |       --------------- |
                             iob0 |  |          |  |  iob2 |  |          | |
                                  ---------------  |       --------------- |
                                     \             |          /           /
                                        \          |       /           /
                                   ----------------------------------------------
                    NICs io vector |    |    |    |    |    |    |    |    |    |
                                   ----------------------------------------------

RX:

  [tcp|udp|icmp|...]ipv[4|6]_data_handler()(iob_concat/append to readahead)
                    |
                    |
      [tcp|udp|icmp|...]_ipv[4|6]_in()/...
                    |
                    |
          pkt/ipv[4/6]_input()/...
                    |
                    |
     NICs io vector receive(iov_base to each iobs)

--------------------------------------------------------------------

2> CONFIG_IOB_BUFSIZE is greater than MTU:

TX:

"(CONFIG_IOB_BUFSIZE) > (MAX_NETDEV_PKTSIZE + CONFIG_NET_GUARDSIZE + CONFIG_NET_LL_GUARDSIZE)"

                tcp_poll()/udp_poll()/pkt_poll()/...(l3|l4)
                           /              \
                          /                \
devif_poll_[l3|l4]_connections()     devif_iob_send() (nocopy:udp/icmp/...)
           /                                   \      (copy:tcp)
          /                                     \
  devif_iob_poll("NIC"_txpoll)                callback() // "NIC"_txpoll
                                                  |
                                             "NIC"_send()
                          (dev->d_iob->io_data[CONFIG_NET_LL_GUARDSIZE - NET_LL_HDRLEN(dev)])

RX:

  [tcp|udp|icmp|...]ipv[4|6]_data_handler()(iob_concat/append to readahead)
                    |
                    |
      [tcp|udp|icmp|...]_ipv[4|6]_in()/...
                    |
                    |
          pkt/ipv[4/6]_input()/...
                    |
                    |
     NICs io vector receive(iov_base to io_data)

--------------------------------------------------------------------

3> Compatible with all old flat buffer NICs

TX:
                tcp_poll()/udp_poll()/pkt_poll()/...(l3|l4)
                           /              \
                          /                \
devif_poll_[l3|l4]_connections()     devif_iob_send() (nocopy:udp/icmp/...)
           /                                   \      (copy:tcp)
          /                                     \
  devif_iob_poll(devif_poll_callback())  devif_poll_callback() /* new interface, gather iobs to flat buffer */
       /                                           \
      /                                             \
 devif_poll("NIC"_txpoll)                     "NIC"_send()(dev->d_buf)

RX:

  [tcp|udp|icmp|...]ipv[4|6]_data_handler()(iob_concat/append to readahead)
                    |
                    |
      [tcp|udp|icmp|...]_ipv[4|6]_in()/...
                    |
                    |
               netdev_input()  /* new interface, Scatter/gather flat/iob buffer */
                    |
                    |
          pkt/ipv[4|6]_input()/...
                    |
                    |
    NICs io vector receive(Orignal flat buffer)

3. Iperf passthrough on NuttX simulator:

  -------------------------------------------------
  |  Protocol      | Server | Client |            |
  |-----------------------------------------------|
  |  TCP           |  813   |   834  |  Mbits/sec |
  |  TCP(Offload)  | 1720   |  1100  |  Mbits/sec |
  |  UDP           |   22   |   757  |  Mbits/sec |
  |  UDP(Offload)  |   25   |  1250  |  Mbits/sec |
  -------------------------------------------------

Signed-off-by: chao an <anchao@xiaomi.com>
2022-12-03 11:47:04 +08:00
Zhe Weng
69cbcfd19f net/ipfwd: Support ICMPv6 error reply when forwarding IPv6
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-12-02 15:26:45 +08:00
Zhe Weng
f416fd86bb net/ipfwd: Support ICMP error reply when forwarding IPv4
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-12-02 15:26:45 +08:00
Zhe Weng
b595430578 net: add basic NAT workflow
Add basic functions for NAT (NAPT), remaining some logic unimplemented (UDP, ICMP, port assignment, etc). NAT for TCP can work now (unless port conflicts).
Outbound: LAN ->  Forward  ->  NAT(only if targeting at WAN)  -> WAN
Inbound:  WAN ->  NAT(only from WAN, change dest) -> Forward  -> LAN

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2022-11-11 14:36:55 +08:00
chao an
a8d3286258 net: move device buffer define to common header
Signed-off-by: chao an <anchao@xiaomi.com>
2022-10-28 00:32:16 -04:00
chao an
b60b48411c net/ipforward: correct application data offset
Signed-off-by: chao an <anchao@xiaomi.com>
2022-10-26 14:33:56 +02:00
wengzhe
6b7fe6ea8e net/ipforward: fix typo in ipv4_dev_forward
f_domain is used to determine protocol family when CONFIG_NET_IPv4 and CONFIG_NET_IPv6 are both defined, but not correctly used in ipv4_dev_forward because of typo (there's not a config named CONFIG_NET_IPv5) which may cause IPv4 packets to be forwarded as IPv6.

Signed-off-by: wengzhe <wengzhe@xiaomi.com>
2022-10-10 19:31:39 +08:00
chao.an
162fcd10ca net: cleanup pvconn reference to avoid confuse
More reference:
https://github.com/apache/incubator-nuttx/pull/5252
https://github.com/apache/incubator-nuttx/pull/5434

Signed-off-by: chao.an <anchao@xiaomi.com>
2022-08-26 20:58:11 +08:00
Xiang Xiao
ba9486de4a iob: Remove iob_user_e enum and related code
since it is impossible to track producer and consumer
correctly if TCP/IP stack pass IOB directly to netdev

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
2022-08-15 08:41:20 +03:00
Xiang Xiao
fe85e9d0fa net: Remove devif_timer from comment
since devif_timer has been removed in:
commit 035d925864
Author: zhanghongyu <zhanghongyu@xiaomi.com>
Date:   Sun May 29 21:47:28 2022 +0800

    devif: remove all devif_timer

    Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
2022-06-07 20:15:41 +03:00
Petro Karashchenko
9551de7115 net: use HTONS, NTOHS, HTONL, NTOHL macro in kernel code
Signed-off-by: Petro Karashchenko <petro.karashchenko@gmail.com>
2022-01-18 10:59:47 +01:00
Alexander Lunev
36fbedcbfc net/devif/devif_callback.c: corrected the connection event list to work as FIFO instead of LIFO.
In case of enabled packet forwarding mode, packets were forwarded in a reverse order
because of LIFO behavior of the connection event list.
The issue exposed only during high network traffic. Thus the event list started to grow
that resulted in changing the order of packets inside of groups of several packets
like the following: 3, 2, 1, 6, 5, 4, 8, 7 etc.

Remarks concerning the connection event list implementation:
* Now the queue (list) is FIFO as it should be.
* The list is singly linked.
* The list has a head pointer (inside of outer net_driver_s structure),
  and a tail pointer is added into outer net_driver_s structure.
* The list item is devif_callback_s structure.
  It still has two pointers to two different list chains (*nxtconn and *nxtdev).
* As before the first argument (*dev) of the list functions can be NULL,
  while the other argument (*list) is effective (not NULL).
* An extra (*tail) argument is added to devif_callback_alloc()
  and devif_conn_callback_free() functions.
* devif_callback_alloc() time complexity is O(1) (i.e. O(n) to fill the whole list).
* devif_callback_free() time complexity is O(n) (i.e. O(n^2) to empty the whole list).
* devif_conn_event() time complexity is O(n).
2021-09-18 21:01:39 -05:00
Xiang Xiao
5b2a17b892 Include assert.h in necessary place
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
2021-06-08 13:06:08 -07:00
Gustavo Henrique Nihei
76acb32e29 Fix typos reported by codespell 2021-02-25 11:31:49 -08:00
Alin Jerpelea
37d5c1b0d9 net: Author Gregory Nutt: update licenses to Apache
Gregory Nutt has submitted the SGA and we can migrate the licenses
 to Apache.

Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
2021-02-20 00:38:18 -08:00
Alin Jerpelea
7dc7ef45f1 net: nxstyle fixes
Nxstyle fixes to pass CI.

Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
2021-02-20 00:38:18 -08:00
Nathan Hartman
a5e643b0cd Fix typos in comments and documentation. 2020-03-16 20:01:11 -06:00
Xiang Xiao
cde88cabcc Run codespell -w with the latest dictonary again
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
2020-02-23 22:27:46 +01:00
Xiang Xiao
bd4e8e19d3 Run codespell -w against all files
and fix the wrong correction
2020-02-22 14:45:07 -06:00
Xiang Xiao
68951e8d72 Remove exra whitespace from files ()
* Remove multiple newlines at the end of files
* Remove the whitespace from the end of lines
2020-01-31 09:24:49 -06:00
Xiang Xiao
6a3c2aded6 Fix wait loop and void cast ()
* Simplify EINTR/ECANCEL error handling

1. Add semaphore uninterruptible wait function
2 .Replace semaphore wait loop with a single uninterruptible wait
3. Replace all sem_xxx to nxsem_xxx

* Unify the void cast usage

1. Remove void cast for function because many place ignore the returned value witout cast
2. Replace void cast for variable with UNUSED macro
2020-01-02 10:54:43 -06:00
Gregory Nutt
3b275fcf4e net/: Run nxstyle against all C files. 2019-10-25 11:31:42 -06:00
Xiang Xiao
5fd8f78bf9 net/ipforward, tcp, and udp: Fix a chicken and egg problem by eliminating the check of the arp/neighbor tables before packet transmission
1. For buffered tcp/udp case, if CONFIG_NET_ARP_SEND/CONFIG_NET_ARP_IPIN/CONFIG_NET_ICMPv6_NEIGHBOR isn't enabled and the table doesn't contain ip<->ethaddr mapping yet, the logic will skip the realtransmission and then arp/neighbor can't steal the final buffer to generate arp/icmpv6 packet.
2.for all other case, the tcp layer or user program should already contain the retransmit logic, the check is redundancy and may generate many duplicated packets if arp/icmpv6 response is too slow because the cursor stop forward. If user still concern about the very first packet lost, he could fix the issue by enabling CONFIG_NET_ARP_SEND/CONFIG_NET_ICMPv6_NEIGHBOR at begin.
2019-09-18 12:33:41 -06:00
Nathan Hartman
366053e464 Fix typos, 1 in a #define, others in comments. This changes one definition: _MQ_TIMEDRECIEVE is changed to _MQ_TIMEDRECEIVE. It appears this symbol is not used anywhere. 2019-09-11 08:56:56 -06:00
Gregory Nutt
c5066f9f4c net/ipforward/ipv4_forward.c: Correct some errors introduced with commit a52ceac13e. Noted by Adam Porter. 2019-09-06 16:01:38 -06:00
Gregory Nutt
a52ceac13e net/: Now handles reception of IPv4 packets with larger IPv4 headers containing options. 2019-08-31 12:25:30 -06:00
Anthony Merlino
70404ed0dc Merged in antmerlino/nuttx/iobinstrumentation (pull request )
Iobinstrumentation

* mm/iob: Introduces producer/consumer id to every iob call. This is so that the calls can be instrumented to monitor the IOB resources.

* iob instrumentation - Merges producer/consumer enumeration for simpler IOB user.

* fs/procfs: Starts adding support for /proc/iobinfo

* fs/procfs: Finishes first pass of simple IOB user stastics and /proc/iobinfo entry

Approved-by: Gregory Nutt <gnutt@nuttx.org>
2019-08-16 22:42:25 +00:00
Anthony Merlino
7c06438315 Merged in antmerlino/nuttx/ipforward (pull request )
net/ipforward: Check if interface is up early on when forwarding to avoid extra work.

As noticed in a previous wireless commit, when forwarding is enabled and a packet comes in, the packet is attempted to be sent on each other netdev without regard for whether it is in the UP state. Of course this is eventually caught, but it can be caught earlier to avoid unnecessary work, especially in the 6LoWPAN case where a useless packet conversion will occur.

Approved-by: Gregory Nutt <gnutt@nuttx.org>
2019-08-10 17:53:06 +00:00
Gregory Nutt
1346f29151 net/: Fix alignment and spacing problems found by tools/nxstyle. 2019-07-02 18:02:23 -06:00
Xiang Xiao
0a6e234962 net/neighbor: neighbor_lookup() checks if the target IP belongs to one of the local network devices. 2018-11-09 14:14:15 -06:00
Gregory Nutt
7d2b250cbc net/netdev: All utility functions that lookup network devices should begin with netdev_findby_. Also correct some comments and the name of a formal parameter. 2018-10-29 12:21:22 -06:00
Gregory Nutt
3bf96c8e7e net/arp: Improve arp_find() commit 9774d35010 to reduce the amount and frequency of data copies. 2018-08-25 07:12:21 -06:00
Gregory Nutt
324e1412ef net/arp: Costmetic update to comments. 2018-08-24 17:57:15 -06:00
Gregory Nutt
9774d35010 net/arp: Make the function arp_find() thread-safe. It now returns a copy of the ARP table entry, rather than a potentially unstable reference to the ARP table entry. 2018-08-24 17:36:08 -06:00
Gregory Nutt
8c61c2f31b Remove trailing spaces at the end of lines. 2018-08-13 07:39:38 -06:00
Gregory Nutt
22cd0d47fa This commit attempts remove some long standard confusion in naming and some actual problems that result from the naming confusion. The basic problem is the standard MTU does not include the size of the Ethernet header. For clarity, I changed the naming of most things called MTU to PKTSIZE. For example, CONFIG_NET_ETH_MTU is now CONFIG_NET_ETH_PKTSIZE.
This makes the user interface a little hostile.  People thing of an MTU of 1500 bytes, but the corresponding packet is really 1514 bytes (including the 14 byte Ethernet header).  A more friendly solution would configure the MTU (as before), but then derive the packet buffer size by adding the MAC header length.  Instead, we define the packet buffer size then derive the MTU.

The MTU is not common currency in networking.  On the wire, the only real issue is the MSS which is derived from MTU by subtracting the IP header and TCP header sizes (for the case of TCP).  Now it is derived for the PKTSIZE by subtracting the IP header, the TCP header, and the MAC header sizes.  So we should be all good and without the recurring 14 byte error in MTU's and MSS's.

Squashed commit of the following:

    Trivial update to fix some spacing issues.
    net/: Rename several macros containing _MTU to _PKTSIZE.
    net/: Rename CONFIG_NET_SLIP_MTU to CONFIG_NET_SLIP_PKTSIZE and similarly for CONFIG_NET_TUN_MTU.  These are not the MTU which does not include the size of the link layer header.  These are the full size of the packet buffer memory (minus any GUARD bytes).
    net/: Rename CONFIG_NET_6LOWPAN_MTU to CONFIG_NET_6LOWPAN_PKTSIZE and similarly for CONFIG_NET_TUN_MTU.  These are not the MTU which does not include the size of the link layer header.  These are the full size of the packet buffer memory (minus any GUARD bytes).
    net/: Rename CONFIG_NET_ETH_MTU to CONFIG_NET_ETH_PKTSIZE.  This is not the MTU which does not include the size of the link layer header.  This is the full size of the packet buffer memory (minus any GUARD bytes).
    net/: Rename the file d_mtu in the network driver structure to d_pktsize.  That value saved there is not the MTU.  The packetsize is the memory large enough to hold the maximum packet PLUS the size of the link layer header.  The MTU does not include the link layer header.
2018-07-04 14:10:40 -06:00
Gregory Nutt
aabdc00e8c net/: Fix some incorrect comments that go back for years (but have also been cloned in newer files). The network was once interrupt driver, but now runs on the work queue with a semaphore to enforce mutual exclusion. 2018-06-23 14:09:06 -06:00