espressif/esp-lwip
1
0
Fork 0
mirror of https://github.com/espressif/esp-lwip.git synced 2026-06-05 21:04:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

napt: Add support to enable/disable NAPT port mapping

Browse Source 
2.1.3-esp: 6fba06a7 lwip/napt: Added option to enable or disable Port mapping in NAPT.
This commit is contained in:
Abhik Roy
2022-12-16 02:58:12 +05:30
committed by David Cermak
parent a278990b9b
commit b79877bd32
2 changed files with 38 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/core/ipv4/ip4_napt.c
+37 -3
View File
@@ -76,6 +76,7 @@ struct napt_table {
u16_t next, prev; u16_t next, prev;
}; };
#if IP_NAPT_PORTMAP
struct portmap_table { struct portmap_table {
u32_t maddr; u32_t maddr;
u32_t daddr; u32_t daddr;
@@ -84,15 +85,20 @@ struct portmap_table {
u8_t proto; u8_t proto;
u8_t valid; u8_t valid;
}; };
#endif
static u16_t napt_list = NO_IDX, napt_list_last = NO_IDX, napt_free = 0; static u16_t napt_list = NO_IDX, napt_list_last = NO_IDX, napt_free = 0;
static struct napt_table *ip_napt_table = NULL; static struct napt_table *ip_napt_table = NULL;
#if IP_NAPT_PORTMAP
static struct portmap_table *ip_portmap_table = NULL; static struct portmap_table *ip_portmap_table = NULL;
#endif
static int nr_active_napt_tcp = 0, nr_active_napt_udp = 0, nr_active_napt_icmp = 0; static int nr_active_napt_tcp = 0, nr_active_napt_udp = 0, nr_active_napt_icmp = 0;
static uint16_t ip_napt_max = 0; static uint16_t ip_napt_max = 0;
#if IP_NAPT_PORTMAP
static uint8_t ip_portmap_max = 0; static uint8_t ip_portmap_max = 0;
#endif
#if NAPT_DEBUG #if NAPT_DEBUG
/* Print NAPT table using LWIP_DEBUGF /* Print NAPT table using LWIP_DEBUGF
@@ -130,6 +136,7 @@ napt_debug_print(void)
} }
#endif /* NAPT_DEBUG */ #endif /* NAPT_DEBUG */
/** /**
* Deallocates the NAPT tables. * Deallocates the NAPT tables.
* *
@@ -138,8 +145,10 @@ static void
ip_napt_deinit(void) ip_napt_deinit(void)
{ {
mem_free(ip_napt_table); mem_free(ip_napt_table);
#if IP_NAPT_PORTMAP
mem_free(ip_portmap_table); mem_free(ip_portmap_table);
ip_portmap_table = NULL; ip_portmap_table = NULL;
#endif
ip_napt_table = NULL; ip_napt_table = NULL;
} }
@@ -154,13 +163,21 @@ ip_napt_init(uint16_t max_nat, uint8_t max_portmap)
{ {
u16_t i; u16_t i;
#if IP_NAPT_PORTMAP
if (ip_portmap_table == NULL && ip_napt_table == NULL) { if (ip_portmap_table == NULL && ip_napt_table == NULL) {
ip_napt_max = max_nat;
ip_portmap_max = max_portmap; ip_portmap_max = max_portmap;
#else
if (ip_napt_table == NULL) {
#endif
ip_napt_max = max_nat;
ip_napt_table = (struct napt_table*)mem_calloc(ip_napt_max, sizeof(struct napt_table[1])); ip_napt_table = (struct napt_table*)mem_calloc(ip_napt_max, sizeof(struct napt_table[1]));
#if IP_NAPT_PORTMAP
ip_portmap_table = (struct portmap_table*)mem_calloc(ip_portmap_max, sizeof(struct portmap_table[1])); ip_portmap_table = (struct portmap_table*)mem_calloc(ip_portmap_max, sizeof(struct portmap_table[1]));
assert(ip_portmap_table != NULL && ip_napt_table != NULL); assert(ip_portmap_table != NULL && ip_napt_table != NULL);
#else
assert(ip_napt_table != NULL);
#endif
for (i = 0; i < ip_napt_max - 1; i++) for (i = 0; i < ip_napt_max - 1; i++)
ip_napt_table[i].next = i + 1; ip_napt_table[i].next = i + 1;
@@ -342,9 +359,10 @@ ip_napt_find_port(u8_t proto, u16_t port)
} }
return 0; return 0;
} }
#if IP_NAPT_PORTMAP
static struct portmap_table * static struct portmap_table *
ip_portmap_find(u8_t proto, u16_t mport); ip_portmap_find(u8_t proto, u16_t mport);
#endif
static u8_t static u8_t
tcp_listening(u16_t port) tcp_listening(u16_t port)
@@ -353,8 +371,10 @@ tcp_listening(u16_t port)
for (t = tcp_listen_pcbs.listen_pcbs; t; t = t->next) for (t = tcp_listen_pcbs.listen_pcbs; t; t = t->next)
if (t->local_port == port) if (t->local_port == port)
return 1; return 1;
#if IP_NAPT_PORTMAP
if (ip_portmap_find(IP_PROTO_TCP, port)) if (ip_portmap_find(IP_PROTO_TCP, port))
return 1; return 1;
#endif
return 0; return 0;
} }
#endif /* LWIP_TCP */ #endif /* LWIP_TCP */
@@ -367,8 +387,10 @@ udp_listening(u16_t port)
for (pcb = udp_pcbs; pcb; pcb = pcb->next) for (pcb = udp_pcbs; pcb; pcb = pcb->next)
if (pcb->local_port == port) if (pcb->local_port == port)
return 1; return 1;
#if IP_NAPT_PORTMAP
if (ip_portmap_find(IP_PROTO_UDP, port)) if (ip_portmap_find(IP_PROTO_UDP, port))
return 1; return 1;
#endif
return 0; return 0;
} }
#endif /* LWIP_UDP */ #endif /* LWIP_UDP */
@@ -508,6 +530,7 @@ ip_napt_add(u8_t proto, u32_t src, u16_t sport, u32_t dest, u16_t dport)
return 0; return 0;
} }
#if IP_NAPT_PORTMAP
u8_t u8_t
ip_portmap_add(u8_t proto, u32_t maddr, u16_t mport, u32_t daddr, u16_t dport) ip_portmap_add(u8_t proto, u32_t maddr, u16_t mport, u32_t daddr, u16_t dport)
{ {
@@ -573,6 +596,7 @@ ip_portmap_remove(u8_t proto, u16_t mport)
last->valid = 0; last->valid = 0;
return 1; return 1;
} }
#endif /* IP_NAPT_PORTMAP */
#if LWIP_TCP #if LWIP_TCP
static void static void
@@ -627,7 +651,9 @@ ip_napt_modify_addr(struct ip_hdr *iphdr, ip4_addr_p_t *field, u32_t newval)
void void
ip_napt_recv(struct pbuf *p, struct ip_hdr *iphdr) ip_napt_recv(struct pbuf *p, struct ip_hdr *iphdr)
{ {
#if IP_NAPT_PORTMAP
struct portmap_table *m; struct portmap_table *m;
#endif
struct napt_table *t; struct napt_table *t;
#if LWIP_ICMP #if LWIP_ICMP
/* NAPT for ICMP Echo Request using identifier */ /* NAPT for ICMP Echo Request using identifier */
@@ -649,7 +675,6 @@ ip_napt_recv(struct pbuf *p, struct ip_hdr *iphdr)
if (IPH_PROTO(iphdr) == IP_PROTO_TCP) { if (IPH_PROTO(iphdr) == IP_PROTO_TCP) {
struct tcp_hdr *tcphdr = (struct tcp_hdr *)((u8_t *)p->payload + IPH_HL(iphdr) * 4); struct tcp_hdr *tcphdr = (struct tcp_hdr *)((u8_t *)p->payload + IPH_HL(iphdr) * 4);
LWIP_DEBUGF(NAPT_DEBUG, ("ip_napt_recv\n")); LWIP_DEBUGF(NAPT_DEBUG, ("ip_napt_recv\n"));
LWIP_DEBUGF(NAPT_DEBUG, ("src: %"U16_F".%"U16_F".%"U16_F".%"U16_F", dest: %"U16_F".%"U16_F".%"U16_F".%"U16_F", \n", LWIP_DEBUGF(NAPT_DEBUG, ("src: %"U16_F".%"U16_F".%"U16_F".%"U16_F", dest: %"U16_F".%"U16_F".%"U16_F".%"U16_F", \n",
ip4_addr1_16(&iphdr->src), ip4_addr2_16(&iphdr->src), ip4_addr1_16(&iphdr->src), ip4_addr2_16(&iphdr->src),
@@ -661,6 +686,7 @@ ip_napt_recv(struct pbuf *p, struct ip_hdr *iphdr)
lwip_htons(tcphdr->src), lwip_htons(tcphdr->src),
lwip_htons(tcphdr->dest))); lwip_htons(tcphdr->dest)));
#if IP_NAPT_PORTMAP
m = ip_portmap_find(IP_PROTO_TCP, tcphdr->dest); m = ip_portmap_find(IP_PROTO_TCP, tcphdr->dest);
if (m) { if (m) {
/* packet to mapped port: rewrite destination */ /* packet to mapped port: rewrite destination */
@@ -670,6 +696,7 @@ ip_napt_recv(struct pbuf *p, struct ip_hdr *iphdr)
ip_napt_modify_addr(iphdr, &iphdr->dest, m->daddr); ip_napt_modify_addr(iphdr, &iphdr->dest, m->daddr);
return; return;
} }
#endif
t = ip_napt_find(IP_PROTO_TCP, iphdr->src.addr, tcphdr->src, tcphdr->dest, 1); t = ip_napt_find(IP_PROTO_TCP, iphdr->src.addr, tcphdr->src, tcphdr->dest, 1);
if (!t) if (!t)
return; /* Unknown TCP session; do nothing */ return; /* Unknown TCP session; do nothing */
@@ -694,6 +721,8 @@ ip_napt_recv(struct pbuf *p, struct ip_hdr *iphdr)
#if LWIP_UDP #if LWIP_UDP
if (IPH_PROTO(iphdr) == IP_PROTO_UDP) { if (IPH_PROTO(iphdr) == IP_PROTO_UDP) {
struct udp_hdr *udphdr = (struct udp_hdr *)((u8_t *)p->payload + IPH_HL(iphdr) * 4); struct udp_hdr *udphdr = (struct udp_hdr *)((u8_t *)p->payload + IPH_HL(iphdr) * 4);
#if IP_NAPT_PORTMAP
m = ip_portmap_find(IP_PROTO_UDP, udphdr->dest); m = ip_portmap_find(IP_PROTO_UDP, udphdr->dest);
if (m) { if (m) {
/* packet to mapped port: rewrite destination */ /* packet to mapped port: rewrite destination */
@@ -703,6 +732,7 @@ ip_napt_recv(struct pbuf *p, struct ip_hdr *iphdr)
ip_napt_modify_addr(iphdr, &iphdr->dest, m->daddr); ip_napt_modify_addr(iphdr, &iphdr->dest, m->daddr);
return; return;
} }
#endif
t = ip_napt_find(IP_PROTO_UDP, iphdr->src.addr, udphdr->src, udphdr->dest, 1); t = ip_napt_find(IP_PROTO_UDP, iphdr->src.addr, udphdr->src, udphdr->dest, 1);
if (!t) if (!t)
return; /* Unknown session; do nothing */ return; /* Unknown session; do nothing */
@@ -742,6 +772,7 @@ ip_napt_forward(struct pbuf *p, struct ip_hdr *iphdr, struct netif *inp, struct
struct tcp_hdr *tcphdr = (struct tcp_hdr *)((u8_t *)p->payload + IPH_HL(iphdr) * 4); struct tcp_hdr *tcphdr = (struct tcp_hdr *)((u8_t *)p->payload + IPH_HL(iphdr) * 4);
u16_t mport; u16_t mport;
#if IP_NAPT_PORTMAP
struct portmap_table *m = ip_portmap_find_dest(IP_PROTO_TCP, tcphdr->src, iphdr->src.addr); struct portmap_table *m = ip_portmap_find_dest(IP_PROTO_TCP, tcphdr->src, iphdr->src.addr);
if (m) { if (m) {
/* packet from port-mapped dest addr/port: rewrite source to this node */ /* packet from port-mapped dest addr/port: rewrite source to this node */
@@ -751,6 +782,7 @@ ip_napt_forward(struct pbuf *p, struct ip_hdr *iphdr, struct netif *inp, struct
ip_napt_modify_addr(iphdr, &iphdr->src, m->maddr); ip_napt_modify_addr(iphdr, &iphdr->src, m->maddr);
return ERR_OK; return ERR_OK;
} }
#endif
if ((TCPH_FLAGS(tcphdr) & (TCP_SYN|TCP_ACK)) == TCP_SYN && if ((TCPH_FLAGS(tcphdr) & (TCP_SYN|TCP_ACK)) == TCP_SYN &&
PP_NTOHS(tcphdr->src) >= 1024) { PP_NTOHS(tcphdr->src) >= 1024) {
/* Register new TCP session to NAPT */ /* Register new TCP session to NAPT */
@@ -789,6 +821,7 @@ ip_napt_forward(struct pbuf *p, struct ip_hdr *iphdr, struct netif *inp, struct
struct udp_hdr *udphdr = (struct udp_hdr *)((u8_t *)p->payload + IPH_HL(iphdr) * 4); struct udp_hdr *udphdr = (struct udp_hdr *)((u8_t *)p->payload + IPH_HL(iphdr) * 4);
u16_t mport; u16_t mport;
#if IP_NAPT_PORTMAP
struct portmap_table *m = ip_portmap_find_dest(IP_PROTO_UDP, udphdr->src, iphdr->src.addr); struct portmap_table *m = ip_portmap_find_dest(IP_PROTO_UDP, udphdr->src, iphdr->src.addr);
if (m) { if (m) {
/* packet from port-mapped dest addr/port: rewrite source to this node */ /* packet from port-mapped dest addr/port: rewrite source to this node */
@@ -799,6 +832,7 @@ ip_napt_forward(struct pbuf *p, struct ip_hdr *iphdr, struct netif *inp, struct
ip_napt_modify_addr(iphdr, &iphdr->src, m->maddr); ip_napt_modify_addr(iphdr, &iphdr->src, m->maddr);
return ERR_OK; return ERR_OK;
} }
#endif /* IP_NAPT_PORTMAP */
if (PP_NTOHS(udphdr->src) >= 1024) { if (PP_NTOHS(udphdr->src) >= 1024) {
/* Register new UDP session */ /* Register new UDP session */
mport = ip_napt_add(IP_PROTO_UDP, iphdr->src.addr, udphdr->src, mport = ip_napt_add(IP_PROTO_UDP, iphdr->src.addr, udphdr->src,
test/unit/lwipopts.h
+1
View File
@@ -152,6 +152,7 @@ void dhcp_free_vendor_class_identifier(void);
#undef LWIP_RAND #undef LWIP_RAND
#define LWIP_RAND() (esp_random()) #define LWIP_RAND() (esp_random())
u32_t esp_random(void); u32_t esp_random(void);
#define IP_NAPT_PORTMAP 1
#endif /* IP_NAPT */ #endif /* IP_NAPT */
/* ESP debug options */ /* ESP debug options */
#ifdef ESP_TEST_DEBUG #ifdef ESP_TEST_DEBUG