Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net/nat: Support IPv6 Masquerading (NAT66) #12116

Merged
merged 4 commits into from
Apr 11, 2024
Merged

net/nat: Support IPv6 Masquerading (NAT66) #12116

merged 4 commits into from
Apr 11, 2024

Commits on Apr 10, 2024

  1. net/nat: Make some IPv4 NAT functions as common 

    To prepare for future IPv6 NAT functions.
- Rename common ipv4_nat_xxx to nat_xxx
- Move some common definitions into header

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
    @wengzhe
    wengzhe committed Apr 10, 2024
    Configuration menu
    Copy the full SHA
    186bed1 View commit details
    Browse the repository at this point in the history

  2. net/utils: Add net_ipv6_payload to get IPv6 L4 payload 

    Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
    @wengzhe
    wengzhe committed Apr 10, 2024
    Configuration menu
    Copy the full SHA
    1804ff6 View commit details
    Browse the repository at this point in the history

Commits on Apr 11, 2024

  1. net/nat: Support IPv6 Masquerading (NAT66) 

    Notes:
1. This version of NAT66 is a stateful one like NAT44, corresponding to Linux's MASQUERADE target of ip6tables.  We can support stateless NAT66 & NPTv6 later by slightly modify the address & port selection logic (maybe just match the rules and skip the entry find).
2. We're using same flag `IFF_NAT` for both NAT44 & NAT66 to make control easier.  Which means, if we enable NAT, both NAT44 & NAT66 will be enabled.  If we don't want one of them, we can just disable that one in Kconfig.
3. Maybe we can accelerate the checksum adjustment by pre-calculate a difference of checksum, and apply it to each packet, instead of calling `net_chksum_adjust` each time.  Just a thought, maybe do it later.
4. IP fragment segments on NAT66 connections are not supported yet.

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
    @wengzhe
    wengzhe committed Apr 11, 2024
    Configuration menu
    Copy the full SHA
    fdbe185 View commit details
    Browse the repository at this point in the history

  2. net/nat: Optimize port selection 

    And fix possibly dead loop.

Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
    @wengzhe
    wengzhe committed Apr 11, 2024
    Configuration menu
    Copy the full SHA
    df3004d View commit details
    Browse the repository at this point in the history