New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
net/nat: Support IPv6 Masquerading (NAT66) #12116
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
To prepare for future IPv6 NAT functions. - Rename common ipv4_nat_xxx to nat_xxx - Move some common definitions into header Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
acassis
approved these changes
Apr 10, 2024
anchao
reviewed
Apr 11, 2024
Notes: 1. This version of NAT66 is a stateful one like NAT44, corresponding to Linux's MASQUERADE target of ip6tables. We can support stateless NAT66 & NPTv6 later by slightly modify the address & port selection logic (maybe just match the rules and skip the entry find). 2. We're using same flag `IFF_NAT` for both NAT44 & NAT66 to make control easier. Which means, if we enable NAT, both NAT44 & NAT66 will be enabled. If we don't want one of them, we can just disable that one in Kconfig. 3. Maybe we can accelerate the checksum adjustment by pre-calculate a difference of checksum, and apply it to each packet, instead of calling `net_chksum_adjust` each time. Just a thought, maybe do it later. 4. IP fragment segments on NAT66 connections are not supported yet. Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
And fix possibly dead loop. Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
anchao
reviewed
Apr 11, 2024
anchao
reviewed
Apr 11, 2024
acassis
approved these changes
Apr 11, 2024
xiaoxiang781216
approved these changes
Apr 11, 2024
wengzhe
added a commit
to wengzhe/nuttx
that referenced
this pull request
Apr 12, 2024
Finish apache#12116 (comment) Change-Id: Ie4f1bce00d730f93a6f7484fd3f2203960c49528 Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
wengzhe
added a commit
to wengzhe/nuttx
that referenced
this pull request
Apr 12, 2024
Finish apache#12116 (comment) Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
wengzhe
added a commit
to wengzhe/nuttx
that referenced
this pull request
Apr 12, 2024
Optimize TCP/UDP port selection, and fix possibly dead loop. Finish discussion in apache#12116 (comment) Note: Linux also uses EADDRINUSE for failing in finding a portno, according to https://man7.org/linux/man-pages/man2/bind.2.html Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
This was referenced Apr 12, 2024
wengzhe
added a commit
to wengzhe/nuttx
that referenced
this pull request
Apr 12, 2024
Finish apache#12116 (comment) Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
wengzhe
added a commit
to wengzhe/nuttx
that referenced
this pull request
Apr 12, 2024
Optimize TCP/UDP port selection, and fix possibly dead loop. Finish discussion in apache#12116 (comment) Note: Linux also uses EADDRINUSE for failing in finding a portno, according to https://man7.org/linux/man-pages/man2/bind.2.html Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
anchao
pushed a commit
that referenced
this pull request
Apr 12, 2024
Optimize TCP/UDP port selection, and fix possibly dead loop. Finish discussion in #12116 (comment) Note: Linux also uses EADDRINUSE for failing in finding a portno, according to https://man7.org/linux/man-pages/man2/bind.2.html Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
jerpelea
pushed a commit
that referenced
this pull request
Apr 12, 2024
Finish #12116 (comment) Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Patches included:
ipv4_nat_xxx
tonat_xxx
net_ipv6_payload
to get IPv6 L4 payloadNotes:
MASQUERADE
target ofip6tables
. We can support stateless NAT66 & NPTv6 later by slightly modify the address & port selection logic (maybe just match the rules and skip the entry find).IFF_NAT
for both NAT44 & NAT66 to make control easier. Which means, if we enable NAT, both NAT44 & NAT66 will be enabled. If we don't want one of them, we can just disable that one in Kconfig.net_chksum_adjust
each time. Just a thought, maybe do it later.Impact
NAT only, add IPv6-to-IPv6 NAT (NAT66) besides previous IPv4-to-IPv4 NAT (NAT44).
All logic under control of
CONFIG_NET_NAT
.Testing