diff options
author | Ido Barnea <ibarnea@cisco.com> | 2016-01-14 04:42:05 +0200 |
---|---|---|
committer | Ido Barnea <ibarnea@cisco.com> | 2016-01-19 04:13:53 +0200 |
commit | 62623efc5b700d58335fa994d2e2725863527575 (patch) | |
tree | f3140936cd979c7d609bbe91c539f681ddd8e552 /src/nat_check.h | |
parent | eee866f42bd0fc8472e6295b4f26bd0697e59f1f (diff) |
Adding option to pass NAT info in TCP ACK of first SYN
Diffstat (limited to 'src/nat_check.h')
-rwxr-xr-x | src/nat_check.h | 122 |
1 files changed, 103 insertions, 19 deletions
diff --git a/src/nat_check.h b/src/nat_check.h index a500ddaf..133501ae 100755 --- a/src/nat_check.h +++ b/src/nat_check.h @@ -21,18 +21,103 @@ See the License for the specific language governing permissions and limitations under the License. */ -#include "rx_check_header.h" #include "msg_manager.h" #include <common/Network/Packet/TcpHeader.h> #include <common/Network/Packet/UdpHeader.h> #include <common/Network/Packet/IPHeader.h> #include <common/Network/Packet/IPv6Header.h> #include <common/Network/Packet/EthernetHeader.h> - - +#include "os_time.h" // 2msec timeout #define MAX_TIME_MSG_IN_QUEUE_SEC ( 0.002 ) +#define NAT_FLOW_ID_MASK 0x00ffffff + +class CNatOption { +public: + enum { + noIPV4_OPTION = 0x10, /* dummy IPV4 option */ + noOPTION_LEN = 0x8, + noIPV4_MAGIC = 0xEE, + noIPV4_MAGIC_RX = 0xED, + + noIPV6_OPTION_LEN = (noOPTION_LEN/8)-1, + noIPV6_OPTION = 0x3C, /*IPv6-Opts Destination Options for IPv6 RFC 2460*/ + }; + + void set_option_type(uint8_t id) { + u.m_data[0 ] =id; + } + + uint8_t get_option_type() { + return (u.m_data[0]); + } + + void set_option_len(uint8_t len) { + u.m_data[1] = len; + } + uint8_t get_option_len(){ + return ( u.m_data[1]); + } + + void set_thread_id(uint8_t thread_id) { + u.m_data[3] = thread_id; + } + + uint8_t get_thread_id() { + return (u.m_data[3]); + } + + void set_magic(uint8_t magic){ + u.m_data[2] = magic; + } + + uint8_t get_magic(){ + return (u.m_data[2]); + } + + void set_fid(uint32_t fid) { + u.m_data_uint32[1] = fid & NAT_FLOW_ID_MASK; + } + + uint32_t get_fid() { + return (u.m_data_uint32[1]); + } + + bool is_valid_ipv4_magic_op0(void){ + return ( ( PKT_NTOHL( u.m_data_uint32[0] )& 0xFFFFFF00 ) == + (CNatOption::noIPV4_OPTION <<24) + (CNatOption::noOPTION_LEN<<16) + (CNatOption::noIPV4_MAGIC<<8) ?true:false); + } + + bool is_valid_ipv4_magic(void) { + return (is_valid_ipv4_magic_op0()); + } + + bool is_valid_ipv6_magic(void) { + return ( ( PKT_NTOHL( u.m_data_uint32[0] )& 0x00FFFF00 ) == + (CNatOption::noIPV6_OPTION_LEN<<16) + (CNatOption::noIPV4_MAGIC<<8) ?true:false); + + } + + void set_init_ipv4_header() { + set_option_type(CNatOption::noIPV4_OPTION); + set_option_len(CNatOption::noOPTION_LEN); + set_magic(CNatOption::noIPV4_MAGIC); + } + + void set_init_ipv6_header(void){ + set_option_len(noIPV6_OPTION_LEN); + set_magic(CNatOption::noIPV4_MAGIC); + } + + void dump(FILE *fd); + +private: + union u_ { + uint8_t m_data[8]; + uint32_t m_data_uint32[2]; + } u; +}; struct CNatFlowInfo { uint32_t m_external_ip; @@ -46,31 +131,28 @@ struct CNatFlowInfo { /* size of 64 bytes */ #define MAX_NAT_FLOW_INFO (7) #define MAX_PKT_MSG_INFO (26) - #else #define MAX_NAT_FLOW_INFO (8) #define MAX_PKT_MSG_INFO (30) #endif - /* !!! WARNING - CGenNodeNatInfo !! this struct should be in the same size of CGenNode beacuse allocator is global . */ - -struct CGenNodeNatInfo : public CGenNodeMsgBase { +struct CGenNodeNatInfo : public CGenNodeMsgBase { uint8_t m_pad; uint16_t m_cnt; //uint32_t m_pad2; - #if __x86_64__ + #if __x86_64__ uint32_t m_pad3; - #endif + #endif CNatFlowInfo m_data[MAX_NAT_FLOW_INFO]; public: - CNatFlowInfo * get_next_msg(){ + CNatFlowInfo * get_next_msg() { CNatFlowInfo * lp=&m_data[m_cnt]; m_cnt++; return (lp); @@ -84,12 +166,12 @@ public: void dump(FILE *fd); }; -struct CGenNodeLatencyPktInfo : public CGenNodeMsgBase { +struct CGenNodeLatencyPktInfo : public CGenNodeMsgBase { uint8_t m_dir; uint16_t m_latency_offset; - #if __x86_64__ + #if __x86_64__ uint32_t m_pad3; - #endif +#endif struct rte_mbuf * m_pkt; uint32_t m_pad4[MAX_PKT_MSG_INFO]; @@ -100,7 +182,7 @@ struct CGenNodeLatencyPktInfo : public CGenNodeMsgBase { try to put as many messages */ class CNatPerThreadInfo { public: - CNatPerThreadInfo(){ + CNatPerThreadInfo() { m_last_time=0; m_cur_nat_msg=0; m_ring=0; @@ -114,8 +196,6 @@ public: class CNatStats { public: - void reset(); -public: uint64_t m_total_rx; uint64_t m_total_msg; /* errors */ @@ -123,6 +203,7 @@ public: uint64_t m_err_no_valid_proto; uint64_t m_err_queue_full; public: + void reset(); uint64_t get_errs(){ return (m_err_no_valid_thread_id+m_err_no_valid_proto+m_err_queue_full); } @@ -135,11 +216,14 @@ class CNatRxManager { public: bool Create(); void Delete(); - void handle_packet_ipv4(CNatOption * option, - IPHeader * ipv4); + void handle_packet_ipv4(CNatOption * option, IPHeader * ipv4); void handle_aging(); - void Dump(FILE *fd); + void Dump(FILE *fd); void DumpShort(FILE *fd); + static inline uint32_t calc_tcp_ack_val(uint32_t fid, uint8_t thread_id) { + return ((fid & NAT_FLOW_ID_MASK) << 8) | thread_id; + } + void get_info_from_tcp_ack(uint32_t tcp_ack, uint32_t &fid, uint8_t &thread_id); private: CNatPerThreadInfo * get_thread_info(uint8_t thread_id); void flush_node(CNatPerThreadInfo * thread_info); |