nuttx/net/nat/ipv4_nat.c
Zhe Weng a1a09f271f net/nat: Support Symmetric NAT
The symmetric NAT limits one external port to be used with only one peer ip:port.

Note:
1. To avoid using too much #ifdef, we're always passing peer_ip and peer_port as arguments, but won't use them under full cone NAT, let the compiler optimize them.
2. We need to find port binding without peer ip:port, so don't add peer ip:port into hash key.
3. Symmetric NAT needs to *select another external port if a port is used by any other NAT entry*, this behavior is exactly same as Full Cone NAT, so we don't need to change anything related to `ipv4_nat_port_inuse`.

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
2024-04-07 23:57:55 +08:00

931 lines
30 KiB
C

/****************************************************************************
* net/nat/ipv4_nat.c
*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership. The
* ASF licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the
* License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*
****************************************************************************/
/****************************************************************************
* Included Files
****************************************************************************/
#include <nuttx/config.h>
#include <assert.h>
#include <debug.h>
#include <errno.h>
#include <stdint.h>
#include <string.h>
#include <sys/types.h>
#include <nuttx/net/icmp.h>
#include <nuttx/net/tcp.h>
#include <nuttx/net/udp.h>
#include "nat/nat.h"
#include "utils/utils.h"
#if defined(CONFIG_NET_NAT) && defined(CONFIG_NET_IPv4)
/****************************************************************************
* Pre-processor Definitions
****************************************************************************/
/* Adjust checksums in headers. */
#define chksum_adjust(chksum,optr,nptr,len) \
net_chksum_adjust((FAR uint16_t *)(chksum), (FAR uint16_t *)(optr), len, \
(FAR uint16_t *)(nptr), len)
/* Getting IP & Port to manipulate from L3/L4 header. */
#define MANIP_IPADDR(iphdr,manip_type) \
((manip_type) == NAT_MANIP_SRC ? (iphdr)->srcipaddr : (iphdr)->destipaddr)
#define MANIP_PORT(l4hdr,manip_type) \
((manip_type) == NAT_MANIP_SRC ? &(l4hdr)->srcport : &(l4hdr)->destport)
/* Getting peer IP & Port (just other than MANIP) */
#define PEER_IPADDR(iphdr,manip_type) \
((manip_type) != NAT_MANIP_SRC ? (iphdr)->srcipaddr : (iphdr)->destipaddr)
#define PEER_PORT(l4hdr,manip_type) \
((manip_type) != NAT_MANIP_SRC ? &(l4hdr)->srcport : &(l4hdr)->destport)
/* Getting L4 header from IPv4 header. */
#define L4_HDR(ipv4) \
(FAR void *)((FAR uint8_t *)(ipv4) + (((ipv4)->vhl & IPv4_HLMASK) << 2))
#if defined(CONFIG_NET_TCP)
# define L4_MAXHDRLEN TCP_HDRLEN
#elif defined(CONFIG_NET_UDP)
# define L4_MAXHDRLEN UDP_HDRLEN
#elif defined(CONFIG_NET_ICMP)
# define L4_MAXHDRLEN ICMP_HDRLEN
#endif
/****************************************************************************
* Private Function Prototypes
****************************************************************************/
static FAR struct ipv4_nat_entry *
ipv4_nat_inbound_internal(FAR struct ipv4_hdr_s *ipv4,
enum nat_manip_type_e manip_type);
static FAR struct ipv4_nat_entry *
ipv4_nat_outbound_internal(FAR struct net_driver_s *dev,
FAR struct ipv4_hdr_s *ipv4,
enum nat_manip_type_e manip_type);
/****************************************************************************
* Inline Functions
****************************************************************************/
/****************************************************************************
* Name: ipv4_nat_l4_hdrlen
*
* Description:
* Get L4 header length
*
****************************************************************************/
static inline uint8_t ipv4_nat_l4_hdrlen(uint8_t proto)
{
switch (proto)
{
#ifdef CONFIG_NET_TCP
case IP_PROTO_TCP:
return TCP_HDRLEN;
#endif
#ifdef CONFIG_NET_UDP
case IP_PROTO_UDP:
return UDP_HDRLEN;
#endif
#ifdef CONFIG_NET_ICMP
case IP_PROTO_ICMP:
return ICMP_HDRLEN;
#endif
default:
nwarn("WARNING: Unsupported protocol %u inside ICMP\n", proto);
}
return 0;
}
/****************************************************************************
* Private Functions
****************************************************************************/
/****************************************************************************
* Name: ipv4_nat_ip_adjust
*
* Description:
* Adjust address and checksum for network packet.
*
* Input Parameters:
* ipv4 - Points to the IPv4 header to adjust.
* l4chksum - Points to the L4 checksum to adjust, NULL for not adjust.
* new_ip - The IP to set into header.
* manip_type - Whether manipulate source ip or destination ip.
*
****************************************************************************/
static void ipv4_nat_ip_adjust(FAR struct ipv4_hdr_s *ipv4,
FAR uint16_t *l4chksum, in_addr_t new_ip,
enum nat_manip_type_e manip_type)
{
FAR uint16_t *old_ip = MANIP_IPADDR(ipv4, manip_type);
if (l4chksum != NULL)
{
chksum_adjust(l4chksum, old_ip, &new_ip, sizeof(new_ip));
}
chksum_adjust(&ipv4->ipchksum, old_ip, &new_ip, sizeof(new_ip));
net_ipv4addr_hdrcopy(old_ip, &new_ip);
}
/****************************************************************************
* Name: ipv4_nat_port_adjust
*
* Description:
* Adjust port and checksum for network packet.
*
* Input Parameters:
* l4chksum - Points to the L4 checksum to adjust, NULL for not adjust.
* old_port - The port to be set.
* new_port - The port to set into header.
*
****************************************************************************/
static void ipv4_nat_port_adjust(FAR uint16_t *l4chksum,
FAR uint16_t *old_port, uint16_t new_port)
{
if (l4chksum != NULL)
{
chksum_adjust(l4chksum, old_port, &new_port, sizeof(new_port));
}
*old_port = new_port;
}
/****************************************************************************
* Name: ipv4_nat_inbound_tcp
*
* Description:
* Check if a received TCP packet belongs to a NAT entry. If so, translate
* the external IP/Port to local IP/Port.
*
* Input Parameters:
* ipv4 - Points to the IPv4 header to translate.
* manip_type - Whether external IP/Port is in source or destination.
*
* Returned Value:
* The corresponding NAT entry of the packet.
*
* Assumptions:
* Packet is received on NAT device and is targeting at the address
* assigned to the device.
*
****************************************************************************/
#ifdef CONFIG_NET_TCP
static FAR struct ipv4_nat_entry *
ipv4_nat_inbound_tcp(FAR struct ipv4_hdr_s *ipv4,
enum nat_manip_type_e manip_type)
{
FAR struct tcp_hdr_s *tcp = L4_HDR(ipv4);
FAR uint16_t *external_ip = MANIP_IPADDR(ipv4, manip_type);
FAR uint16_t *external_port = MANIP_PORT(tcp, manip_type);
FAR uint16_t *peer_ip = PEER_IPADDR(ipv4, manip_type);
FAR uint16_t *peer_port = PEER_PORT(tcp, manip_type);
FAR struct ipv4_nat_entry *entry =
ipv4_nat_inbound_entry_find(IP_PROTO_TCP,
net_ip4addr_conv32(external_ip),
*external_port,
net_ip4addr_conv32(peer_ip),
*peer_port, true);
if (!entry)
{
return NULL;
}
/* Note: Field tcpchksum is not guaranteed exists in TCP header inside
* ICMP Error MSG, but we manually guarantee that it is inside valid memory
* address (IOB >= IP + ICMP + IP + TCP), so we can update it safely.
*/
ipv4_nat_port_adjust(&tcp->tcpchksum, external_port, entry->local_port);
ipv4_nat_ip_adjust(ipv4, &tcp->tcpchksum, entry->local_ip, manip_type);
return entry;
}
#endif
/****************************************************************************
* Name: ipv4_nat_inbound_udp
*
* Description:
* Check if a received UDP packet belongs to a NAT entry. If so, translate
* the external IP/Port to local IP/Port.
*
* Input Parameters:
* ipv4 - Points to the IPv4 header to translate.
* manip_type - Whether external IP/Port is in source or destination.
*
* Returned Value:
* The corresponding NAT entry of the packet.
*
* Assumptions:
* Packet is received on NAT device and is targeting at the address
* assigned to the device.
*
****************************************************************************/
#ifdef CONFIG_NET_UDP
static FAR struct ipv4_nat_entry *
ipv4_nat_inbound_udp(FAR struct ipv4_hdr_s *ipv4,
enum nat_manip_type_e manip_type)
{
FAR struct udp_hdr_s *udp = L4_HDR(ipv4);
FAR uint16_t *external_ip = MANIP_IPADDR(ipv4, manip_type);
FAR uint16_t *external_port = MANIP_PORT(udp, manip_type);
FAR uint16_t *peer_ip = PEER_IPADDR(ipv4, manip_type);
FAR uint16_t *peer_port = PEER_PORT(udp, manip_type);
FAR uint16_t *udpchksum;
FAR struct ipv4_nat_entry *entry =
ipv4_nat_inbound_entry_find(IP_PROTO_UDP,
net_ip4addr_conv32(external_ip),
*external_port,
net_ip4addr_conv32(peer_ip),
*peer_port, true);
if (!entry)
{
return NULL;
}
/* UDP checksum has special case 0 (no checksum) */
udpchksum = udp->udpchksum != 0 ? &udp->udpchksum : NULL;
ipv4_nat_port_adjust(udpchksum, external_port, entry->local_port);
ipv4_nat_ip_adjust(ipv4, udpchksum, entry->local_ip, manip_type);
return entry;
}
#endif
/****************************************************************************
* Name: ipv4_nat_inbound_icmp
*
* Description:
* Check if a received ICMP packet belongs to a NAT entry. If so, translate
* the external IP/ID to local IP/ID.
*
* Input Parameters:
* ipv4 - Points to the IPv4 header to translate.
* manip_type - Whether external IP is in source or destination.
*
* Returned Value:
* The corresponding NAT entry of the packet.
*
* Assumptions:
* Packet is received on g_dev and is targeting at the address assigned to
* g_dev.
*
****************************************************************************/
#ifdef CONFIG_NET_ICMP
static FAR struct ipv4_nat_entry *
ipv4_nat_inbound_icmp(FAR struct ipv4_hdr_s *ipv4,
enum nat_manip_type_e manip_type)
{
FAR struct icmp_hdr_s *icmp = L4_HDR(ipv4);
FAR uint16_t *external_ip;
FAR uint16_t *peer_ip;
FAR struct ipv4_nat_entry *entry;
switch (icmp->type)
{
case ICMP_ECHO_REQUEST:
case ICMP_ECHO_REPLY:
external_ip = MANIP_IPADDR(ipv4, manip_type);
peer_ip = PEER_IPADDR(ipv4, manip_type);
entry = ipv4_nat_inbound_entry_find(IP_PROTO_ICMP,
net_ip4addr_conv32(external_ip),
icmp->id,
net_ip4addr_conv32(peer_ip),
icmp->id, true);
if (!entry)
{
return NULL;
}
ipv4_nat_port_adjust(&icmp->icmpchksum,
&icmp->id, entry->local_port);
ipv4_nat_ip_adjust(ipv4, NULL, entry->local_ip, manip_type);
return entry;
case ICMP_DEST_UNREACHABLE:
case ICMP_TIME_EXCEEDED:
case ICMP_PARAMETER_PROBLEM:
/* ICMP Error MSG inside another ICMP Error MSG is forbidden by
* RFC1122, Section 3.2.2, Page 38, so we only process the outermost
* ICMP Error MSG (manip type is DST).
*/
if (manip_type == NAT_MANIP_DST)
{
/* The payload in the ICMP packet is the origin packet we sent. */
FAR struct ipv4_hdr_s *inner =
(FAR struct ipv4_hdr_s *)(icmp + 1);
FAR void *inner_l4;
uint16_t outer_l3len = (ipv4->len[0] << 8) + ipv4->len[1];
int16_t inner_l4len;
int16_t inner_l4hdrlen;
uint16_t inner_l4hdrbak[L4_MAXHDRLEN];
/* Make sure we have a full inner IPv4 header. */
if (outer_l3len < (uintptr_t)(inner + 1) - (uintptr_t)ipv4)
{
return NULL;
}
inner_l4 = L4_HDR(inner);
inner_l4len = (intptr_t)ipv4 + outer_l3len - (intptr_t)inner_l4;
inner_l4hdrlen = ipv4_nat_l4_hdrlen(inner->proto);
inner_l4hdrlen = MIN(inner_l4len, inner_l4hdrlen);
if (inner_l4hdrlen < 8)
{
/* RFC792: The original L4 data should be at least 64 bits. */
return NULL;
}
/* Try backup origin L4 header for later checksum update. */
DEBUGASSERT((intptr_t)inner_l4 - (intptr_t)ipv4 + inner_l4hdrlen
<= CONFIG_IOB_BUFSIZE);
memcpy(inner_l4hdrbak, inner_l4, inner_l4hdrlen);
/* Find entry and translate inner. */
entry = ipv4_nat_inbound_internal(inner, NAT_MANIP_SRC);
if (!entry)
{
return NULL;
}
/* Adjust outer IP */
ipv4_nat_ip_adjust(ipv4, NULL, entry->local_ip, manip_type);
/* Recalculate ICMP checksum, we only need to re-calc data in L4
* header, because the inner IPv4 header's checksum is updated,
* and the overall checksum of IPv4 header will not change.
*/
chksum_adjust(&icmp->icmpchksum, inner_l4hdrbak, inner_l4,
inner_l4hdrlen);
return entry;
}
}
return NULL;
}
#endif
/****************************************************************************
* Name: ipv4_nat_outbound_tcp
*
* Description:
* Check if we want to perform NAT with this outbound TCP packet before
* sending it. If so, translate the local IP/Port to external IP/Port.
*
* Input Parameters:
* dev - The device to sent the packet (to get external IP).
* ipv4 - Points to the IPv4 header to translate.
* manip_type - Whether local IP/Port is in source or destination.
*
* Returned Value:
* The corresponding NAT entry of the packet.
*
* Assumptions:
* Packet will be sent on NAT device.
*
****************************************************************************/
#ifdef CONFIG_NET_TCP
static FAR struct ipv4_nat_entry *
ipv4_nat_outbound_tcp(FAR struct net_driver_s *dev,
FAR struct ipv4_hdr_s *ipv4,
enum nat_manip_type_e manip_type)
{
FAR struct tcp_hdr_s *tcp = L4_HDR(ipv4);
FAR uint16_t *local_ip = MANIP_IPADDR(ipv4, manip_type);
FAR uint16_t *local_port = MANIP_PORT(tcp, manip_type);
FAR uint16_t *peer_ip = PEER_IPADDR(ipv4, manip_type);
FAR uint16_t *peer_port = PEER_PORT(tcp, manip_type);
FAR struct ipv4_nat_entry *entry;
/* Only create entry when it's the outermost packet (manip type is SRC). */
entry = ipv4_nat_outbound_entry_find(dev, IP_PROTO_TCP,
net_ip4addr_conv32(local_ip), *local_port,
net_ip4addr_conv32(peer_ip), *peer_port,
(manip_type == NAT_MANIP_SRC));
if (!entry)
{
return NULL;
}
/* Note: Field tcpchksum is not guaranteed exists in TCP header inside
* ICMP Error MSG, but we manually guarantee that it is inside valid memory
* address (IOB >= IP + ICMP + IP + TCP), so we can update it safely.
*/
ipv4_nat_port_adjust(&tcp->tcpchksum, local_port, entry->external_port);
ipv4_nat_ip_adjust(ipv4, &tcp->tcpchksum, entry->external_ip, manip_type);
return entry;
}
#endif
/****************************************************************************
* Name: ipv4_nat_outbound_udp
*
* Description:
* Check if we want to perform NAT with this outbound UDP packet before
* sending it. If so, translate the local IP/Port to external IP/Port.
*
* Input Parameters:
* dev - The device to sent the packet (to get external IP).
* ipv4 - Points to the IPv4 header to translate.
* manip_type - Whether local IP/Port is in source or destination.
*
* Returned Value:
* The corresponding NAT entry of the packet.
*
* Assumptions:
* Packet will be sent on NAT device.
*
****************************************************************************/
#ifdef CONFIG_NET_UDP
static FAR struct ipv4_nat_entry *
ipv4_nat_outbound_udp(FAR struct net_driver_s *dev,
FAR struct ipv4_hdr_s *ipv4,
enum nat_manip_type_e manip_type)
{
FAR struct udp_hdr_s *udp = L4_HDR(ipv4);
FAR uint16_t *local_ip = MANIP_IPADDR(ipv4, manip_type);
FAR uint16_t *local_port = MANIP_PORT(udp, manip_type);
FAR uint16_t *peer_ip = PEER_IPADDR(ipv4, manip_type);
FAR uint16_t *peer_port = PEER_PORT(udp, manip_type);
FAR uint16_t *udpchksum;
FAR struct ipv4_nat_entry *entry;
/* Only create entry when it's the outermost packet (manip type is SRC). */
entry = ipv4_nat_outbound_entry_find(dev, IP_PROTO_UDP,
net_ip4addr_conv32(local_ip), *local_port,
net_ip4addr_conv32(peer_ip), *peer_port,
(manip_type == NAT_MANIP_SRC));
if (!entry)
{
return NULL;
}
/* UDP checksum has special case 0 (no checksum) */
udpchksum = udp->udpchksum != 0 ? &udp->udpchksum : NULL;
ipv4_nat_port_adjust(udpchksum, local_port, entry->external_port);
ipv4_nat_ip_adjust(ipv4, udpchksum, entry->external_ip, manip_type);
return entry;
}
#endif
/****************************************************************************
* Name: ipv4_nat_outbound_icmp
*
* Description:
* Check if we want to perform NAT with this outbound ICMP packet before
* sending it. If so, translate the local IP/ID to external IP/ID.
*
* Input Parameters:
* dev - The device to sent the packet (to get external IP).
* ipv4 - Points to the IPv4 header to translate.
* manip_type - Whether local IP is in source or destination.
*
* Returned Value:
* The corresponding NAT entry of the packet.
*
* Assumptions:
* Packet will be sent on NAT device.
*
****************************************************************************/
#ifdef CONFIG_NET_ICMP
static FAR struct ipv4_nat_entry *
ipv4_nat_outbound_icmp(FAR struct net_driver_s *dev,
FAR struct ipv4_hdr_s *ipv4,
enum nat_manip_type_e manip_type)
{
FAR struct icmp_hdr_s *icmp = L4_HDR(ipv4);
FAR uint16_t *local_ip = MANIP_IPADDR(ipv4, manip_type);
FAR uint16_t *peer_ip = PEER_IPADDR(ipv4, manip_type);
FAR struct ipv4_nat_entry *entry;
switch (icmp->type)
{
case ICMP_ECHO_REQUEST:
case ICMP_ECHO_REPLY:
/* Note: Only create new entry when it's the outermost packet (that
* is, manip type is SRC).
*/
entry = ipv4_nat_outbound_entry_find(dev, IP_PROTO_ICMP,
net_ip4addr_conv32(local_ip), icmp->id,
net_ip4addr_conv32(peer_ip), icmp->id,
(manip_type == NAT_MANIP_SRC));
if (!entry)
{
return NULL;
}
ipv4_nat_port_adjust(&icmp->icmpchksum,
&icmp->id, entry->external_port);
ipv4_nat_ip_adjust(ipv4, NULL, entry->external_ip, manip_type);
return entry;
case ICMP_DEST_UNREACHABLE:
case ICMP_TIME_EXCEEDED:
case ICMP_PARAMETER_PROBLEM:
/* ICMP Error MSG inside another ICMP Error MSG is forbidden by
* RFC1122, Section 3.2.2, Page 38, so we only process the outermost
* ICMP Error MSG (manip type is SRC).
*/
if (manip_type == NAT_MANIP_SRC)
{
/* The payload in the ICMP packet is the origin packet we got. */
FAR struct ipv4_hdr_s *inner =
(FAR struct ipv4_hdr_s *)(icmp + 1);
FAR void *inner_l4;
uint16_t outer_l3len = (ipv4->len[0] << 8) + ipv4->len[1];
int16_t inner_l4len;
int16_t inner_l4hdrlen;
uint16_t inner_l4hdrbak[L4_MAXHDRLEN];
/* Make sure we have a full inner IPv4 header. */
if (outer_l3len < (uintptr_t)(inner + 1) - (uintptr_t)ipv4)
{
return NULL;
}
inner_l4 = L4_HDR(inner);
inner_l4len = (intptr_t)ipv4 + outer_l3len - (intptr_t)inner_l4;
inner_l4hdrlen = ipv4_nat_l4_hdrlen(inner->proto);
inner_l4hdrlen = MIN(inner_l4len, inner_l4hdrlen);
if (inner_l4hdrlen < 8)
{
/* RFC792: The original L4 data should be at least 64 bits. */
return NULL;
}
/* Try backup origin L4 header for later checksum update. */
DEBUGASSERT((intptr_t)inner_l4 - (intptr_t)ipv4 + inner_l4hdrlen
<= CONFIG_IOB_BUFSIZE);
memcpy(inner_l4hdrbak, inner_l4, inner_l4hdrlen);
/* Find entry and translate inner. */
entry = ipv4_nat_outbound_internal(dev, inner, NAT_MANIP_DST);
if (!entry)
{
return NULL;
}
/* Adjust outer IP */
ipv4_nat_ip_adjust(ipv4, NULL, entry->external_ip, manip_type);
/* Recalculate ICMP checksum, we only need to re-calc data in L4
* header, because the inner IPv4 header's checksum is updated,
* and the overall checksum of IPv4 header will not change.
*/
chksum_adjust(&icmp->icmpchksum, inner_l4hdrbak, inner_l4,
inner_l4hdrlen);
return entry;
}
}
return NULL;
}
#endif
/****************************************************************************
* Name: ipv4_nat_inbound_internal
*
* Description:
* Check if a received packet belongs to a NAT entry. If so, translate
* the external IP/Port to local IP/Port.
*
* Input Parameters:
* ipv4 - Points to the IPv4 header to translate.
* manip_type - Whether external IP/Port is in source or destination.
*
* Returned Value:
* The corresponding NAT entry of the packet.
*
* Assumptions:
* Packet is received on NAT device and is targeting at the address
* assigned to the device.
*
****************************************************************************/
static FAR struct ipv4_nat_entry *
ipv4_nat_inbound_internal(FAR struct ipv4_hdr_s *ipv4,
enum nat_manip_type_e manip_type)
{
switch (ipv4->proto)
{
#ifdef CONFIG_NET_TCP
case IP_PROTO_TCP:
return ipv4_nat_inbound_tcp(ipv4, manip_type);
#endif
#ifdef CONFIG_NET_UDP
case IP_PROTO_UDP:
return ipv4_nat_inbound_udp(ipv4, manip_type);
#endif
#ifdef CONFIG_NET_ICMP
case IP_PROTO_ICMP:
return ipv4_nat_inbound_icmp(ipv4, manip_type);
#endif
}
return NULL;
}
/****************************************************************************
* Name: ipv4_nat_outbound_internal
*
* Description:
* Check if we want to perform NAT with this outbound packet before
* sending it. If so, translate the local IP/Port to external IP/Port.
*
* Input Parameters:
* dev - The device to sent the packet (to get external IP).
* ipv4 - Points to the IPv4 header to translate.
* manip_type - Whether local IP/Port is in source or destination.
*
* Returned Value:
* The corresponding NAT entry of the packet.
*
* Assumptions:
* Packet will be sent on NAT device.
*
****************************************************************************/
static FAR struct ipv4_nat_entry *
ipv4_nat_outbound_internal(FAR struct net_driver_s *dev,
FAR struct ipv4_hdr_s *ipv4,
enum nat_manip_type_e manip_type)
{
switch (ipv4->proto)
{
#ifdef CONFIG_NET_TCP
case IP_PROTO_TCP:
return ipv4_nat_outbound_tcp(dev, ipv4, manip_type);
#endif
#ifdef CONFIG_NET_UDP
case IP_PROTO_UDP:
return ipv4_nat_outbound_udp(dev, ipv4, manip_type);
#endif
#ifdef CONFIG_NET_ICMP
case IP_PROTO_ICMP:
return ipv4_nat_outbound_icmp(dev, ipv4, manip_type);
#endif
}
return NULL;
}
/****************************************************************************
* Public Functions
****************************************************************************/
/****************************************************************************
* Name: ipv4_nat_enable
*
* Description:
* Enable NAT function on a network device.
*
* Input Parameters:
* dev - The device on which the outbound packets will be masqueraded.
*
* Returned Value:
* Zero is returned if NAT function is successfully enabled on the device;
* A negated errno value is returned if failed.
*
****************************************************************************/
int ipv4_nat_enable(FAR struct net_driver_s *dev)
{
net_lock();
if (IFF_IS_NAT(dev->d_flags))
{
nwarn("WARNING: NAT was already enabled for %s!\n", dev->d_ifname);
net_unlock();
return -EEXIST;
}
IFF_SET_NAT(dev->d_flags);
net_unlock();
return OK;
}
/****************************************************************************
* Name: ipv4_nat_disable
*
* Description:
* Disable NAT function on a network device.
*
* Input Parameters:
* dev - The device on which the NAT function will be disabled.
*
* Returned Value:
* Zero is returned if NAT function is successfully disabled on the device;
* A negated errno value is returned if failed.
*
****************************************************************************/
int ipv4_nat_disable(FAR struct net_driver_s *dev)
{
net_lock();
if (!IFF_IS_NAT(dev->d_flags))
{
nwarn("WARNING: NAT was not enabled for %s!\n", dev->d_ifname);
net_unlock();
return -ENODEV;
}
/* Clear entries related to dev. */
ipv4_nat_entry_clear(dev);
IFF_CLR_NAT(dev->d_flags);
net_unlock();
return OK;
}
/****************************************************************************
* Name: ipv4_nat_inbound
*
* Description:
* Check if a received packet belongs to a NAT entry. If so, translate it.
*
* Input Parameters:
* dev - The device on which the packet is received.
* ipv4 - Points to the IPv4 header with dev->d_buf.
*
* Returned Value:
* Zero is returned if NAT is successfully applied, or is not enabled for
* this packet;
* A negated errno value is returned if error occured.
*
****************************************************************************/
int ipv4_nat_inbound(FAR struct net_driver_s *dev,
FAR struct ipv4_hdr_s *ipv4)
{
/* We only process packets from NAT device and targeting at the address
* assigned to the device.
*/
if (IFF_IS_NAT(dev->d_flags) &&
net_ipv4addr_hdrcmp(ipv4->destipaddr, &dev->d_ipaddr))
{
FAR struct ipv4_nat_entry *entry =
ipv4_nat_inbound_internal(ipv4, NAT_MANIP_DST);
if (!entry)
{
/* Inbound without entry is OK (e.g. towards NuttX itself), skip. */
return OK;
}
}
return OK;
}
/****************************************************************************
* Name: ipv4_nat_outbound
*
* Description:
* Check if we want to perform NAT with this outbound packet before sending
* it. If so, translate it.
*
* Input Parameters:
* dev - The device on which the packet will be sent.
* ipv4 - Points to the IPv4 header to be filled into dev->d_buf later.
* manip_type - Whether local IP/Port is in source or destination.
*
* Returned Value:
* Zero is returned if NAT is successfully applied, or is not enabled for
* this packet;
* A negated errno value is returned if error occured.
*
****************************************************************************/
int ipv4_nat_outbound(FAR struct net_driver_s *dev,
FAR struct ipv4_hdr_s *ipv4,
enum nat_manip_type_e manip_type)
{
/* We only process packets targeting at NAT device but not targeting at the
* address assigned to the device.
*/
if (IFF_IS_NAT(dev->d_flags) &&
!net_ipv4addr_hdrcmp(ipv4->srcipaddr, &dev->d_ipaddr) &&
!net_ipv4addr_hdrcmp(ipv4->destipaddr, &dev->d_ipaddr))
{
/* TODO: Skip broadcast? */
FAR struct ipv4_nat_entry *entry =
ipv4_nat_outbound_internal(dev, ipv4, manip_type);
if (manip_type == NAT_MANIP_SRC && !entry)
{
/* Outbound entry creation failed, should have entry. */
return -ENOMEM;
}
}
return OK;
}
/****************************************************************************
* Name: ipv4_nat_port_inuse
*
* Description:
* Check whether a port is currently used by NAT.
*
* Input Parameters:
* protocol - The L4 protocol of the packet.
* ip - The IP bind with the port (in network byte order).
* port - The port number to check (in network byte order).
*
* Returned Value:
* True if the port is already used by NAT, otherwise false.
*
****************************************************************************/
bool ipv4_nat_port_inuse(uint8_t protocol, in_addr_t ip, uint16_t port)
{
FAR struct ipv4_nat_entry *entry =
ipv4_nat_inbound_entry_find(protocol, ip, port, INADDR_ANY, 0, false);
return entry != NULL;
}
#endif /* CONFIG_NET_NAT && CONFIG_NET_IPv4 */