summaryrefslogtreecommitdiffstatsabout
diff options
context:
space:
mode:
authorHanhui <sylixos@gmail.com>2019-04-08 13:07:22 (GMT)
committer Hanhui <sylixos@gmail.com>2019-03-07 12:37:36 (GMT)
commit4edf7c6bc7b67f65a435fbbb0ee46a998e47ff96 (patch)
tree7ab7f6876447af68bdabc19f01552a8cf2050827
parent2642d700e13d4932577a0ae7c4f1db319d56a1e2 (diff)
downloadAIC-OS-4edf7c6bc7b67f65a435fbbb0ee46a998e47ff96.zip
Improved NAT efficiency.
-rw-r--r--SylixOS/include/network/lwip/netif.h5
-rw-r--r--SylixOS/net/lwip/src/core/ipv4/ip4.c28
-rw-r--r--SylixOS/net/lwip/src/core/netif.c1
-rw-r--r--SylixOS/net/lwip/tools/nat/lwip_natlib.c211
-rw-r--r--SylixOS/net/lwip/tools/qos/lwip_qos.c8
5 files changed, 132 insertions, 121 deletions
diff --git a/SylixOS/include/network/lwip/netif.h b/SylixOS/include/network/lwip/netif.h
index 954509a..f05cf39 100644
--- a/SylixOS/include/network/lwip/netif.h
+++ b/SylixOS/include/network/lwip/netif.h
@@ -420,6 +420,11 @@ struct netif {
/* SylixOS mip externed */
struct netif *mipif;
struct netif *masterif;
+ /* NAT mode */
+#define NETIF_NAT_NONE 0
+#define NETIF_NAT_AP 1
+#define NETIF_NAT_LOCAL 2
+ u8_t nat_mode;
void *reserve[6];
#endif /* SYLIXOS */
};
diff --git a/SylixOS/net/lwip/src/core/ipv4/ip4.c b/SylixOS/net/lwip/src/core/ipv4/ip4.c
index 681ea70..50055a4 100644
--- a/SylixOS/net/lwip/src/core/ipv4/ip4.c
+++ b/SylixOS/net/lwip/src/core/ipv4/ip4.c
@@ -393,13 +393,15 @@ ip4_forward(struct pbuf *p, struct ip_hdr *iphdr, struct netif *inp)
IP_STATS_INC(ip.err);
return p; /* SylixOS Add return value */
}
- p = lwip_ip_nat_hook(IP_HOOK_V4, IP_HT_NAT_POST_ROUTING, p, inp, netif);
- if (p == NULL) {
- return p; /* SylixOS Add return value (Outer do not free pbuf) */
- }
+ if (inp->nat_mode == NETIF_NAT_LOCAL && netif->nat_mode == NETIF_NAT_AP) { /* need call nat hook? */
+ p = lwip_ip_nat_hook(IP_HOOK_V4, IP_HT_NAT_POST_ROUTING, p, inp, netif);
+ if (p == NULL) {
+ return p; /* SylixOS Add return value (Outer do not free pbuf) */
+ }
#if IP_REASSEMBLY
- iphdr = (struct ip_hdr *)p->payload; /* Maybe lwip_ip_nat_hook() changed the pbuf */
+ iphdr = (struct ip_hdr *)p->payload; /* Maybe lwip_ip_nat_hook() changed the pbuf */
#endif /* IP_REASSEMBLY */
+ }
#endif /* SYLIXOS */
LWIP_DEBUGF(IP_DEBUG, ("ip4_forward: forwarding packet to %"U16_F".%"U16_F".%"U16_F".%"U16_F"\n",
@@ -584,13 +586,15 @@ ip4_input(struct pbuf *p, struct netif *inp)
IP_STATS_INC(ip.drop);
return ERR_OK;
}
- p = lwip_ip_nat_hook(IP_HOOK_V4, IP_HT_NAT_PRE_ROUTING, p, inp, NULL);
- if (p == NULL) {
- return ERR_OK;
- }
+ if (inp->nat_mode == NETIF_NAT_AP) { /* need call nat hook? */
+ p = lwip_ip_nat_hook(IP_HOOK_V4, IP_HT_NAT_PRE_ROUTING, p, inp, NULL);
+ if (p == NULL) {
+ return ERR_OK;
+ }
#if IP_REASSEMBLY
- iphdr = (struct ip_hdr *)p->payload; /* Maybe lwip_ip_nat_hook() changed the pbuf */
+ iphdr = (struct ip_hdr *)p->payload; /* Maybe lwip_ip_nat_hook() changed the pbuf */
#endif /* IP_REASSEMBLY */
+ }
#endif /* SYLIXOS */
/* copy IP addresses to aligned ip_addr_t */
@@ -1116,6 +1120,10 @@ ip4_output_if_opt_src(struct pbuf *p, const ip4_addr_t *src, const ip4_addr_t *d
IP_STATS_INC(ip.err);
return ERR_RTE;
}
+ if (netif->nat_mode == NETIF_NAT_AP) { /* need call nat hook? */
+ p = lwip_ip_nat_hook(IP_HOOK_V4, IP_HT_NAT_POST_ROUTING, p, NULL, netif);
+ LWIP_ASSERT("NAT can not free local output packet", (p != NULL));
+ }
#endif /* SYLIXOS */
IP_STATS_INC(ip.xmit);
diff --git a/SylixOS/net/lwip/src/core/netif.c b/SylixOS/net/lwip/src/core/netif.c
index 525290a..2ebae0a 100644
--- a/SylixOS/net/lwip/src/core/netif.c
+++ b/SylixOS/net/lwip/src/core/netif.c
@@ -390,6 +390,7 @@ netif_add(struct netif *netif,
netif->tcp_wnd = TCP_WND;
netif->mipif = NULL;
netif->masterif = NULL;
+ netif->nat_mode = NETIF_NAT_NONE;
lib_bzero(netif->reserve, sizeof(void *[6]));
#endif /* SYLIXOS */
diff --git a/SylixOS/net/lwip/tools/nat/lwip_natlib.c b/SylixOS/net/lwip/tools/nat/lwip_natlib.c
index 07f83bc..76eee1d 100644
--- a/SylixOS/net/lwip/tools/nat/lwip_natlib.c
+++ b/SylixOS/net/lwip/tools/nat/lwip_natlib.c
@@ -67,7 +67,6 @@
NAT 安全配置
*********************************************************************************************************/
#define __NAT_STRONG_RULE 1 /* 不符合规定的数据包是否隔离 */
-#define __NAT_UNSAFE_PORT 1024 /* 非安全端口范围 */
/*********************************************************************************************************
NAT 操作锁
*********************************************************************************************************/
@@ -138,6 +137,7 @@ VOID nat_netif_add_hook (struct netif *pnetif)
if (_G_natifAp[i].NATIF_pnetif == LW_NULL) {
if (!lib_strcmp(cIfName, _G_natifAp[i].NATIF_cIfName)) {
_G_natifAp[i].NATIF_pnetif = pnetif;
+ pnetif->nat_mode = NETIF_NAT_AP;
goto out;
}
}
@@ -146,6 +146,7 @@ VOID nat_netif_add_hook (struct netif *pnetif)
if (_G_natifLocal[i].NATIF_pnetif == LW_NULL) {
if (!lib_strcmp(cIfName, _G_natifLocal[i].NATIF_cIfName)) {
_G_natifLocal[i].NATIF_pnetif = pnetif;
+ pnetif->nat_mode = NETIF_NAT_LOCAL;
goto out;
}
}
@@ -819,7 +820,7 @@ static INT __natApInput (struct pbuf *p, struct netif *netifIn)
inet_chksum_adjust((u8_t *)&icmphdr->chksum, (u8_t *)&usDestPort, 2, (u8_t *)&icmphdr->id, 2);
}
- } else if (PP_NTOHS(usDestPort) <= __NAT_UNSAFE_PORT) {
+ } else {
return (__NAT_STRONG_RULE); /* 无法找到 MAP 端口 */
}
@@ -1104,55 +1105,52 @@ static INT __natApOutput (struct pbuf *p, struct netif *pnetifIn, struct netif
*********************************************************************************************************/
static struct pbuf *__natIpInput (struct pbuf *p, struct netif *pnetifIn, struct netif *pnetifOut)
{
- INT i;
struct ip_hdr *iphdr;
iphdr = (struct ip_hdr *)p->payload;
- for (i = 0; i < LW_CFG_NET_NAT_MAX_AP_IF; i++) {
- if (_G_natifAp[i].NATIF_pnetif == pnetifIn) {
- if (ip4_addr_cmp(&iphdr->dest, netif_ip4_addr(pnetifIn))) {
- if (IPH_OFFSET(iphdr) & PP_HTONS(IP_OFFMASK | IP_MF)) { /* 分片数据包 */
- switch (IPH_PROTO(iphdr)) {
-
- case IP_PROTO_TCP:
- if (!_G_bNatTcpFrag) {
- return (p);
- }
- break;
-
- case IP_PROTO_UDP:
- if (!_G_bNatUdpFrag) {
- return (p);
- }
- break;
-
- case IP_PROTO_ICMP:
- if (!_G_bNatIcmpFrag) {
- return (p);
- }
- break;
-
- default:
- return (p);
- }
+ if (!ip4_addr_cmp(&iphdr->dest, netif_ip4_addr(pnetifIn))) {
+ return (p);
+ }
-#if IP_REASSEMBLY
- p = ip4_reass(p); /* 提前进行分片重组 */
- if (p == LW_NULL) {
- return (p); /* 分片不全 */
- }
-#else /* IP_REASSEMBLY */
- return (p);
-#endif /* !IP_REASSEMBLY */
- }
- if (__natApInput(p, pnetifIn)) { /* NAT 输入 */
- pbuf_free(p);
- p = LW_NULL;
- }
+ if (IPH_OFFSET(iphdr) & PP_HTONS(IP_OFFMASK | IP_MF)) { /* 分片数据包 */
+ switch (IPH_PROTO(iphdr)) {
+
+ case IP_PROTO_TCP:
+ if (!_G_bNatTcpFrag) {
+ return (p);
+ }
+ break;
+
+ case IP_PROTO_UDP:
+ if (!_G_bNatUdpFrag) {
+ return (p);
}
break;
+
+ case IP_PROTO_ICMP:
+ if (!_G_bNatIcmpFrag) {
+ return (p);
+ }
+ break;
+
+ default:
+ return (p);
}
+
+#if IP_REASSEMBLY
+ p = ip4_reass(p); /* 提前进行分片重组 */
+ if (p == LW_NULL) {
+ return (p); /* 分片不全 */
+ }
+#else /* IP_REASSEMBLY */
+ return (p);
+#endif /* !IP_REASSEMBLY */
+ }
+
+ if (__natApInput(p, pnetifIn)) { /* NAT 输入 */
+ pbuf_free(p);
+ p = LW_NULL;
}
return (p);
@@ -1169,80 +1167,60 @@ static struct pbuf *__natIpInput (struct pbuf *p, struct netif *pnetifIn, stru
*********************************************************************************************************/
static struct pbuf *__natIpOutput (struct pbuf *p, struct netif *pnetifIn, struct netif *pnetifOut)
{
- INT i, j;
struct ip_hdr *iphdr;
+ iphdr = (struct ip_hdr *)p->payload;
+
if (!pnetifIn) { /* 本机发送 */
+ if (!(IPH_OFFSET(iphdr) & PP_HTONS(IP_OFFMASK | IP_MF))) {
+ __natApOutput(p, pnetifIn, pnetifOut); /* NAT 输出 */
+ }
return (p);
}
-
- iphdr = (struct ip_hdr *)p->payload;
-
- for (i = 0; i < LW_CFG_NET_NAT_MAX_AP_IF; i++) {
- if (_G_natifAp[i].NATIF_pnetif == pnetifOut) { /* AP 输出 */
- for (j = 0; j < LW_CFG_NET_NAT_MAX_LOCAL_IF; j++) {
- if (_G_natifLocal[j].NATIF_pnetif == pnetifIn) {
- break; /* LOCAL 输入 */
- }
+
+ if (IPH_OFFSET(iphdr) & PP_HTONS(IP_OFFMASK | IP_MF)) { /* 分片数据包 */
+ switch (IPH_PROTO(iphdr)) {
+
+ case IP_PROTO_TCP:
+ if (!_G_bNatTcpFrag) {
+ pbuf_free(p);
+ return (LW_NULL);
}
- if (j >= LW_CFG_NET_NAT_MAX_LOCAL_IF) {
- return (p); /* 不需要进行 NAT 地址转换 */
+ break;
+
+ case IP_PROTO_UDP:
+ if (!_G_bNatUdpFrag) {
+ pbuf_free(p);
+ return (LW_NULL);
}
-
- if (IPH_OFFSET(iphdr) & PP_HTONS(IP_OFFMASK | IP_MF)) { /* 分片数据包 */
- switch (IPH_PROTO(iphdr)) {
-
- case IP_PROTO_TCP:
- if (!_G_bNatTcpFrag) {
- pbuf_free(p);
- return (LW_NULL);
- }
- break;
-
- case IP_PROTO_UDP:
- if (!_G_bNatUdpFrag) {
- pbuf_free(p);
- return (LW_NULL);
- }
- break;
-
- case IP_PROTO_ICMP:
- if (!_G_bNatIcmpFrag) {
- pbuf_free(p);
- return (LW_NULL);
- }
- break;
-
- default:
- pbuf_free(p);
- return (LW_NULL);
- }
+ break;
-#if IP_REASSEMBLY
- p = ip4_reass(p); /* 提前进行分片重组 */
- if (p == LW_NULL) {
- return (p); /* 分片不全 */
- }
-#else
+ case IP_PROTO_ICMP:
+ if (!_G_bNatIcmpFrag) {
pbuf_free(p);
return (LW_NULL);
-#endif
- if (__natApOutput(p, pnetifIn, pnetifOut)) { /* NAT 输出 */
- pbuf_free(p);
- return (LW_NULL);
-
- } else {
- return (p);
- }
-
- } else {
- if (__natApOutput(p, pnetifIn, pnetifOut)) { /* NAT 输出 */
- pbuf_free(p);
- return (LW_NULL);
- }
}
break;
+
+ default:
+ pbuf_free(p);
+ return (LW_NULL);
+ }
+
+#if IP_REASSEMBLY
+ p = ip4_reass(p); /* 提前进行分片重组 */
+ if (p == LW_NULL) {
+ return (p); /* 分片不全 */
}
+#else
+ pbuf_free(p);
+ return (LW_NULL);
+#endif
+ }
+
+ if (__natApOutput(p, pnetifIn, pnetifOut)) { /* NAT 输出 */
+ pbuf_free(p);
+ p = LW_NULL;
}
return (p);
@@ -1314,7 +1292,14 @@ INT __natStart (CPCHAR pcLocal, CPCHAR pcAp)
lib_strlcpy(_G_natifLocal[0].NATIF_cIfName, pcLocal, IF_NAMESIZE);
_G_natifLocal[0].NATIF_pnetif = netif_find(pcLocal);
- _G_natifAp[0].NATIF_pnetif = netif_find(pcAp);
+ if (_G_natifLocal[0].NATIF_pnetif) {
+ _G_natifLocal[0].NATIF_pnetif->nat_mode = NETIF_NAT_LOCAL;
+ }
+
+ _G_natifAp[0].NATIF_pnetif = netif_find(pcAp);
+ if (_G_natifAp[0].NATIF_pnetif) {
+ _G_natifAp[0].NATIF_pnetif->nat_mode = NETIF_NAT_AP;
+ }
if (net_ip_hook_nat_add(__natIphook)) {
return (PX_ERROR);
@@ -1351,12 +1336,18 @@ INT __natStop (VOID)
__NAT_LOCK();
for (i = 1; i < LW_CFG_NET_NAT_MAX_AP_IF; i++) {
_G_natifAp[i].NATIF_cIfName[0] = PX_EOS;
- _G_natifAp[i].NATIF_pnetif = LW_NULL;
+ if (_G_natifAp[i].NATIF_pnetif) {
+ _G_natifAp[i].NATIF_pnetif->nat_mode = NETIF_NAT_NONE;
+ _G_natifAp[i].NATIF_pnetif = LW_NULL;
+ }
}
for (i = 1; i < LW_CFG_NET_NAT_MAX_LOCAL_IF; i++) {
_G_natifLocal[i].NATIF_cIfName[0] = PX_EOS;
- _G_natifLocal[i].NATIF_pnetif = LW_NULL;
+ if (_G_natifLocal[i].NATIF_pnetif) {
+ _G_natifLocal[i].NATIF_pnetif->nat_mode = NETIF_NAT_NONE;
+ _G_natifLocal[i].NATIF_pnetif = LW_NULL;
+ }
}
_G_bNatStart = LW_FALSE;
__NAT_UNLOCK();
@@ -1458,6 +1449,9 @@ INT __natAddLocal (CPCHAR pcLocal)
__NAT_UNLOCK();
_G_natifLocal[i].NATIF_pnetif = netif_find(pcLocal);
+ if (_G_natifLocal[i].NATIF_pnetif) {
+ _G_natifLocal[i].NATIF_pnetif->nat_mode = NETIF_NAT_LOCAL;
+ }
return (ERROR_NONE);
}
@@ -1493,6 +1487,9 @@ INT __natAddAp (CPCHAR pcAp)
__NAT_UNLOCK();
_G_natifAp[i].NATIF_pnetif = netif_find(pcAp);
+ if (_G_natifAp[i].NATIF_pnetif) {
+ _G_natifAp[i].NATIF_pnetif->nat_mode = NETIF_NAT_AP;
+ }
return (ERROR_NONE);
}
diff --git a/SylixOS/net/lwip/tools/qos/lwip_qos.c b/SylixOS/net/lwip/tools/qos/lwip_qos.c
index 5d8cd92..4b17c9e 100644
--- a/SylixOS/net/lwip/tools/qos/lwip_qos.c
+++ b/SylixOS/net/lwip/tools/qos/lwip_qos.c
@@ -819,11 +819,11 @@ INT API_INetQosInit (VOID)
API_TShellHelpAdd("qoss", "show QoS rule(s).\n");
API_TShellKeywordAdd("qosruleadd", __tshellNetQosRuleAdd);
- API_TShellFormatAdd("qosruleadd", " [netifname] [rule] [args...] [prio] [dont_drop]");
+ API_TShellFormatAdd("qosruleadd", " [netifname] [rule] [args...] [s|d|b] [prio] [dont_drop]");
API_TShellHelpAdd("qosruleadd", "add a rule into QoS.\n"
- " qosruleadd en1 ip 192.168.0.5 192.168.0.10 5 no\n"
- " qosruleadd lo0 udp 0.0.0.0 255.255.255.255 433 500 6 yes\n"
- " qosruleadd wl2 tcp 192.168.0.1 192.168.0.200 169 169 2 no\n");
+ " qosruleadd en1 ip 192.168.0.5 192.168.0.10 s 5 no\n"
+ " qosruleadd lo0 udp 0.0.0.0 255.255.255.255 433 500 b 6 yes\n"
+ " qosruleadd wl2 tcp 192.168.0.1 192.168.0.200 169 169 d 2 no\n");
API_TShellKeywordAdd("qosruledel", __tshellNetQosRuleDel);
API_TShellFormatAdd("qosruledel", " [netifname] [rule sequence num]");