wengzhe commented on code in PR #12156:
URL: https://github.com/apache/nuttx/pull/12156#discussion_r1567211104
##########
net/nat/ipv4_nat_entry.c:
##########
@@ -195,39 +204,47 @@ static void ipv4_nat_entry_delete(FAR ipv4_nat_entry_t
*entry)
****************************************************************************/
#if CONFIG_NET_NAT_ENTRY_RECLAIM_SEC > 0
+static void ipv4_nat_reclaim_entry_cb(FAR ipv4_nat_entry_t *entry,
+ FAR void *arg)
+{
+ int32_t current_time = *(int32_t *)arg;
Review Comment:
Done, I only want to save a second value after `TICK2SEC`, and never need to
be 64-bit?
##########
net/nat/ipv4_nat_entry.c:
##########
@@ -195,39 +204,47 @@ static void ipv4_nat_entry_delete(FAR ipv4_nat_entry_t
*entry)
****************************************************************************/
#if CONFIG_NET_NAT_ENTRY_RECLAIM_SEC > 0
+static void ipv4_nat_reclaim_entry_cb(FAR ipv4_nat_entry_t *entry,
+ FAR void *arg)
+{
+ int32_t current_time = *(int32_t *)arg;
+
+ if (entry->expire_time - current_time <= 0)
+ {
+ ipv4_nat_entry_delete(entry);
+ }
+}
+
static void ipv4_nat_reclaim_entry(int32_t current_time)
{
static int32_t next_reclaim_time = CONFIG_NET_NAT_ENTRY_RECLAIM_SEC;
if (next_reclaim_time - current_time <= 0)
{
- FAR hash_node_t *p;
- FAR hash_node_t *tmp;
- int count = 0;
- int i;
-
ninfo("INFO: Reclaiming all expired NAT44 entries.\n");
-
- hashtable_for_every_safe(g_nat44_inbound, p, tmp, i)
- {
- FAR ipv4_nat_entry_t *entry =
- container_of(p, ipv4_nat_entry_t, hash_inbound);
-
- if (entry->expire_time - current_time <= 0)
- {
- ipv4_nat_entry_delete(entry);
- count++;
- }
- }
-
- ninfo("INFO: %d expired NAT44 entries reclaimed.\n", count);
+ ipv4_nat_entry_foreach(ipv4_nat_reclaim_entry_cb, ¤t_time);
next_reclaim_time = current_time + CONFIG_NET_NAT_ENTRY_RECLAIM_SEC;
}
}
#else
# define ipv4_nat_reclaim_entry(t)
#endif
+/****************************************************************************
+ * Name: ipv4_nat_entry_clear_cb
+ ****************************************************************************/
+
+static void ipv4_nat_entry_clear_cb(FAR ipv4_nat_entry_t *entry,
+ FAR void *arg)
+{
+ FAR struct net_driver_s *dev = (FAR struct net_driver_s *)arg;
Review Comment:
Done.
##########
net/netlink/netlink_netfilter.c:
##########
@@ -0,0 +1,707 @@
+/****************************************************************************
+ * net/netlink/netlink_netfilter.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <nuttx/config.h>
+
+#include <assert.h>
+#include <debug.h>
+#include <errno.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include <netpacket/netlink.h>
+
+#include <nuttx/kmalloc.h>
+#include <nuttx/net/net.h>
+#include <nuttx/net/icmp.h>
+#include <nuttx/net/ip.h>
+#include <nuttx/net/netlink.h>
+
+#include "inet/inet.h"
+#include "nat/nat.h"
+#include "netlink/netlink.h"
+#include "utils/utils.h"
+
+#ifdef CONFIG_NETLINK_NETFILTER
+
+/****************************************************************************
+ * Private Types
+ ****************************************************************************/
+
+struct nfnl_sendto_request_s
+{
+ struct nlmsghdr hdr;
+ struct nfgenmsg msg;
+};
+
+struct nfnl_info_s
+{
+ NETLINK_HANDLE handle;
+ FAR const struct nfnl_sendto_request_s *req;
+};
+
+struct nfnl_ipv4addr_s
+{
+ struct nfattr attr;
+ in_addr_t addr;
+};
+
+struct nfnl_ipv6addr_s
+{
+ struct nfattr attr;
+ net_ipv6addr_t addr;
+};
+
+struct nfnl_attr_u8_s
+{
+ struct nfattr attr;
+ uint8_t value;
+ uint8_t pad[3];
+};
+
+struct nfnl_attr_u16_s
+{
+ struct nfattr attr;
+ uint16_t value;
+ uint16_t pad[1];
+};
+
+/* Struct of a conntrack tuple
+ * +------+--------------+-----------------+
+ * | attr | CTA_TUPLE_IP | CTA_TUPLE_PROTO |
+ * +------+--------------+-----------------+
+ */
+
+/* CTA_TUPLE_IP definitions */
+
+struct conntrack_tuple_ipv4_s
+{
+ struct nfattr attr;
+ struct nfnl_ipv4addr_s src;
+ struct nfnl_ipv4addr_s dst;
+};
+
+struct conntrack_tuple_ipv6_s
+{
+ struct nfattr attr;
+ struct nfnl_ipv6addr_s src;
+ struct nfnl_ipv6addr_s dst;
+};
+
+/* CTA_TUPLE_PROTO definitions */
+
+struct conntrack_tuple_tcpudp_s
+{
+ struct nfattr attr;
+ struct nfnl_attr_u8_s proto;
+ struct nfnl_attr_u16_s sport;
+ struct nfnl_attr_u16_s dport;
+};
+
+struct conntrack_tuple_icmp_s
+{
+ struct nfattr attr;
+ struct nfnl_attr_u8_s proto;
+ struct nfnl_attr_u16_s id;
+ struct nfnl_attr_u8_s type;
+ struct nfnl_attr_u8_s code;
+};
+
+/* Struct of a conntrack response
+ * +-----+-----+-----------------+----------------+
+ * | hdr | msg | tuple of origin | tuple of reply |
+ * +-----+-----+-----------------+----------------+
+ */
+
+struct conntrack_recvfrom_response_s
+{
+ struct nlmsghdr hdr;
+ struct nfgenmsg msg;
+ uint8_t data[1];
+};
+
+#define SIZEOF_CTNL_RECVFROM_RESPONSE_S(n) \
+ (sizeof(struct conntrack_recvfrom_response_s) + (n) - 1)
+
+struct conntrack_recvfrom_rsplist_s
+{
+ sq_entry_t flink;
+ struct conntrack_recvfrom_response_s payload;
+};
+
+#define SIZEOF_CTNL_RECVFROM_RSPLIST_S(n) \
+ (sizeof(struct conntrack_recvfrom_rsplist_s) + (n) - 1)
+
+/****************************************************************************
+ * Private Functions
+ ****************************************************************************/
+
+/****************************************************************************
+ * Name: netlink_conntrack_tuple_size
+ *
+ * Description:
+ * Get the size of a CTA_TUPLE. Struct of a conntrack tuple:
+ * +------+--------------+-----------------+
+ * | attr | CTA_TUPLE_IP | CTA_TUPLE_PROTO |
+ * +------+--------------+-----------------+
+ *
+ * Input Parameters:
+ * domain - The domain of the tuple
+ * proto - The protocol of the tuple
+ *
+ * Returned Value:
+ * The size of the tuple.
+ *
+ ****************************************************************************/
+
+static ssize_t netlink_conntrack_tuple_size(uint8_t domain, uint8_t proto)
+{
+ size_t size = sizeof(struct nfattr);
+
+ switch (domain)
+ {
+ case PF_INET:
+ size += sizeof(struct conntrack_tuple_ipv4_s);
+ break;
+
+ case PF_INET6:
+ size += sizeof(struct conntrack_tuple_ipv6_s);
+ break;
+
+ default:
+ return -EINVAL;
+ }
+
+ switch (proto)
+ {
+ case IPPROTO_TCP:
+ case IPPROTO_UDP:
+ size += sizeof(struct conntrack_tuple_tcpudp_s);
+ break;
+
+ case IPPROTO_ICMP:
+ case IPPROTO_ICMP6:
+ size += sizeof(struct conntrack_tuple_icmp_s);
+ break;
+
+ default:
+ return -EINVAL;
+ }
+
+ return size;
+}
+
+/****************************************************************************
+ * Name: netlink_conntrack_fill_ip
+ *
+ * Description:
+ * Fill the data of a CTA_TUPLE_IP.
+ *
+ * Input Parameters:
+ * buf - The buffer to fill
+ * domain - The domain of the addresses
+ * src - The source address
+ * dst - The destination address
+ *
+ * Returned Value:
+ * The size of the filled data.
+ *
+ ****************************************************************************/
+
+static size_t netlink_conntrack_fill_ip(FAR uint8_t *buf, uint8_t domain,
Review Comment:
Done.
##########
net/netlink/netlink_netfilter.c:
##########
@@ -0,0 +1,707 @@
+/****************************************************************************
+ * net/netlink/netlink_netfilter.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <nuttx/config.h>
+
+#include <assert.h>
+#include <debug.h>
+#include <errno.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include <netpacket/netlink.h>
+
+#include <nuttx/kmalloc.h>
+#include <nuttx/net/net.h>
+#include <nuttx/net/icmp.h>
+#include <nuttx/net/ip.h>
+#include <nuttx/net/netlink.h>
+
+#include "inet/inet.h"
+#include "nat/nat.h"
+#include "netlink/netlink.h"
+#include "utils/utils.h"
+
+#ifdef CONFIG_NETLINK_NETFILTER
+
+/****************************************************************************
+ * Private Types
+ ****************************************************************************/
+
+struct nfnl_sendto_request_s
+{
+ struct nlmsghdr hdr;
+ struct nfgenmsg msg;
+};
+
+struct nfnl_info_s
+{
+ NETLINK_HANDLE handle;
+ FAR const struct nfnl_sendto_request_s *req;
+};
+
+struct nfnl_ipv4addr_s
+{
+ struct nfattr attr;
+ in_addr_t addr;
+};
+
+struct nfnl_ipv6addr_s
+{
+ struct nfattr attr;
+ net_ipv6addr_t addr;
+};
+
+struct nfnl_attr_u8_s
+{
+ struct nfattr attr;
+ uint8_t value;
+ uint8_t pad[3];
+};
+
+struct nfnl_attr_u16_s
+{
+ struct nfattr attr;
+ uint16_t value;
+ uint16_t pad[1];
+};
+
+/* Struct of a conntrack tuple
+ * +------+--------------+-----------------+
+ * | attr | CTA_TUPLE_IP | CTA_TUPLE_PROTO |
+ * +------+--------------+-----------------+
+ */
+
+/* CTA_TUPLE_IP definitions */
+
+struct conntrack_tuple_ipv4_s
+{
+ struct nfattr attr;
+ struct nfnl_ipv4addr_s src;
+ struct nfnl_ipv4addr_s dst;
+};
+
+struct conntrack_tuple_ipv6_s
+{
+ struct nfattr attr;
+ struct nfnl_ipv6addr_s src;
+ struct nfnl_ipv6addr_s dst;
+};
+
+/* CTA_TUPLE_PROTO definitions */
+
+struct conntrack_tuple_tcpudp_s
+{
+ struct nfattr attr;
+ struct nfnl_attr_u8_s proto;
+ struct nfnl_attr_u16_s sport;
+ struct nfnl_attr_u16_s dport;
+};
+
+struct conntrack_tuple_icmp_s
+{
+ struct nfattr attr;
+ struct nfnl_attr_u8_s proto;
+ struct nfnl_attr_u16_s id;
+ struct nfnl_attr_u8_s type;
+ struct nfnl_attr_u8_s code;
+};
+
+/* Struct of a conntrack response
+ * +-----+-----+-----------------+----------------+
+ * | hdr | msg | tuple of origin | tuple of reply |
+ * +-----+-----+-----------------+----------------+
+ */
+
+struct conntrack_recvfrom_response_s
+{
+ struct nlmsghdr hdr;
+ struct nfgenmsg msg;
+ uint8_t data[1];
+};
+
+#define SIZEOF_CTNL_RECVFROM_RESPONSE_S(n) \
+ (sizeof(struct conntrack_recvfrom_response_s) + (n) - 1)
+
+struct conntrack_recvfrom_rsplist_s
+{
+ sq_entry_t flink;
+ struct conntrack_recvfrom_response_s payload;
+};
+
+#define SIZEOF_CTNL_RECVFROM_RSPLIST_S(n) \
+ (sizeof(struct conntrack_recvfrom_rsplist_s) + (n) - 1)
+
+/****************************************************************************
+ * Private Functions
+ ****************************************************************************/
+
+/****************************************************************************
+ * Name: netlink_conntrack_tuple_size
+ *
+ * Description:
+ * Get the size of a CTA_TUPLE. Struct of a conntrack tuple:
+ * +------+--------------+-----------------+
+ * | attr | CTA_TUPLE_IP | CTA_TUPLE_PROTO |
+ * +------+--------------+-----------------+
+ *
+ * Input Parameters:
+ * domain - The domain of the tuple
+ * proto - The protocol of the tuple
+ *
+ * Returned Value:
+ * The size of the tuple.
+ *
+ ****************************************************************************/
+
+static ssize_t netlink_conntrack_tuple_size(uint8_t domain, uint8_t proto)
+{
+ size_t size = sizeof(struct nfattr);
+
+ switch (domain)
+ {
+ case PF_INET:
+ size += sizeof(struct conntrack_tuple_ipv4_s);
+ break;
+
+ case PF_INET6:
+ size += sizeof(struct conntrack_tuple_ipv6_s);
+ break;
+
+ default:
+ return -EINVAL;
+ }
+
+ switch (proto)
+ {
+ case IPPROTO_TCP:
+ case IPPROTO_UDP:
+ size += sizeof(struct conntrack_tuple_tcpudp_s);
+ break;
+
+ case IPPROTO_ICMP:
+ case IPPROTO_ICMP6:
+ size += sizeof(struct conntrack_tuple_icmp_s);
+ break;
+
+ default:
+ return -EINVAL;
+ }
+
+ return size;
+}
+
+/****************************************************************************
+ * Name: netlink_conntrack_fill_ip
+ *
+ * Description:
+ * Fill the data of a CTA_TUPLE_IP.
+ *
+ * Input Parameters:
+ * buf - The buffer to fill
+ * domain - The domain of the addresses
+ * src - The source address
+ * dst - The destination address
+ *
+ * Returned Value:
+ * The size of the filled data.
+ *
+ ****************************************************************************/
+
+static size_t netlink_conntrack_fill_ip(FAR uint8_t *buf, uint8_t domain,
+ FAR const void *src,
+ FAR const void *dst)
+{
+#ifdef CONFIG_NET_NAT44
+ if (domain == PF_INET)
+ {
+ FAR struct conntrack_tuple_ipv4_s *tuple_ipv4 =
+ (FAR struct conntrack_tuple_ipv4_s *)buf;
+
+ tuple_ipv4->attr.nfa_len = sizeof(struct conntrack_tuple_ipv4_s);
+ tuple_ipv4->attr.nfa_type = CTA_TUPLE_IP | NFNL_NFA_NEST;
+
+ tuple_ipv4->src.attr.nfa_len = NFA_LENGTH(sizeof(in_addr_t));
+ tuple_ipv4->src.attr.nfa_type = CTA_IP_V4_SRC;
+ net_ipv4addr_hdrcopy(&tuple_ipv4->src.addr, src);
+
+ tuple_ipv4->dst.attr.nfa_len = NFA_LENGTH(sizeof(in_addr_t));
+ tuple_ipv4->dst.attr.nfa_type = CTA_IP_V4_DST;
+ net_ipv4addr_hdrcopy(&tuple_ipv4->dst.addr, dst);
+
+ return sizeof(struct conntrack_tuple_ipv4_s);
+ }
+#endif
+
+#ifdef CONFIG_NET_NAT66
+ if (domain == PF_INET6)
+ {
+ FAR struct conntrack_tuple_ipv6_s *tuple_ipv6 =
+ (FAR struct conntrack_tuple_ipv6_s *)buf;
+
+ tuple_ipv6->attr.nfa_len = sizeof(struct conntrack_tuple_ipv6_s);
+ tuple_ipv6->attr.nfa_type = CTA_TUPLE_IP | NFNL_NFA_NEST;
+
+ tuple_ipv6->src.attr.nfa_len = NFA_LENGTH(sizeof(net_ipv6addr_t));
+ tuple_ipv6->src.attr.nfa_type = CTA_IP_V6_SRC;
+ net_ipv6addr_hdrcopy(tuple_ipv6->src.addr, src);
+
+ tuple_ipv6->dst.attr.nfa_len = NFA_LENGTH(sizeof(net_ipv6addr_t));
+ tuple_ipv6->dst.attr.nfa_type = CTA_IP_V6_DST;
+ net_ipv6addr_hdrcopy(tuple_ipv6->dst.addr, dst);
+
+ return sizeof(struct conntrack_tuple_ipv6_s);
+ }
+#endif
+
+ return 0;
+}
+
+/****************************************************************************
+ * Name: netlink_conntrack_fill_proto
+ *
+ * Description:
+ * Fill the data of a CTA_TUPLE_PROTO.
+ *
+ * Input Parameters:
+ * buf - The buffer to fill
+ * proto - The protocol of the tuple
+ * sport - The source port
+ * dport - The destination port
+ * reply - True if the tuple is a reply
+ *
+ * Returned Value:
+ * The size of the filled data.
+ *
+ ****************************************************************************/
+
+static size_t netlink_conntrack_fill_proto(FAR uint8_t *buf, uint8_t proto,
Review Comment:
Done.
##########
net/netlink/netlink_netfilter.c:
##########
@@ -0,0 +1,707 @@
+/****************************************************************************
+ * net/netlink/netlink_netfilter.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <nuttx/config.h>
+
+#include <assert.h>
+#include <debug.h>
+#include <errno.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include <netpacket/netlink.h>
+
+#include <nuttx/kmalloc.h>
+#include <nuttx/net/net.h>
+#include <nuttx/net/icmp.h>
+#include <nuttx/net/ip.h>
+#include <nuttx/net/netlink.h>
+
+#include "inet/inet.h"
+#include "nat/nat.h"
+#include "netlink/netlink.h"
+#include "utils/utils.h"
+
+#ifdef CONFIG_NETLINK_NETFILTER
+
+/****************************************************************************
+ * Private Types
+ ****************************************************************************/
+
+struct nfnl_sendto_request_s
+{
+ struct nlmsghdr hdr;
+ struct nfgenmsg msg;
+};
+
+struct nfnl_info_s
+{
+ NETLINK_HANDLE handle;
+ FAR const struct nfnl_sendto_request_s *req;
+};
+
+struct nfnl_ipv4addr_s
+{
+ struct nfattr attr;
+ in_addr_t addr;
+};
+
+struct nfnl_ipv6addr_s
+{
+ struct nfattr attr;
+ net_ipv6addr_t addr;
+};
+
+struct nfnl_attr_u8_s
+{
+ struct nfattr attr;
+ uint8_t value;
+ uint8_t pad[3];
+};
+
+struct nfnl_attr_u16_s
+{
+ struct nfattr attr;
+ uint16_t value;
+ uint16_t pad[1];
+};
+
+/* Struct of a conntrack tuple
+ * +------+--------------+-----------------+
+ * | attr | CTA_TUPLE_IP | CTA_TUPLE_PROTO |
+ * +------+--------------+-----------------+
+ */
+
+/* CTA_TUPLE_IP definitions */
+
+struct conntrack_tuple_ipv4_s
+{
+ struct nfattr attr;
+ struct nfnl_ipv4addr_s src;
+ struct nfnl_ipv4addr_s dst;
+};
+
+struct conntrack_tuple_ipv6_s
+{
+ struct nfattr attr;
+ struct nfnl_ipv6addr_s src;
+ struct nfnl_ipv6addr_s dst;
+};
+
+/* CTA_TUPLE_PROTO definitions */
+
+struct conntrack_tuple_tcpudp_s
+{
+ struct nfattr attr;
+ struct nfnl_attr_u8_s proto;
+ struct nfnl_attr_u16_s sport;
+ struct nfnl_attr_u16_s dport;
+};
+
+struct conntrack_tuple_icmp_s
+{
+ struct nfattr attr;
+ struct nfnl_attr_u8_s proto;
+ struct nfnl_attr_u16_s id;
+ struct nfnl_attr_u8_s type;
+ struct nfnl_attr_u8_s code;
+};
+
+/* Struct of a conntrack response
+ * +-----+-----+-----------------+----------------+
+ * | hdr | msg | tuple of origin | tuple of reply |
+ * +-----+-----+-----------------+----------------+
+ */
+
+struct conntrack_recvfrom_response_s
+{
+ struct nlmsghdr hdr;
+ struct nfgenmsg msg;
+ uint8_t data[1];
+};
+
+#define SIZEOF_CTNL_RECVFROM_RESPONSE_S(n) \
+ (sizeof(struct conntrack_recvfrom_response_s) + (n) - 1)
+
+struct conntrack_recvfrom_rsplist_s
+{
+ sq_entry_t flink;
+ struct conntrack_recvfrom_response_s payload;
+};
+
+#define SIZEOF_CTNL_RECVFROM_RSPLIST_S(n) \
+ (sizeof(struct conntrack_recvfrom_rsplist_s) + (n) - 1)
+
+/****************************************************************************
+ * Private Functions
+ ****************************************************************************/
+
+/****************************************************************************
+ * Name: netlink_conntrack_tuple_size
+ *
+ * Description:
+ * Get the size of a CTA_TUPLE. Struct of a conntrack tuple:
+ * +------+--------------+-----------------+
+ * | attr | CTA_TUPLE_IP | CTA_TUPLE_PROTO |
+ * +------+--------------+-----------------+
+ *
+ * Input Parameters:
+ * domain - The domain of the tuple
+ * proto - The protocol of the tuple
+ *
+ * Returned Value:
+ * The size of the tuple.
+ *
+ ****************************************************************************/
+
+static ssize_t netlink_conntrack_tuple_size(uint8_t domain, uint8_t proto)
+{
+ size_t size = sizeof(struct nfattr);
+
+ switch (domain)
+ {
+ case PF_INET:
+ size += sizeof(struct conntrack_tuple_ipv4_s);
+ break;
+
+ case PF_INET6:
+ size += sizeof(struct conntrack_tuple_ipv6_s);
+ break;
+
+ default:
+ return -EINVAL;
+ }
+
+ switch (proto)
+ {
+ case IPPROTO_TCP:
+ case IPPROTO_UDP:
+ size += sizeof(struct conntrack_tuple_tcpudp_s);
+ break;
+
+ case IPPROTO_ICMP:
+ case IPPROTO_ICMP6:
+ size += sizeof(struct conntrack_tuple_icmp_s);
+ break;
+
+ default:
+ return -EINVAL;
+ }
+
+ return size;
+}
+
+/****************************************************************************
+ * Name: netlink_conntrack_fill_ip
+ *
+ * Description:
+ * Fill the data of a CTA_TUPLE_IP.
+ *
+ * Input Parameters:
+ * buf - The buffer to fill
+ * domain - The domain of the addresses
+ * src - The source address
+ * dst - The destination address
+ *
+ * Returned Value:
+ * The size of the filled data.
+ *
+ ****************************************************************************/
+
+static size_t netlink_conntrack_fill_ip(FAR uint8_t *buf, uint8_t domain,
+ FAR const void *src,
+ FAR const void *dst)
+{
+#ifdef CONFIG_NET_NAT44
+ if (domain == PF_INET)
+ {
+ FAR struct conntrack_tuple_ipv4_s *tuple_ipv4 =
+ (FAR struct conntrack_tuple_ipv4_s *)buf;
+
+ tuple_ipv4->attr.nfa_len = sizeof(struct conntrack_tuple_ipv4_s);
+ tuple_ipv4->attr.nfa_type = CTA_TUPLE_IP | NFNL_NFA_NEST;
+
+ tuple_ipv4->src.attr.nfa_len = NFA_LENGTH(sizeof(in_addr_t));
+ tuple_ipv4->src.attr.nfa_type = CTA_IP_V4_SRC;
+ net_ipv4addr_hdrcopy(&tuple_ipv4->src.addr, src);
+
+ tuple_ipv4->dst.attr.nfa_len = NFA_LENGTH(sizeof(in_addr_t));
+ tuple_ipv4->dst.attr.nfa_type = CTA_IP_V4_DST;
+ net_ipv4addr_hdrcopy(&tuple_ipv4->dst.addr, dst);
+
+ return sizeof(struct conntrack_tuple_ipv4_s);
+ }
+#endif
+
+#ifdef CONFIG_NET_NAT66
+ if (domain == PF_INET6)
+ {
+ FAR struct conntrack_tuple_ipv6_s *tuple_ipv6 =
+ (FAR struct conntrack_tuple_ipv6_s *)buf;
+
+ tuple_ipv6->attr.nfa_len = sizeof(struct conntrack_tuple_ipv6_s);
+ tuple_ipv6->attr.nfa_type = CTA_TUPLE_IP | NFNL_NFA_NEST;
+
+ tuple_ipv6->src.attr.nfa_len = NFA_LENGTH(sizeof(net_ipv6addr_t));
+ tuple_ipv6->src.attr.nfa_type = CTA_IP_V6_SRC;
+ net_ipv6addr_hdrcopy(tuple_ipv6->src.addr, src);
+
+ tuple_ipv6->dst.attr.nfa_len = NFA_LENGTH(sizeof(net_ipv6addr_t));
+ tuple_ipv6->dst.attr.nfa_type = CTA_IP_V6_DST;
+ net_ipv6addr_hdrcopy(tuple_ipv6->dst.addr, dst);
+
+ return sizeof(struct conntrack_tuple_ipv6_s);
+ }
+#endif
+
+ return 0;
+}
+
+/****************************************************************************
+ * Name: netlink_conntrack_fill_proto
+ *
+ * Description:
+ * Fill the data of a CTA_TUPLE_PROTO.
+ *
+ * Input Parameters:
+ * buf - The buffer to fill
+ * proto - The protocol of the tuple
+ * sport - The source port
+ * dport - The destination port
+ * reply - True if the tuple is a reply
+ *
+ * Returned Value:
+ * The size of the filled data.
+ *
+ ****************************************************************************/
+
+static size_t netlink_conntrack_fill_proto(FAR uint8_t *buf, uint8_t proto,
+ uint16_t sport, uint16_t dport,
+ bool reply)
+{
+ switch (proto)
+ {
+#ifdef CONFIG_NET_TCP
+ case IPPROTO_TCP:
+#endif
+#ifdef CONFIG_NET_UDP
+ case IPPROTO_UDP:
+#endif
+#if defined(CONFIG_NET_TCP) || defined(CONFIG_NET_UDP)
+ {
+ FAR struct conntrack_tuple_tcpudp_s *tuple_tcpudp =
+ (FAR struct conntrack_tuple_tcpudp_s *)buf;
+
+ tuple_tcpudp->attr.nfa_len =
+ sizeof(struct conntrack_tuple_tcpudp_s);
+ tuple_tcpudp->attr.nfa_type = CTA_TUPLE_PROTO | NFNL_NFA_NEST;
+
+ tuple_tcpudp->proto.attr.nfa_len = NFA_LENGTH(sizeof(uint8_t));
+ tuple_tcpudp->proto.attr.nfa_type = CTA_PROTO_NUM;
+ tuple_tcpudp->proto.value = proto;
+
+ tuple_tcpudp->sport.attr.nfa_len = NFA_LENGTH(sizeof(uint16_t));
+ tuple_tcpudp->sport.attr.nfa_type = CTA_PROTO_SRC_PORT;
+ tuple_tcpudp->sport.value = sport;
+
+ tuple_tcpudp->dport.attr.nfa_len = NFA_LENGTH(sizeof(uint16_t));
+ tuple_tcpudp->dport.attr.nfa_type = CTA_PROTO_DST_PORT;
+ tuple_tcpudp->dport.value = dport;
+
+ return sizeof(struct conntrack_tuple_tcpudp_s);
Review Comment:
Done.
##########
net/nat/ipv6_nat_entry.c:
##########
@@ -188,39 +197,47 @@ static void ipv6_nat_entry_delete(FAR ipv6_nat_entry_t
*entry)
****************************************************************************/
#if CONFIG_NET_NAT_ENTRY_RECLAIM_SEC > 0
+static void ipv6_nat_reclaim_entry_cb(FAR ipv6_nat_entry_t *entry,
+ FAR void *arg)
+{
+ int32_t current_time = *(int32_t *)arg;
Review Comment:
Done.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
