From 907688f7085af5245c9a492c75fe8a7a4f1f8f3c Mon Sep 17 00:00:00 2001 From: Gregory Shimansky Date: Wed, 6 Feb 2019 09:28:02 -0600 Subject: [PATCH 1/7] Removed debug output --- nat/util.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/nat/util.go b/nat/util.go index ce8d542..e26d4da 100644 --- a/nat/util.go +++ b/nat/util.go @@ -248,8 +248,6 @@ func bringInterfaceUp(dev netlink.Link, name string) error { } fname := fmt.Sprintf(sysFsIfFormat, name) - fmt.Println("NAME=", name) - fmt.Println("FILE NAME=", fname) var file *os.File file, err = os.OpenFile(fname, os.O_WRONLY, 0644) if err != nil { From 5b0a4790ef1b892f960b87af1b45396b1ec9ce3b Mon Sep 17 00:00:00 2001 From: Gregory Shimansky Date: Wed, 6 Feb 2019 15:14:09 -0600 Subject: [PATCH 2/7] Fixed script termination on error --- env.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) mode change 100644 => 100755 env.sh diff --git a/env.sh b/env.sh old mode 100644 new mode 100755 index 224e004..f20a038 --- a/env.sh +++ b/env.sh @@ -3,7 +3,7 @@ if [ -z "${NFF_GO}" ] then echo "You need to define NFF_GO variable which points to root of built NFF_GO repository." - exit 1 + return 1 fi export RTE_TARGET=x86_64-native-linuxapp-gcc From ca9c25d7063ba0168b73071fcb69e25a11868847 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Wed, 13 Feb 2019 21:29:35 +0000 Subject: [PATCH 3/7] Added config for AWS --- config-aws.json | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 config-aws.json diff --git a/config-aws.json b/config-aws.json new file mode 100644 index 0000000..f0a6361 --- /dev/null +++ b/config-aws.json @@ -0,0 +1,38 @@ +{ + "port-pairs": [ + { + "private-port": { + "index": 0, + "subnet": "10.0.14.10/24", + "subnet6": "2600:1f16:80:ad14::10/64" + }, + "public-port": { + "index": 1, + "subnet": "10.0.16.10/24", + "subnet6": "2600:1f16:80:ad16::10/64", + "forward-ports": [ + { + "port": 8080, + "destination": "10.0.14.20:80", + "protocol": "TCP" + }, + { + "port": 8080, + "destination": "[2600:1f16:80:ad14::20]:80", + "protocol": "TCP6" + }, + { + "port": 2222, + "destination": "10.0.14.20:22", + "protocol": "TCP" + }, + { + "port": 2222, + "destination": "[2600:1f16:80:ad14::20]:22", + "protocol": "TCP6" + } + ] + } + } + ] +} From fe466f1a1480fdf37b7f073422e8c7c00caf891d Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Wed, 13 Feb 2019 21:32:22 +0000 Subject: [PATCH 4/7] Added control over pcap dump from the command line --- nat.go | 30 ++++++++++++++++++ nat/arp.go | 16 +++++----- nat/config.go | 28 ++++++++--------- nat/dhcp.go | 2 +- nat/dhcp6.go | 2 +- nat/icmp.go | 10 +++--- nat/neigh.go | 14 ++++----- nat/translation.go | 76 +++++++++++++++++++++++----------------------- nat/util.go | 2 +- 9 files changed, 105 insertions(+), 75 deletions(-) diff --git a/nat.go b/nat.go index 6830655..a3b4524 100644 --- a/nat.go +++ b/nat.go @@ -15,7 +15,30 @@ import ( "github.com/intel-go/nff-go-nat/nat" ) +type DumpControlArray [nat.DirKNI + 1]bool + +func (drc *DumpControlArray) String() string { + return "" +} + +func (drc *DumpControlArray) Set(value string) error { + fmt.Println("Input: ", value) + for _, c := range value { + if c == 'd' { + (*drc)[nat.DirDROP] = true + } else if c == 't' { + (*drc)[nat.DirSEND] = true + } else if c == 'k' { + (*drc)[nat.DirKNI] = true + } else { + return fmt.Errorf("Bad dump control flag character: \"%v\"", c) + } + } + return nil +} + func main() { + var dumpControl DumpControlArray // Parse arguments cores := flag.String("cores", "", "Specify CPU cores to use.") configFile := flag.String("config", "config.json", "Specify config file name.") @@ -25,8 +48,15 @@ func main() { setKniIP := flag.Bool("set-kni-IP", false, "Set IP addresses specified in config file to created KNI interfaces. Do not use if your system uses Network Manager! Use Network Manager configurations instead.") bringUpKniInterfaces := flag.Bool("bring-up-kni", false, "Set IP addresses specified in config file to created KNI interfaces. Do not use if your system uses Network Manager! Use Network Manager configurations instead.") dpdkLogLevel := flag.String("dpdk", "--log-level=0", "Passes an arbitrary argument to dpdk EAL.") + flag.Var(&dumpControl, "dump", `Enable dump pcap output in a form of letter flags, +e.g. "-dump d" or "-dump dtk": + d means to trace dropped packets, + t means to trace translated (normally sent) packets, + k means to trace packets that were sent to KNI interface.`) flag.Parse() + nat.DumpEnabled = dumpControl + // Set up reaction to SIGINT (Ctrl-C) c := make(chan os.Signal, 1) signal.Notify(c, os.Interrupt) diff --git a/nat/arp.go b/nat/arp.go index 28ed36c..041cc53 100644 --- a/nat/arp.go +++ b/nat/arp.go @@ -18,14 +18,14 @@ func (port *ipPort) handleARP(pkt *packet.Packet) uint { port.arpTable.Store(ipv4, arp.SHA) } if port.KNIName != "" { - return dirKNI + return DirKNI } - return dirDROP + return DirDROP } // If there is a KNI interface, direct all ARP traffic to it if port.KNIName != "" { - return dirKNI + return DirKNI } // Check that someone is asking about MAC of my IP address and HW @@ -34,12 +34,12 @@ func (port *ipPort) handleARP(pkt *packet.Packet) uint { println("Warning! Got an ARP packet with target IPv4 address", StringIPv4Array(arp.TPA), "different from IPv4 address on interface. Should be", StringIPv4Int(port.Subnet.Addr), ". ARP request ignored.") - return dirDROP + return DirDROP } if arp.THA != [common.EtherAddrLen]byte{} { println("Warning! Got an ARP packet with non-zero MAC address", StringMAC(arp.THA), ". ARP request ignored.") - return dirDROP + return DirDROP } // Prepare an answer to this request @@ -54,10 +54,10 @@ func (port *ipPort) handleARP(pkt *packet.Packet) uint { answerPacket.AddVLANTag(packet.SwapBytesUint16(vlan.TCI)) } - port.dumpPacket(answerPacket, dirSEND) + port.dumpPacket(answerPacket, DirSEND) answerPacket.SendPacket(port.Index) - return dirDROP + return DirDROP } func (port *ipPort) getMACForIPv4(ip uint32) (macAddress, bool) { @@ -81,6 +81,6 @@ func (port *ipPort) sendARPRequest(ip uint32) { requestPacket.AddVLANTag(port.Vlan) } - port.dumpPacket(requestPacket, dirSEND) + port.dumpPacket(requestPacket, DirSEND) requestPacket.SendPacket(port.Index) } diff --git a/nat/config.go b/nat/config.go index 081eb71..abc7f23 100644 --- a/nat/config.go +++ b/nat/config.go @@ -31,9 +31,9 @@ const ( iPUBLIC interfaceType = 0 iPRIVATE interfaceType = 1 - dirDROP = uint(upd.TraceType_DUMP_DROP) - dirSEND = uint(upd.TraceType_DUMP_TRANSLATE) - dirKNI = uint(upd.TraceType_DUMP_KNI) + DirDROP = uint(upd.TraceType_DUMP_DROP) + DirSEND = uint(upd.TraceType_DUMP_TRANSLATE) + DirKNI = uint(upd.TraceType_DUMP_KNI) connectionTimeout time.Duration = 1 * time.Minute portReuseTimeout time.Duration = 1 * time.Second @@ -199,8 +199,8 @@ type ipPort struct { // ARP lookup table arpTable sync.Map // Debug dump stuff - fdump [dirKNI + 1]*os.File - dumpsync [dirKNI + 1]sync.Mutex + fdump [DirKNI + 1]*os.File + dumpsync [DirKNI + 1]sync.Mutex } // Config for one port pair. @@ -239,7 +239,7 @@ var ( NeedDHCP bool // Debug variables - DumpEnabled [dirKNI + 1]bool + DumpEnabled [DirKNI + 1]bool ) func (pi pairIndex) Copy() interface{} { @@ -645,13 +645,13 @@ func InitFlows() { } pubTranslationOut, err := flow.SetSplitter(publicToPrivate, PublicToPrivateTranslation, outsPub, context) flow.CheckFatal(err) - flow.CheckFatal(flow.SetStopper(pubTranslationOut[dirDROP])) + flow.CheckFatal(flow.SetStopper(pubTranslationOut[DirDROP])) // Initialize public KNI interface if requested if pp.PublicPort.KNIName != "" { pubKNI, err = flow.CreateKniDevice(pp.PublicPort.Index, pp.PublicPort.KNIName) flow.CheckFatal(err) - flow.CheckFatal(flow.SetSenderKNI(pubTranslationOut[dirKNI], pubKNI)) + flow.CheckFatal(flow.SetSenderKNI(pubTranslationOut[DirKNI], pubKNI)) fromPubKNI = flow.SetReceiverKNI(pubKNI) } @@ -663,32 +663,32 @@ func InitFlows() { } privTranslationOut, err := flow.SetSplitter(privateToPublic, PrivateToPublicTranslation, outsPriv, context) flow.CheckFatal(err) - flow.CheckFatal(flow.SetStopper(privTranslationOut[dirDROP])) + flow.CheckFatal(flow.SetStopper(privTranslationOut[DirDROP])) // Initialize private KNI interface if requested if pp.PrivatePort.KNIName != "" { privKNI, err = flow.CreateKniDevice(pp.PrivatePort.Index, pp.PrivatePort.KNIName) flow.CheckFatal(err) - flow.CheckFatal(flow.SetSenderKNI(privTranslationOut[dirKNI], privKNI)) + flow.CheckFatal(flow.SetSenderKNI(privTranslationOut[DirKNI], privKNI)) fromPrivKNI = flow.SetReceiverKNI(privKNI) } // Merge traffic coming from public KNI with translated // traffic from private side if fromPubKNI != nil { - toPub, err = flow.SetMerger(fromPubKNI, privTranslationOut[dirSEND]) + toPub, err = flow.SetMerger(fromPubKNI, privTranslationOut[DirSEND]) flow.CheckFatal(err) } else { - toPub = privTranslationOut[dirSEND] + toPub = privTranslationOut[DirSEND] } // Merge traffic coming from private KNI with translated // traffic from public side if fromPrivKNI != nil { - toPriv, err = flow.SetMerger(fromPrivKNI, pubTranslationOut[dirSEND]) + toPriv, err = flow.SetMerger(fromPrivKNI, pubTranslationOut[DirSEND]) flow.CheckFatal(err) } else { - toPriv = pubTranslationOut[dirSEND] + toPriv = pubTranslationOut[DirSEND] } // Set senders to output packets diff --git a/nat/dhcp.go b/nat/dhcp.go index 373e632..26184c8 100644 --- a/nat/dhcp.go +++ b/nat/dhcp.go @@ -177,7 +177,7 @@ func (port *ipPort) composeAndSendDHCPPacket(packetType layers.DHCPMsgType, opti } setIPv4UDPChecksum(pkt, !NoCalculateChecksum, !NoHWTXChecksum) - port.dumpPacket(pkt, dirSEND) + port.dumpPacket(pkt, DirSEND) pkt.SendPacket(port.Index) port.Subnet.ds.lastDHCPPacketTypeSent = packetType diff --git a/nat/dhcp6.go b/nat/dhcp6.go index 335b2e6..f041ff2 100644 --- a/nat/dhcp6.go +++ b/nat/dhcp6.go @@ -116,7 +116,7 @@ func (port *ipPort) composeAndSendDHCPv6Packet(packetType layers.DHCPv6MsgType, } setIPv6UDPChecksum(pkt, !NoCalculateChecksum, !NoHWTXChecksum) - port.dumpPacket(pkt, dirSEND) + port.dumpPacket(pkt, DirSEND) pkt.SendPacket(port.Index) port.Subnet6.ds.lastDHCPv6PacketTypeSent = packetType diff --git a/nat/icmp.go b/nat/icmp.go index b188e31..94684f0 100644 --- a/nat/icmp.go +++ b/nat/icmp.go @@ -42,7 +42,7 @@ func (port *ipPort) handleICMP(protocol uint8, pkt *packet.Packet, key interface // returns DROP or KNI, otherwise continue to process it. if packetSentToMulticast || (packetSentToUs && ipv6) { dir := port.handleIPv6NeighborDiscovery(pkt) - if dir != dirSEND { + if dir != DirSEND { return dir } } @@ -58,7 +58,7 @@ func (port *ipPort) handleICMP(protocol uint8, pkt *packet.Packet, key interface if key != nil { _, ok := port.translationTable[protocol].Load(key) if !ok || time.Since(port.getPortmap(ipv6, protocol)[packet.SwapBytesUint16(icmp.Identifier)].lastused) > connectionTimeout { - return dirKNI + return DirKNI } } } @@ -68,7 +68,7 @@ func (port *ipPort) handleICMP(protocol uint8, pkt *packet.Packet, key interface // normal way. Maybe these are packets which should be passed // through translation. if !packetSentToUs || icmp.Type != requestCode || icmp.Code != 0 { - return dirSEND + return DirSEND } // Return a packet back to sender @@ -91,7 +91,7 @@ func (port *ipPort) handleICMP(protocol uint8, pkt *packet.Packet, key interface setIPv6ICMPChecksum(answerPacket, !NoCalculateChecksum, !NoHWTXChecksum) } - port.dumpPacket(answerPacket, dirSEND) + port.dumpPacket(answerPacket, DirSEND) answerPacket.SendPacket(port.Index) - return dirDROP + return DirDROP } diff --git a/nat/neigh.go b/nat/neigh.go index 0da19d6..f773135 100644 --- a/nat/neigh.go +++ b/nat/neigh.go @@ -14,12 +14,12 @@ func (port *ipPort) handleIPv6NeighborDiscovery(pkt *packet.Packet) uint { if icmp.Type == common.ICMPv6NeighborSolicitation { // If there is KNI interface, forward all of this here if port.KNIName != "" { - return dirKNI + return DirKNI } pkt.ParseL7(common.ICMPv6Number) msg := pkt.GetICMPv6NeighborSolicitationMessage() if msg.TargetAddr != port.Subnet6.Addr && msg.TargetAddr != port.Subnet6.llAddr { - return dirDROP + return DirDROP } option := pkt.GetICMPv6NDSourceLinkLayerAddressOption(packet.ICMPv6NeighborSolicitationMessageSize) if option != nil && option.Type == packet.ICMPv6NDSourceLinkLayerAddress { @@ -36,7 +36,7 @@ func (port *ipPort) handleIPv6NeighborDiscovery(pkt *packet.Packet) uint { } setIPv6ICMPChecksum(answerPacket, !NoCalculateChecksum, !NoHWTXChecksum) - port.dumpPacket(answerPacket, dirSEND) + port.dumpPacket(answerPacket, DirSEND) answerPacket.SendPacket(port.Index) } } else if icmp.Type == common.ICMPv6NeighborAdvertisement { @@ -48,13 +48,13 @@ func (port *ipPort) handleIPv6NeighborDiscovery(pkt *packet.Packet) uint { } if port.KNIName != "" { - return dirKNI + return DirKNI } } else { - return dirSEND + return DirSEND } - return dirDROP + return DirDROP } func (port *ipPort) getMACForIPv6(ip [common.IPv6AddrLen]uint8) (macAddress, bool) { @@ -80,6 +80,6 @@ func (port *ipPort) sendNDNeighborSolicitationRequest(ip [common.IPv6AddrLen]uin } setIPv6ICMPChecksum(requestPacket, !NoCalculateChecksum, !NoHWTXChecksum) - port.dumpPacket(requestPacket, dirSEND) + port.dumpPacket(requestPacket, DirSEND) requestPacket.SendPacket(port.Index) } diff --git a/nat/translation.go b/nat/translation.go index b425c88..791404e 100644 --- a/nat/translation.go +++ b/nat/translation.go @@ -70,7 +70,7 @@ func PublicToPrivateTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { pp := &Natconfig.PortPairs[pi.index] port := &pp.PublicPort - port.dumpPacket(pkt, dirSEND) + port.dumpPacket(pkt, DirSEND) // Parse packet type and address dir, pktVLAN, pktIPv4, pktIPv6 := port.parsePacketAndCheckARP(pkt) @@ -81,8 +81,8 @@ func PublicToPrivateTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { protocol, pktTCP, pktUDP, pktICMP, _, DstPort := ParseAllKnownL4(pkt, pktIPv4, pktIPv6) if protocol == 0 { // Only TCP, UDP and ICMP are supported now, all other protocols are ignored - port.dumpPacket(pkt, dirDROP) - return dirDROP + port.dumpPacket(pkt, DirDROP) + return DirDROP } portNumber := DstPort // Create a lookup key from packet destination address and port @@ -90,7 +90,7 @@ func PublicToPrivateTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { // Check for ICMP traffic first if pktICMP != nil { dir := port.handleICMP(protocol, pkt, pub2priKey) - if dir != dirSEND { + if dir != DirSEND { port.dumpPacket(pkt, dir) return dir } @@ -105,8 +105,8 @@ func PublicToPrivateTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { handled = port.handleDHCP(pkt) } if handled { - port.dumpPacket(pkt, dirDROP) - return dirDROP + port.dumpPacket(pkt, DirDROP) + return DirDROP } } @@ -132,9 +132,9 @@ func PublicToPrivateTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { // interface. If KNI is present and its IP address is known, // traffic is directed there. if kniPresent && addressAcquired { - dir = dirKNI + dir = DirKNI } else { - dir = dirDROP + dir = DirDROP } port.dumpPacket(pkt, dir) return dir @@ -151,8 +151,8 @@ func PublicToPrivateTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { pp.mutex.Lock() pp.deleteOldConnection(pktIPv6 != nil, protocol, int(portNumber)) pp.mutex.Unlock() - port.dumpPacket(pkt, dirDROP) - return dirDROP + port.dumpPacket(pkt, DirDROP) + return DirDROP } if !zeroAddr { @@ -170,8 +170,8 @@ func PublicToPrivateTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { mac, found = port.opposite.getMACForIPv4(v4addr) } if !found { - port.dumpPacket(pkt, dirDROP) - return dirDROP + port.dumpPacket(pkt, DirDROP) + return DirDROP } // Do packet translation @@ -187,11 +187,11 @@ func PublicToPrivateTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { } setPacketDstPort(pkt, ipv6, newPort, pktTCP, pktUDP, pktICMP) - port.dumpPacket(pkt, dirSEND) - return dirSEND + port.opposite.dumpPacket(pkt, DirSEND) + return DirSEND } else { - port.dumpPacket(pkt, dirKNI) - return dirKNI + port.dumpPacket(pkt, DirKNI) + return DirKNI } } @@ -201,7 +201,7 @@ func PrivateToPublicTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { pp := &Natconfig.PortPairs[pi.index] port := &pp.PrivatePort - port.dumpPacket(pkt, dirSEND) + port.dumpPacket(pkt, DirSEND) // Parse packet type and address dir, pktVLAN, pktIPv4, pktIPv6 := port.parsePacketAndCheckARP(pkt) @@ -212,8 +212,8 @@ func PrivateToPublicTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { protocol, pktTCP, pktUDP, pktICMP, SrcPort, _ := ParseAllKnownL4(pkt, pktIPv4, pktIPv6) if protocol == 0 { // Only TCP, UDP and ICMP are supported now, all other protocols are ignored - port.dumpPacket(pkt, dirDROP) - return dirDROP + port.dumpPacket(pkt, DirDROP) + return DirDROP } portNumber := SrcPort // Create a lookup key from packet source address and port @@ -221,7 +221,7 @@ func PrivateToPublicTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { // Check for ICMP traffic first if pktICMP != nil { dir := port.handleICMP(protocol, pkt, pri2pubKey) - if dir != dirSEND { + if dir != DirSEND { port.dumpPacket(pkt, dir) return dir } @@ -236,8 +236,8 @@ func PrivateToPublicTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { handled = port.handleDHCP(pkt) } if handled { - port.dumpPacket(pkt, dirDROP) - return dirDROP + port.dumpPacket(pkt, DirDROP) + return DirDROP } } @@ -258,8 +258,8 @@ func PrivateToPublicTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { // If traffic is directed at private interface IP and KNI is // present, this traffic is directed to KNI if kniPresent && addressAcquired && packetSentToUs { - port.dumpPacket(pkt, dirKNI) - return dirKNI + port.dumpPacket(pkt, DirKNI) + return DirKNI } // Do lookup @@ -285,16 +285,16 @@ func PrivateToPublicTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { if !addressAcquired || !publicAddressAcquired { // No packets are allowed yet because ports address is not // known yet - port.dumpPacket(pkt, dirDROP) - return dirDROP + port.dumpPacket(pkt, DirDROP) + return DirDROP } // Allocate new connection from private to public network v4addr, v6addr, newPort, err = pp.allocateNewEgressConnection(pktIPv6 != nil, protocol, pri2pubKey) if err != nil { println("Warning! Failed to allocate new connection", err) - port.dumpPacket(pkt, dirDROP) - return dirDROP + port.dumpPacket(pkt, DirDROP) + return DirDROP } zeroAddr = false } else { @@ -317,8 +317,8 @@ func PrivateToPublicTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { mac, found = port.opposite.getMACForIPv4(packet.SwapBytesUint32(pktIPv4.DstAddr)) } if !found { - port.dumpPacket(pkt, dirDROP) - return dirDROP + port.dumpPacket(pkt, DirDROP) + return DirDROP } // Do packet translation @@ -334,11 +334,11 @@ func PrivateToPublicTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { } setPacketSrcPort(pkt, ipv6, newPort, pktTCP, pktUDP, pktICMP) - port.dumpPacket(pkt, dirSEND) - return dirSEND + port.opposite.dumpPacket(pkt, DirSEND) + return DirSEND } else { - port.dumpPacket(pkt, dirKNI) - return dirKNI + port.dumpPacket(pkt, DirKNI) + return DirKNI } } @@ -424,12 +424,12 @@ func (port *ipPort) parsePacketAndCheckARP(pkt *packet.Packet) (dir uint, vlanhd port.dumpPacket(pkt, dir) return dir, pktVLAN, nil, nil } - port.dumpPacket(pkt, dirDROP) - return dirDROP, pktVLAN, nil, nil + port.dumpPacket(pkt, DirDROP) + return DirDROP, pktVLAN, nil, nil } - return dirSEND, pktVLAN, nil, pktIPv6 + return DirSEND, pktVLAN, nil, pktIPv6 } - return dirSEND, pktVLAN, pktIPv4, nil + return DirSEND, pktVLAN, pktIPv4, nil } func getAddrFromTuple(v interface{}, ipv6 bool) (uint32, [common.IPv6AddrLen]uint8, uint16, bool) { diff --git a/nat/util.go b/nat/util.go index e26d4da..0ec388e 100644 --- a/nat/util.go +++ b/nat/util.go @@ -58,7 +58,7 @@ func swapAddrIPv6(pkt *packet.Packet) { } func (port *ipPort) startTrace(dir uint) *os.File { - dumpNameLookup := [dirKNI + 1]string{ + dumpNameLookup := [DirKNI + 1]string{ "drop", "dump", "kni", From 92a27901fe0504d1cd339955082f797073f0863e Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Wed, 13 Feb 2019 21:46:16 +0000 Subject: [PATCH 5/7] Fixed source MAC address of translated packets --- nat/translation.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nat/translation.go b/nat/translation.go index 791404e..70a3099 100644 --- a/nat/translation.go +++ b/nat/translation.go @@ -176,7 +176,7 @@ func PublicToPrivateTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { // Do packet translation pkt.Ether.DAddr = mac - pkt.Ether.SAddr = port.SrcMACAddress + pkt.Ether.SAddr = port.opposite.SrcMACAddress if pktVLAN != nil { pktVLAN.SetVLANTagIdentifier(port.opposite.Vlan) } @@ -323,7 +323,7 @@ func PrivateToPublicTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { // Do packet translation pkt.Ether.DAddr = mac - pkt.Ether.SAddr = port.SrcMACAddress + pkt.Ether.SAddr = port.opposite.SrcMACAddress if pktVLAN != nil { pktVLAN.SetVLANTagIdentifier(port.opposite.Vlan) } From 3443fdf7132a243406e880195f15423eb64c0139 Mon Sep 17 00:00:00 2001 From: Gregory Shimansky Date: Fri, 31 May 2019 12:49:09 -0700 Subject: [PATCH 6/7] Implemented static ARP mode for simple benchmarking --- config-sarp.json | 40 ++++++++++++++++++++++++++++++++++++++++ nat/arp.go | 14 +++++++++----- nat/config.go | 7 +++++++ nat/neigh.go | 14 +++++++++----- 4 files changed, 65 insertions(+), 10 deletions(-) create mode 100644 config-sarp.json diff --git a/config-sarp.json b/config-sarp.json new file mode 100644 index 0000000..9455286 --- /dev/null +++ b/config-sarp.json @@ -0,0 +1,40 @@ +{ + "port-pairs": [ + { + "private-port": { + "index": 0, + "subnet": "192.168.14.1/24", + "subnet6": "fd14::1/64", + "dst-mac": "52:54:00:5f:07:84" + }, + "public-port": { + "index": 1, + "subnet": "192.168.16.1/24", + "subnet6": "fd16::1/64", + "dst-mac": "52:54:00:7f:03:b7", + "forward-ports": [ + { + "port": 8080, + "destination": "192.168.14.2:80", + "protocol": "TCP" + }, + { + "port": 8080, + "destination": "[fd14::2]:80", + "protocol": "TCP6" + }, + { + "port": 2222, + "destination": "192.168.14.2:22", + "protocol": "TCP" + }, + { + "port": 2222, + "destination": "[fd14::2]:22", + "protocol": "TCP6" + } + ] + } + } + ] +} diff --git a/nat/arp.go b/nat/arp.go index 041cc53..349676c 100644 --- a/nat/arp.go +++ b/nat/arp.go @@ -61,12 +61,16 @@ func (port *ipPort) handleARP(pkt *packet.Packet) uint { } func (port *ipPort) getMACForIPv4(ip uint32) (macAddress, bool) { - v, found := port.arpTable.Load(ip) - if found { - return macAddress(v.([common.EtherAddrLen]byte)), true + if port.staticArpMode { + return port.DstMACAddress, true + } else { + v, found := port.arpTable.Load(ip) + if found { + return macAddress(v.([common.EtherAddrLen]byte)), true + } + port.sendARPRequest(ip) + return macAddress{}, false } - port.sendARPRequest(ip) - return macAddress{}, false } func (port *ipPort) sendARPRequest(ip uint32) { diff --git a/nat/config.go b/nat/config.go index abc7f23..0e2ef4f 100644 --- a/nat/config.go +++ b/nat/config.go @@ -187,6 +187,8 @@ type ipPort struct { Vlan uint16 `json:"vlan-tag"` KNIName string `json:"kni-name"` ForwardPorts []forwardedPort `json:"forward-ports"` + DstMACAddress macAddress `json:"dst-mac"` + staticArpMode bool SrcMACAddress macAddress Type interfaceType // Pointer to an opposite port in a pair @@ -457,6 +459,11 @@ func ReadConfig(fileName string, setKniIP, bringUpKniInterfaces bool) error { return err } } + if port.DstMACAddress != [common.EtherAddrLen]uint8{} { + port.staticArpMode = true + fmt.Printf("Activating static ARP mode for port %d, using %s MAC address\n", + port.Index, packet.MACToString(port.DstMACAddress)) + } port = &pp.PublicPort } } diff --git a/nat/neigh.go b/nat/neigh.go index f773135..e5d6ba2 100644 --- a/nat/neigh.go +++ b/nat/neigh.go @@ -58,12 +58,16 @@ func (port *ipPort) handleIPv6NeighborDiscovery(pkt *packet.Packet) uint { } func (port *ipPort) getMACForIPv6(ip [common.IPv6AddrLen]uint8) (macAddress, bool) { - v, found := port.arpTable.Load(ip) - if found { - return macAddress(v.([common.EtherAddrLen]byte)), true + if port.staticArpMode { + return port.DstMACAddress, true + } else { + v, found := port.arpTable.Load(ip) + if found { + return macAddress(v.([common.EtherAddrLen]byte)), true + } + port.sendNDNeighborSolicitationRequest(ip) + return macAddress{}, false } - port.sendNDNeighborSolicitationRequest(ip) - return macAddress{}, false } func (port *ipPort) sendNDNeighborSolicitationRequest(ip [common.IPv6AddrLen]uint8) { From cd34f75d926449420fc6c96ead6ba7a4ed7989a4 Mon Sep 17 00:00:00 2001 From: Gregory Shimansky Date: Thu, 20 Jun 2019 13:51:53 +0300 Subject: [PATCH 7/7] Upgraded NAT to NFF-Go 0.8.1 release with new types for IP addresses and unmarshal functions moved to framework --- go.mod | 17 ++++-- go.sum | 30 ++++++++++ nat/arp.go | 25 +++++---- nat/cksum.go | 54 +++++++++--------- nat/config.go | 135 ++++++++++++++++++++------------------------- nat/dhcp.go | 9 +-- nat/dhcp6.go | 5 +- nat/icmp.go | 17 +++--- nat/neigh.go | 17 +++--- nat/translation.go | 57 ++++++++++--------- nat/util.go | 46 +++++++-------- 11 files changed, 216 insertions(+), 196 deletions(-) diff --git a/go.mod b/go.mod index 01bbe8c..ca35082 100644 --- a/go.mod +++ b/go.mod @@ -7,17 +7,19 @@ require ( git.apache.org/thrift.git v0.12.0 // indirect github.com/Shopify/sarama v1.20.1 // indirect github.com/coreos/go-systemd v0.0.0-20190204112023-081494f7ee4f // indirect + github.com/docker/go-units v0.4.0 // indirect github.com/go-logfmt/logfmt v0.4.0 // indirect github.com/gogo/protobuf v1.2.0 // indirect github.com/golang/lint v0.0.0-20181217174547-8f45f776aaf1 // indirect - github.com/golang/protobuf v1.2.0 - github.com/google/gopacket v1.1.16 + github.com/golang/protobuf v1.3.1 + github.com/google/gopacket v1.1.17 github.com/google/pprof v0.0.0-20190109223431-e84dfd68c163 // indirect github.com/googleapis/gax-go v2.0.2+incompatible // indirect + github.com/gopherjs/gopherjs v0.0.0-20190430165422-3e4dfb77656c // indirect github.com/gorilla/mux v1.7.0 // indirect github.com/gregjones/httpcache v0.0.0-20190203031600-7a902570cb17 // indirect github.com/grpc-ecosystem/grpc-gateway v1.7.0 // indirect - github.com/intel-go/nff-go v0.7.4 + github.com/intel-go/nff-go v0.8.1 github.com/microcosm-cc/bluemonday v1.0.2 // indirect github.com/nsf/gocode v0.0.0-20181120081338-6cac7c69a41e // indirect github.com/openzipkin/zipkin-go v0.1.5 // indirect @@ -40,16 +42,21 @@ require ( github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect github.com/shurcooL/webdavfs v0.0.0-20181215192745-5988b2d638f6 // indirect github.com/sirupsen/logrus v1.3.0 // indirect + github.com/smartystreets/assertions v1.0.0 // indirect + github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a // indirect github.com/stretchr/testify v1.3.0 // indirect github.com/vishvananda/netlink v1.0.0 go.opencensus.io v0.19.0 // indirect go4.org v0.0.0-20181109185143-00e24f1b2599 // indirect golang.org/x/build v0.0.0-20190205194203-d0914bad8ebc // indirect - golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613 // indirect + golang.org/x/crypto v0.0.0-20190618222545-ea8f1a30c443 // indirect golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2 // indirect - golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3 + golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b golang.org/x/oauth2 v0.0.0-20190130055435-99b60b757ec1 // indirect golang.org/x/perf v0.0.0-20190124201629-844a5f5b46f4 // indirect + golang.org/x/sys v0.0.0-20190620070143-6f217b454f45 // indirect + golang.org/x/text v0.3.2 // indirect + golang.org/x/tools v0.0.0-20190619215442-4adf7a708c2d // indirect google.golang.org/genproto v0.0.0-20190201180003-4b09977fb922 // indirect google.golang.org/grpc v1.18.0 honnef.co/go/tools v0.0.0-20190128043916-71123fcbb8fe // indirect diff --git a/go.sum b/go.sum index 3729e80..e7a7fd4 100644 --- a/go.sum +++ b/go.sum @@ -33,6 +33,7 @@ github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4Kfc github.com/docker/docker v1.13.1/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= +github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= @@ -57,6 +58,8 @@ github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfb github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1 h1:YF8+flBXS5eO826T4nzqPrxfhQThhXl0YzfuUPu4SBg= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -69,6 +72,8 @@ github.com/google/gopacket v1.1.16-0.20181023151400-a35e09f9f224 h1:78xLKlzgK/iE github.com/google/gopacket v1.1.16-0.20181023151400-a35e09f9f224/go.mod h1:UCLx9mCmAwsVbn6qQl1WIEt2SO7Nd2fD0th1TBAsqBw= github.com/google/gopacket v1.1.16 h1:u6Afvia5C5srlLcbTwpHaFW918asLYPxieziOaWwz8M= github.com/google/gopacket v1.1.16/go.mod h1:UCLx9mCmAwsVbn6qQl1WIEt2SO7Nd2fD0th1TBAsqBw= +github.com/google/gopacket v1.1.17 h1:rMrlX2ZY2UbvT+sdz3+6J+pp2z+msCq9MxTU6ymxbBY= +github.com/google/gopacket v1.1.17/go.mod h1:UdDNZ1OO62aGYVnPhxT1U6aI7ukYtA/kB8vaU0diBUM= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190109223431-e84dfd68c163/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= @@ -78,6 +83,7 @@ github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE0 github.com/gopherjs/gopherjs v0.0.0-20180825215210-0210a2f0f73c/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= +github.com/gopherjs/gopherjs v0.0.0-20190430165422-3e4dfb77656c/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= @@ -111,8 +117,13 @@ github.com/intel-go/nff-go v0.7.3 h1:F7w0h/TFB1CNidaddc2eQkoTfWExSJumk7KUiwof3tI github.com/intel-go/nff-go v0.7.3/go.mod h1:8PImGKzPwodWn6+9+UcNqIEf7xEwm8ZUh+P6KA7Plho= github.com/intel-go/nff-go v0.7.4 h1:7Th8d5qUqIpwVo+bIjSJrXFe3Y/3TXXSXcctwE2zT2Q= github.com/intel-go/nff-go v0.7.4/go.mod h1:FPGkLOg1wDk0nq83LJPGAz9ErGhDtLhyyygR/K2j9q8= +github.com/intel-go/nff-go v0.8.0 h1:CBhPO/+2MJzCxl+sAXWAYGG5lRaq1zlfHPdnwhLQTEE= +github.com/intel-go/nff-go v0.8.0/go.mod h1:FPGkLOg1wDk0nq83LJPGAz9ErGhDtLhyyygR/K2j9q8= +github.com/intel-go/nff-go v0.8.1 h1:p8Wug4ejZBsn1GUE4AaBJhmhfWJU6qgkTlWZ5RbRH4s= +github.com/intel-go/nff-go v0.8.1/go.mod h1:FPGkLOg1wDk0nq83LJPGAz9ErGhDtLhyyygR/K2j9q8= github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU= github.com/jtolds/gls v4.2.1+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= +github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -202,8 +213,10 @@ github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx github.com/smartystreets/assertions v0.0.0-20180820201707-7c9eb446e3cf/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= +github.com/smartystreets/assertions v1.0.0/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM= github.com/smartystreets/goconvey v0.0.0-20180222194500-ef6db91d284a/go.mod h1:XDJAKZRPZ1CvBcN2aX5YOUTYGHki24fSF0Iv48Ibg0s= github.com/smartystreets/goconvey v0.0.0-20181108003508-044398e4856c/go.mod h1:XDJAKZRPZ1CvBcN2aX5YOUTYGHki24fSF0Iv48Ibg0s= +github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE= github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -226,6 +239,8 @@ golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190130090550-b01c7a725664/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190618222545-ea8f1a30c443/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -248,6 +263,10 @@ golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3 h1:ulvT7fqt0yHWzpJwI57MezWnYDVpCAYBVuYst/L+fAY= golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b h1:lkjdUzSyJ5P1+eal9fxXX9Xg2BTfswsonKUse48C0uE= +golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181120190819-8f65e3013eba/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -259,6 +278,7 @@ golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6Zh golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522 h1:Ve1ORMCxvRmSXBwJK+t3Oy+V2vRW2OetUQBq4rJIkZE= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -278,13 +298,21 @@ golang.org/x/sys v0.0.0-20190130150945-aca44879d564 h1:o6ENHFwwr1TZ9CUPQcfo1HGvL golang.org/x/sys v0.0.0-20190130150945-aca44879d564/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190204203706-41f3e6584952 h1:FDfvYgoVsA7TTZSbgiqjAbfPbK47CNHdWl3h/PJtii0= golang.org/x/sys v0.0.0-20190204203706-41f3e6584952/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190405154228-4b34438f7a67/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190620070143-6f217b454f45 h1:Dl2hc890lrizvUppGbRWhnIh2f8jOTCQpY5IKWRS0oM= +golang.org/x/sys v0.0.0-20190620070143-6f217b454f45/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2 h1:z99zHgr7hKfrUcX/KsoJk5FJfjTceCKIp96+biqP4To= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181002223833-cd09f19c2f7e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030000716-a0a13e073c7b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181115162256-f62bfb541538/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -297,6 +325,8 @@ golang.org/x/tools v0.0.0-20181219222714-6e267b5cc78e/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20190130015043-a06a922acc1b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190130190128-9bdeaddf5f7f/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190205201329-379209517ffe/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190619215442-4adf7a708c2d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= google.golang.org/api v0.0.0-20180910000450-7ca32eb868bf/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.0.0-20181030000543-1d582fd0359e/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.0.0-20181220000619-583d854617af/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= diff --git a/nat/arp.go b/nat/arp.go index 349676c..3eb01e1 100644 --- a/nat/arp.go +++ b/nat/arp.go @@ -7,6 +7,7 @@ package nat import ( "github.com/intel-go/nff-go/common" "github.com/intel-go/nff-go/packet" + "github.com/intel-go/nff-go/types" ) func (port *ipPort) handleARP(pkt *packet.Packet) uint { @@ -14,7 +15,7 @@ func (port *ipPort) handleARP(pkt *packet.Packet) uint { if packet.SwapBytesUint16(arp.Operation) != packet.ARPRequest { if packet.SwapBytesUint16(arp.Operation) == packet.ARPReply { - ipv4 := packet.SwapBytesUint32(packet.ArrayToIPv4(arp.SPA)) + ipv4 := packet.SwapBytesIPv4Addr(types.ArrayToIPv4(arp.SPA)) port.arpTable.Store(ipv4, arp.SHA) } if port.KNIName != "" { @@ -30,14 +31,14 @@ func (port *ipPort) handleARP(pkt *packet.Packet) uint { // Check that someone is asking about MAC of my IP address and HW // address is blank in request - if packet.BytesToIPv4(arp.TPA[0], arp.TPA[1], arp.TPA[2], arp.TPA[3]) != packet.SwapBytesUint32(port.Subnet.Addr) { - println("Warning! Got an ARP packet with target IPv4 address", StringIPv4Array(arp.TPA), - "different from IPv4 address on interface. Should be", StringIPv4Int(port.Subnet.Addr), + if types.BytesToIPv4(arp.TPA[0], arp.TPA[1], arp.TPA[2], arp.TPA[3]) != packet.SwapBytesIPv4Addr(port.Subnet.Addr) { + println("Warning! Got an ARP packet with target IPv4 address", types.IPv4ArrayToString(arp.TPA), + "different from IPv4 address on interface. Should be", port.Subnet.Addr.String(), ". ARP request ignored.") return DirDROP } - if arp.THA != [common.EtherAddrLen]byte{} { - println("Warning! Got an ARP packet with non-zero MAC address", StringMAC(arp.THA), + if arp.THA != (types.MACAddress{}) { + println("Warning! Got an ARP packet with non-zero MAC address", arp.THA.String(), ". ARP request ignored.") return DirDROP } @@ -48,7 +49,7 @@ func (port *ipPort) handleARP(pkt *packet.Packet) uint { common.LogFatal(common.Debug, err) } - packet.InitARPReplyPacket(answerPacket, port.SrcMACAddress, arp.SHA, packet.ArrayToIPv4(arp.TPA), packet.ArrayToIPv4(arp.SPA)) + packet.InitARPReplyPacket(answerPacket, port.SrcMACAddress, arp.SHA, types.ArrayToIPv4(arp.TPA), types.ArrayToIPv4(arp.SPA)) vlan := pkt.GetVLAN() if vlan != nil { answerPacket.AddVLANTag(packet.SwapBytesUint16(vlan.TCI)) @@ -60,27 +61,27 @@ func (port *ipPort) handleARP(pkt *packet.Packet) uint { return DirDROP } -func (port *ipPort) getMACForIPv4(ip uint32) (macAddress, bool) { +func (port *ipPort) getMACForIPv4(ip types.IPv4Address) (types.MACAddress, bool) { if port.staticArpMode { return port.DstMACAddress, true } else { v, found := port.arpTable.Load(ip) if found { - return macAddress(v.([common.EtherAddrLen]byte)), true + return v.(types.MACAddress), true } port.sendARPRequest(ip) - return macAddress{}, false + return types.MACAddress{}, false } } -func (port *ipPort) sendARPRequest(ip uint32) { +func (port *ipPort) sendARPRequest(ip types.IPv4Address) { requestPacket, err := packet.NewPacket() if err != nil { common.LogFatal(common.Debug, err) } packet.InitARPRequestPacket(requestPacket, port.SrcMACAddress, - packet.SwapBytesUint32(port.Subnet.Addr), packet.SwapBytesUint32(ip)) + packet.SwapBytesIPv4Addr(port.Subnet.Addr), packet.SwapBytesIPv4Addr(ip)) if port.Vlan != 0 { requestPacket.AddVLANTag(port.Vlan) } diff --git a/nat/cksum.go b/nat/cksum.go index b712d46..b359f0a 100644 --- a/nat/cksum.go +++ b/nat/cksum.go @@ -5,8 +5,8 @@ package nat import ( - "github.com/intel-go/nff-go/common" "github.com/intel-go/nff-go/packet" + "github.com/intel-go/nff-go/types" "unsafe" ) @@ -17,15 +17,15 @@ func setIPv4UDPChecksum(pkt *packet.Packet, calculateChecksum, hWTXChecksum bool if hWTXChecksum { l3.HdrChecksum = 0 l4.DgramCksum = packet.SwapBytesUint16(packet.CalculatePseudoHdrIPv4UDPCksum(l3, l4)) - l2len := uint32(common.EtherLen) - if pkt.Ether.EtherType == common.SwapVLANNumber { - l2len += common.VLANLen + l2len := uint32(types.EtherLen) + if pkt.Ether.EtherType == types.SwapVLANNumber { + l2len += types.VLANLen } - pkt.SetTXIPv4UDPOLFlags(l2len, common.IPv4MinLen) + pkt.SetTXIPv4UDPOLFlags(l2len, types.IPv4MinLen) } else { l3.HdrChecksum = packet.SwapBytesUint16(packet.CalculateIPv4Checksum(l3)) l4.DgramCksum = packet.SwapBytesUint16(packet.CalculateIPv4UDPChecksum(l3, l4, - unsafe.Pointer(uintptr(unsafe.Pointer(l4))+uintptr(common.UDPLen)))) + unsafe.Pointer(uintptr(unsafe.Pointer(l4))+uintptr(types.UDPLen)))) } } } @@ -37,15 +37,15 @@ func setIPv4TCPChecksum(pkt *packet.Packet, calculateChecksum, hWTXChecksum bool if hWTXChecksum { l3.HdrChecksum = 0 l4.Cksum = packet.SwapBytesUint16(packet.CalculatePseudoHdrIPv4TCPCksum(l3)) - l2len := uint32(common.EtherLen) - if pkt.Ether.EtherType == common.SwapVLANNumber { - l2len += common.VLANLen + l2len := uint32(types.EtherLen) + if pkt.Ether.EtherType == types.SwapVLANNumber { + l2len += types.VLANLen } - pkt.SetTXIPv4TCPOLFlags(l2len, common.IPv4MinLen) + pkt.SetTXIPv4TCPOLFlags(l2len, types.IPv4MinLen) } else { l3.HdrChecksum = packet.SwapBytesUint16(packet.CalculateIPv4Checksum(l3)) l4.Cksum = packet.SwapBytesUint16(packet.CalculateIPv4TCPChecksum(l3, l4, - unsafe.Pointer(uintptr(unsafe.Pointer(l4))+common.TCPMinLen))) + unsafe.Pointer(uintptr(unsafe.Pointer(l4))+types.TCPMinLen))) } } } @@ -55,17 +55,17 @@ func setIPv4ICMPChecksum(pkt *packet.Packet, calculateChecksum, hWTXChecksum boo l3 := pkt.GetIPv4NoCheck() if hWTXChecksum { l3.HdrChecksum = 0 - l2len := uint32(common.EtherLen) - if pkt.Ether.EtherType == common.SwapVLANNumber { - l2len += common.VLANLen + l2len := uint32(types.EtherLen) + if pkt.Ether.EtherType == types.SwapVLANNumber { + l2len += types.VLANLen } - pkt.SetTXIPv4OLFlags(l2len, common.IPv4MinLen) + pkt.SetTXIPv4OLFlags(l2len, types.IPv4MinLen) } else { l3.HdrChecksum = packet.SwapBytesUint16(packet.CalculateIPv4Checksum(l3)) } l4 := pkt.GetICMPNoCheck() l4.Cksum = packet.SwapBytesUint16(packet.CalculateIPv4ICMPChecksum(l3, l4, - unsafe.Pointer(uintptr(unsafe.Pointer(l4))+common.ICMPLen))) + unsafe.Pointer(uintptr(unsafe.Pointer(l4))+types.ICMPLen))) } } @@ -75,14 +75,14 @@ func setIPv6UDPChecksum(pkt *packet.Packet, calculateChecksum, hWTXChecksum bool l4 := pkt.GetUDPNoCheck() if hWTXChecksum { l4.DgramCksum = packet.SwapBytesUint16(packet.CalculatePseudoHdrIPv6UDPCksum(l3, l4)) - l2len := uint32(common.EtherLen) - if pkt.Ether.EtherType == common.SwapVLANNumber { - l2len += common.VLANLen + l2len := uint32(types.EtherLen) + if pkt.Ether.EtherType == types.SwapVLANNumber { + l2len += types.VLANLen } - pkt.SetTXIPv6UDPOLFlags(l2len, common.IPv6Len) + pkt.SetTXIPv6UDPOLFlags(l2len, types.IPv6Len) } else { l4.DgramCksum = packet.SwapBytesUint16(packet.CalculateIPv6UDPChecksum(l3, l4, - unsafe.Pointer(uintptr(unsafe.Pointer(l4))+uintptr(common.UDPLen)))) + unsafe.Pointer(uintptr(unsafe.Pointer(l4))+uintptr(types.UDPLen)))) } } } @@ -93,14 +93,14 @@ func setIPv6TCPChecksum(pkt *packet.Packet, calculateChecksum, hWTXChecksum bool l4 := pkt.GetTCPNoCheck() if hWTXChecksum { l4.Cksum = packet.SwapBytesUint16(packet.CalculatePseudoHdrIPv6TCPCksum(l3)) - l2len := uint32(common.EtherLen) - if pkt.Ether.EtherType == common.SwapVLANNumber { - l2len += common.VLANLen + l2len := uint32(types.EtherLen) + if pkt.Ether.EtherType == types.SwapVLANNumber { + l2len += types.VLANLen } - pkt.SetTXIPv6TCPOLFlags(l2len, common.IPv6Len) + pkt.SetTXIPv6TCPOLFlags(l2len, types.IPv6Len) } else { l4.Cksum = packet.SwapBytesUint16(packet.CalculateIPv6TCPChecksum(l3, l4, - unsafe.Pointer(uintptr(unsafe.Pointer(l4))+common.TCPMinLen))) + unsafe.Pointer(uintptr(unsafe.Pointer(l4))+types.TCPMinLen))) } } } @@ -111,6 +111,6 @@ func setIPv6ICMPChecksum(pkt *packet.Packet, calculateChecksum, hWTXChecksum boo l4 := pkt.GetICMPNoCheck() l4.Cksum = packet.SwapBytesUint16(packet.CalculateIPv6ICMPChecksum(l3, l4, - unsafe.Pointer(uintptr(unsafe.Pointer(l4))+common.ICMPLen))) + unsafe.Pointer(uintptr(unsafe.Pointer(l4))+types.ICMPLen))) } } diff --git a/nat/config.go b/nat/config.go index 0e2ef4f..3cc5d02 100644 --- a/nat/config.go +++ b/nat/config.go @@ -14,9 +14,9 @@ import ( "sync" "time" - "github.com/intel-go/nff-go/common" "github.com/intel-go/nff-go/flow" "github.com/intel-go/nff-go/packet" + "github.com/intel-go/nff-go/types" upd "github.com/intel-go/nff-go-nat/updatecfg" ) @@ -40,13 +40,13 @@ const ( ) var ( - zeroIPv6Addr = [common.IPv6AddrLen]uint8{} + zeroIPv6Addr = types.IPv6Address{} portReuseSetLastusedTime = time.Duration(portReuseTimeout - connectionTimeout) ) type hostPort struct { - Addr4 uint32 - Addr6 [common.IPv6AddrLen]uint8 + Addr4 types.IPv4Address + Addr6 types.IPv6Address Port uint16 ipv6 bool } @@ -64,19 +64,19 @@ type forwardedPort struct { var protocolIdLookup map[string]protocolId = map[string]protocolId{ "TCP": protocolId{ - id: common.TCPNumber, + id: types.TCPNumber, ipv6: false, }, "UDP": protocolId{ - id: common.UDPNumber, + id: types.UDPNumber, ipv6: false, }, "TCP6": protocolId{ - id: common.TCPNumber, + id: types.TCPNumber, ipv6: true, }, "UDP6": protocolId{ - id: common.UDPNumber, + id: types.UDPNumber, ipv6: true, }, } @@ -97,8 +97,8 @@ func (out *protocolId) UnmarshalJSON(b []byte) error { } type ipv4Subnet struct { - Addr uint32 - Mask uint32 + Addr types.IPv4Address + Mask types.IPv4Address addressAcquired bool kniAddressSet bool ds dhcpState @@ -107,15 +107,15 @@ type ipv4Subnet struct { func (fp *forwardedPort) String() string { return fmt.Sprintf("Port:%d, Destination IPv4: %v, Destination IPv6: %v, Protocol: %d", fp.Port, - packet.IPv4ToString(fp.Destination.Addr4), - packet.IPv6ToString(fp.Destination.Addr6), + fp.Destination.Addr4.String(), + fp.Destination.Addr6.String(), fp.Protocol) } func (subnet *ipv4Subnet) String() string { if subnet.addressAcquired { // Count most significant set bits - mask := uint32(1) << 31 + mask := types.IPv4Address(1) << 31 i := 0 for ; i <= 32; i++ { if subnet.Mask&mask == 0 { @@ -123,21 +123,21 @@ func (subnet *ipv4Subnet) String() string { } mask >>= 1 } - return packet.IPv4ToString(packet.SwapBytesUint32(subnet.Addr)) + "/" + strconv.Itoa(i) + return subnet.Addr.String() + "/" + strconv.Itoa(i) } return "DHCP address not acquired" } -func (subnet *ipv4Subnet) checkAddrWithingSubnet(addr uint32) bool { +func (subnet *ipv4Subnet) checkAddrWithingSubnet(addr types.IPv4Address) bool { return addr&subnet.Mask == subnet.Addr&subnet.Mask } type ipv6Subnet struct { - Addr [common.IPv6AddrLen]uint8 - multicastAddr [common.IPv6AddrLen]uint8 - Mask [common.IPv6AddrLen]uint8 - llAddr [common.IPv6AddrLen]uint8 - llMulticastAddr [common.IPv6AddrLen]uint8 + Addr types.IPv6Address + multicastAddr types.IPv6Address + Mask types.IPv6Address + llAddr types.IPv6Address + llMulticastAddr types.IPv6Address addressAcquired bool kniAddressSet bool ds dhcpv6State @@ -153,25 +153,23 @@ func (subnet *ipv6Subnet) String() string { break } } - return packet.IPv6ToString(subnet.Addr) + "/" + strconv.Itoa(i) + return subnet.Addr.String() + "/" + strconv.Itoa(i) } return "DHCP address not acquired" } -func (subnet *ipv6Subnet) andMask(addr [common.IPv6AddrLen]uint8) [common.IPv6AddrLen]uint8 { - var result [common.IPv6AddrLen]uint8 +func (subnet *ipv6Subnet) andMask(addr types.IPv6Address) types.IPv6Address { + var result types.IPv6Address for i := range addr { result[i] = addr[i] & subnet.Mask[i] } return result } -func (subnet *ipv6Subnet) checkAddrWithingSubnet(addr [common.IPv6AddrLen]uint8) bool { +func (subnet *ipv6Subnet) checkAddrWithingSubnet(addr types.IPv6Address) bool { return subnet.andMask(addr) == subnet.andMask(subnet.Addr) } -type macAddress [common.EtherAddrLen]uint8 - type portMapEntry struct { lastused time.Time finCount uint8 @@ -181,15 +179,15 @@ type portMapEntry struct { // Type describing a network port type ipPort struct { - Index uint16 `json:"index"` - Subnet ipv4Subnet `json:"subnet"` - Subnet6 ipv6Subnet `json:"subnet6"` - Vlan uint16 `json:"vlan-tag"` - KNIName string `json:"kni-name"` - ForwardPorts []forwardedPort `json:"forward-ports"` - DstMACAddress macAddress `json:"dst-mac"` + Index uint16 `json:"index"` + Subnet ipv4Subnet `json:"subnet"` + Subnet6 ipv6Subnet `json:"subnet6"` + Vlan uint16 `json:"vlan-tag"` + KNIName string `json:"kni-name"` + ForwardPorts []forwardedPort `json:"forward-ports"` + DstMACAddress types.MACAddress `json:"dst-mac"` staticArpMode bool - SrcMACAddress macAddress + SrcMACAddress types.MACAddress Type interfaceType // Pointer to an opposite port in a pair opposite *ipPort @@ -253,15 +251,14 @@ func (pi pairIndex) Copy() interface{} { func (pi pairIndex) Delete() { } -func convertIPv4(in []byte) (uint32, error) { +// Returns IPv4 address in little endian format. Needs swap before +// assigning to IPv4 header fields. +func convertIPv4(in []byte) (types.IPv4Address, error) { if in == nil || len(in) > 4 { return 0, fmt.Errorf("Only IPv4 addresses are supported now while your address has %d bytes", len(in)) } - addr := (uint32(in[0]) << 24) | (uint32(in[1]) << 16) | - (uint32(in[2]) << 8) | uint32(in[3]) - - return addr, nil + return types.BytesToIPv4(in[3], in[2], in[1], in[0]), nil } // UnmarshalJSON parses ipv 4 subnet details. @@ -272,8 +269,8 @@ func (out *ipv4Subnet) UnmarshalJSON(b []byte) error { } if s == "dhcp" { - out.Addr = uint32(0) - out.Mask = uint32(0) + out.Addr = types.IPv4Address(0) + out.Mask = types.IPv4Address(0) out.addressAcquired = false return nil } @@ -309,8 +306,8 @@ func (out *ipv6Subnet) UnmarshalJSON(b []byte) error { } if s == "dhcp" { - out.Addr = [common.IPv6AddrLen]uint8{} - out.Mask = [common.IPv6AddrLen]uint8{} + out.Addr = types.IPv6Address{} + out.Mask = types.IPv6Address{} out.addressAcquired = false return nil } @@ -330,7 +327,7 @@ func (out *ipv6Subnet) UnmarshalJSON(b []byte) error { return fmt.Errorf("Bad IPv6 address: %s", s) } copy(out.Addr[:], ip.To16()) - out.Mask = [common.IPv6AddrLen]uint8{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff} + out.Mask = types.IPv6Address{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff} out.addressAcquired = true return nil } @@ -377,22 +374,6 @@ func (out *hostPort) UnmarshalJSON(b []byte) error { return nil } -// UnmarshalJSON parses MAC address. -func (out *macAddress) UnmarshalJSON(b []byte) error { - var s string - if err := json.Unmarshal(b, &s); err != nil { - return err - } - - hw, err := net.ParseMAC(s) - if err != nil { - return err - } - - copy(out[:], hw) - return nil -} - // ReadConfig function reads and parses config file func ReadConfig(fileName string, setKniIP, bringUpKniInterfaces bool) error { file, err := os.Open(fileName) @@ -459,10 +440,10 @@ func ReadConfig(fileName string, setKniIP, bringUpKniInterfaces bool) error { return err } } - if port.DstMACAddress != [common.EtherAddrLen]uint8{} { + if port.DstMACAddress != (types.MACAddress{}) { port.staticArpMode = true fmt.Printf("Activating static ARP mode for port %d, using %s MAC address\n", - port.Index, packet.MACToString(port.DstMACAddress)) + port.Index, port.DstMACAddress.String()) } port = &pp.PublicPort } @@ -503,14 +484,14 @@ func (port *ipPort) checkPortForwarding(fp *forwardedPort) error { if fp.Destination.ipv6 { if !port.opposite.Subnet6.checkAddrWithingSubnet(fp.Destination.Addr6) { return errors.New("Destination address " + - packet.IPv6ToString(fp.Destination.Addr6) + + fp.Destination.Addr6.String() + " should be within subnet " + port.opposite.Subnet6.String()) } } else { if !port.opposite.Subnet.checkAddrWithingSubnet(fp.Destination.Addr4) { return errors.New("Destination address " + - packet.IPv4ToString(fp.Destination.Addr4) + + fp.Destination.Addr4.String() + " should be within subnet " + port.opposite.Subnet.String()) } @@ -531,24 +512,24 @@ func (pp *portPair) initLocalMACs() { func (port *ipPort) initIPv6LLAddresses() { packet.CalculateIPv6LinkLocalAddrForMAC(&port.Subnet6.llAddr, port.SrcMACAddress) - println("Configured link local address", packet.IPv6ToString(port.Subnet6.llAddr), "for port", port.Index) + println("Configured link local address", port.Subnet6.llAddr.String(), "for port", port.Index) packet.CalculateIPv6MulticastAddrForDstIP(&port.Subnet6.llMulticastAddr, port.Subnet6.llAddr) - println("Configured link local multicast address", packet.IPv6ToString(port.Subnet6.llMulticastAddr), "for port", port.Index) + println("Configured link local multicast address", port.Subnet6.llMulticastAddr.String(), "for port", port.Index) if port.Subnet6.Addr != zeroIPv6Addr { packet.CalculateIPv6MulticastAddrForDstIP(&port.Subnet6.multicastAddr, port.Subnet6.Addr) - println("Configured multicast address", packet.IPv6ToString(port.Subnet6.multicastAddr), "for port", port.Index) + println("Configured multicast address", port.Subnet6.multicastAddr.String(), "for port", port.Index) } } func (port *ipPort) allocatePublicPortPortMap() { port.portmap = make([][]portMapEntry, 256) - port.portmap[common.ICMPNumber] = make([]portMapEntry, portEnd) - port.portmap[common.TCPNumber] = make([]portMapEntry, portEnd) - port.portmap[common.UDPNumber] = make([]portMapEntry, portEnd) + port.portmap[types.ICMPNumber] = make([]portMapEntry, portEnd) + port.portmap[types.TCPNumber] = make([]portMapEntry, portEnd) + port.portmap[types.UDPNumber] = make([]portMapEntry, portEnd) port.portmap6 = make([][]portMapEntry, 256) - port.portmap6[common.TCPNumber] = make([]portMapEntry, portEnd) - port.portmap6[common.UDPNumber] = make([]portMapEntry, portEnd) - port.portmap6[common.ICMPv6Number] = make([]portMapEntry, portEnd) + port.portmap6[types.TCPNumber] = make([]portMapEntry, portEnd) + port.portmap6[types.UDPNumber] = make([]portMapEntry, portEnd) + port.portmap6[types.ICMPv6Number] = make([]portMapEntry, portEnd) } func (port *ipPort) allocateLookupMap() { @@ -714,7 +695,13 @@ func CheckHWOffloading() bool { ports = append(ports, pp.PublicPort.Index, pp.PrivatePort.Index) } - return flow.CheckHWCapability(flow.HWTXChecksumCapability, ports) + capabilities := flow.CheckHWCapability(flow.HWTXChecksumCapability, ports) + for _, c := range capabilities { + if !c { + return false + } + } + return true } func (c *Config) getPortAndPairByID(portId uint32) (*ipPort, *portPair) { diff --git a/nat/dhcp.go b/nat/dhcp.go index 26184c8..2addb41 100644 --- a/nat/dhcp.go +++ b/nat/dhcp.go @@ -15,6 +15,7 @@ import ( "github.com/intel-go/nff-go/common" "github.com/intel-go/nff-go/packet" + "github.com/intel-go/nff-go/types" ) type dhcpState struct { @@ -26,12 +27,12 @@ const ( requestInterval = 10 * time.Second DHCPServerPort = 67 DHCPClientPort = 68 - BroadcastIPv4 = uint32(0xffffffff) + BroadcastIPv4 = types.IPv4Address(0xffffffff) ) var ( rnd = rand.New(rand.NewSource(time.Now().UnixNano())) - BroadcastMAC = [common.EtherAddrLen]byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff} + BroadcastMAC = types.MACAddress{0xff, 0xff, 0xff, 0xff, 0xff, 0xff} dhcpOptions = []layers.DHCPOption{ layers.NewDHCPOption(layers.DHCPOptParamsRequest, []byte{ @@ -127,7 +128,7 @@ func getDHCPOption(dhcp *layers.DHCPv4, optionType layers.DHCPOpt) *layers.DHCPO } func (port *ipPort) composeAndSendDHCPPacket(packetType layers.DHCPMsgType, options []layers.DHCPOption) { - hwa := make([]byte, common.EtherAddrLen) + hwa := make([]byte, types.EtherAddrLen) copy(hwa, port.SrcMACAddress[:]) buf := gopacket.NewSerializeBuffer() @@ -162,7 +163,7 @@ func (port *ipPort) composeAndSendDHCPPacket(packetType layers.DHCPMsgType, opti pkt.Ether.DAddr = BroadcastMAC // Fill up L3 - pkt.GetIPv4NoCheck().SrcAddr = uint32(0) + pkt.GetIPv4NoCheck().SrcAddr = types.IPv4Address(0) pkt.GetIPv4NoCheck().DstAddr = BroadcastIPv4 // Fill up L4 diff --git a/nat/dhcp6.go b/nat/dhcp6.go index f041ff2..cfe229c 100644 --- a/nat/dhcp6.go +++ b/nat/dhcp6.go @@ -15,6 +15,7 @@ import ( "github.com/intel-go/nff-go/common" "github.com/intel-go/nff-go/packet" + "github.com/intel-go/nff-go/types" ) type dhcpv6State struct { @@ -28,13 +29,13 @@ const ( ) var ( - BroadcastIPv6 = [common.IPv6AddrLen]uint8{ + BroadcastIPv6 = types.IPv6Address{ 0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, } - SingleIPMask = [common.IPv6AddrLen]uint8{ + SingleIPMask = types.IPv6Address{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, diff --git a/nat/icmp.go b/nat/icmp.go index 94684f0..59c4616 100644 --- a/nat/icmp.go +++ b/nat/icmp.go @@ -9,6 +9,7 @@ import ( "github.com/intel-go/nff-go/common" "github.com/intel-go/nff-go/packet" + "github.com/intel-go/nff-go/types" ) func (port *ipPort) handleICMP(protocol uint8, pkt *packet.Packet, key interface{}) uint { @@ -17,11 +18,11 @@ func (port *ipPort) handleICMP(protocol uint8, pkt *packet.Packet, key interface var requestCode uint8 var packetSentToUs bool var packetSentToMulticast bool - if protocol == common.ICMPNumber { - if packet.SwapBytesUint32(pkt.GetIPv4NoCheck().DstAddr) == port.Subnet.Addr { + if protocol == types.ICMPNumber { + if packet.SwapBytesIPv4Addr(pkt.GetIPv4NoCheck().DstAddr) == port.Subnet.Addr { packetSentToUs = true } - requestCode = common.ICMPTypeEchoRequest + requestCode = types.ICMPTypeEchoRequest } else { // If message is not targeted at NAT host, it is subject of // address translation @@ -33,10 +34,10 @@ func (port *ipPort) handleICMP(protocol uint8, pkt *packet.Packet, key interface ipv6.DstAddr == port.Subnet6.llMulticastAddr { packetSentToMulticast = true } - requestCode = common.ICMPv6TypeEchoRequest + requestCode = types.ICMPv6TypeEchoRequest } - ipv6 := protocol == common.ICMPv6Number + ipv6 := protocol == types.ICMPv6Number // Check IPv6 Neighbor Discovery first. If packet is handled, it // returns DROP or KNI, otherwise continue to process it. @@ -79,15 +80,15 @@ func (port *ipPort) handleICMP(protocol uint8, pkt *packet.Packet, key interface packet.GeneratePacketFromByte(answerPacket, pkt.GetRawPacketBytes()) answerPacket.ParseL3CheckVLAN() - if protocol == common.ICMPNumber { + if protocol == types.ICMPNumber { swapAddrIPv4(answerPacket) answerPacket.ParseL4ForIPv4() - (answerPacket.GetICMPNoCheck()).Type = common.ICMPTypeEchoResponse + (answerPacket.GetICMPNoCheck()).Type = types.ICMPTypeEchoResponse setIPv4ICMPChecksum(answerPacket, !NoCalculateChecksum, !NoHWTXChecksum) } else { swapAddrIPv6(answerPacket) answerPacket.ParseL4ForIPv6() - (answerPacket.GetICMPNoCheck()).Type = common.ICMPv6TypeEchoResponse + (answerPacket.GetICMPNoCheck()).Type = types.ICMPv6TypeEchoResponse setIPv6ICMPChecksum(answerPacket, !NoCalculateChecksum, !NoHWTXChecksum) } diff --git a/nat/neigh.go b/nat/neigh.go index e5d6ba2..b3b2ddd 100644 --- a/nat/neigh.go +++ b/nat/neigh.go @@ -7,16 +7,17 @@ package nat import ( "github.com/intel-go/nff-go/common" "github.com/intel-go/nff-go/packet" + "github.com/intel-go/nff-go/types" ) func (port *ipPort) handleIPv6NeighborDiscovery(pkt *packet.Packet) uint { icmp := pkt.GetICMPNoCheck() - if icmp.Type == common.ICMPv6NeighborSolicitation { + if icmp.Type == types.ICMPv6NeighborSolicitation { // If there is KNI interface, forward all of this here if port.KNIName != "" { return DirKNI } - pkt.ParseL7(common.ICMPv6Number) + pkt.ParseL7(types.ICMPv6Number) msg := pkt.GetICMPv6NeighborSolicitationMessage() if msg.TargetAddr != port.Subnet6.Addr && msg.TargetAddr != port.Subnet6.llAddr { return DirDROP @@ -39,8 +40,8 @@ func (port *ipPort) handleIPv6NeighborDiscovery(pkt *packet.Packet) uint { port.dumpPacket(answerPacket, DirSEND) answerPacket.SendPacket(port.Index) } - } else if icmp.Type == common.ICMPv6NeighborAdvertisement { - pkt.ParseL7(common.ICMPv6Number) + } else if icmp.Type == types.ICMPv6NeighborAdvertisement { + pkt.ParseL7(types.ICMPv6Number) msg := pkt.GetICMPv6NeighborAdvertisementMessage() option := pkt.GetICMPv6NDTargetLinkLayerAddressOption(packet.ICMPv6NeighborAdvertisementMessageSize) if option != nil && option.Type == packet.ICMPv6NDTargetLinkLayerAddress { @@ -57,20 +58,20 @@ func (port *ipPort) handleIPv6NeighborDiscovery(pkt *packet.Packet) uint { return DirDROP } -func (port *ipPort) getMACForIPv6(ip [common.IPv6AddrLen]uint8) (macAddress, bool) { +func (port *ipPort) getMACForIPv6(ip types.IPv6Address) (types.MACAddress, bool) { if port.staticArpMode { return port.DstMACAddress, true } else { v, found := port.arpTable.Load(ip) if found { - return macAddress(v.([common.EtherAddrLen]byte)), true + return v.(types.MACAddress), true } port.sendNDNeighborSolicitationRequest(ip) - return macAddress{}, false + return types.MACAddress{}, false } } -func (port *ipPort) sendNDNeighborSolicitationRequest(ip [common.IPv6AddrLen]uint8) { +func (port *ipPort) sendNDNeighborSolicitationRequest(ip types.IPv6Address) { requestPacket, err := packet.NewPacket() if err != nil { common.LogFatal(common.Debug, err) diff --git a/nat/translation.go b/nat/translation.go index 70a3099..17838d5 100644 --- a/nat/translation.go +++ b/nat/translation.go @@ -7,34 +7,34 @@ package nat import ( "time" - "github.com/intel-go/nff-go/common" "github.com/intel-go/nff-go/flow" "github.com/intel-go/nff-go/packet" + "github.com/intel-go/nff-go/types" ) // Tuple is a pair of address and port. type Tuple struct { - addr uint32 + addr types.IPv4Address port uint16 } type Tuple6 struct { - addr [common.IPv6AddrLen]uint8 + addr types.IPv6Address port uint16 } -func (pp *portPair) allocateNewEgressConnection(ipv6 bool, protocol uint8, privEntry interface{}) (uint32, [common.IPv6AddrLen]uint8, uint16, error) { +func (pp *portPair) allocateNewEgressConnection(ipv6 bool, protocol uint8, privEntry interface{}) (types.IPv4Address, types.IPv6Address, uint16, error) { pp.mutex.Lock() port, err := pp.allocNewPort(ipv6, protocol) if err != nil { pp.mutex.Unlock() - return 0, [common.IPv6AddrLen]uint8{}, 0, err + return 0, types.IPv6Address{}, 0, err } var pubEntry interface{} - var v4addr uint32 - var v6addr [common.IPv6AddrLen]uint8 + var v4addr types.IPv4Address + var v6addr types.IPv6Address if ipv6 { v6addr = pp.PublicPort.Subnet6.Addr pubEntry = Tuple6{ @@ -162,7 +162,7 @@ func PublicToPrivateTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { } // Find corresponding MAC address - var mac macAddress + var mac types.MACAddress var found bool if ipv6 { mac, found = port.opposite.getMACForIPv6(v6addr) @@ -183,7 +183,7 @@ func PublicToPrivateTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { if ipv6 { pktIPv6.DstAddr = v6addr } else { - pktIPv4.DstAddr = packet.SwapBytesUint32(v4addr) + pktIPv4.DstAddr = packet.SwapBytesIPv4Addr(v4addr) } setPacketDstPort(pkt, ipv6, newPort, pktTCP, pktUDP, pktICMP) @@ -252,7 +252,7 @@ func PrivateToPublicTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { port.Subnet6.llMulticastAddr == pktIPv6.DstAddr } else { addressAcquired = port.Subnet.addressAcquired - packetSentToUs = port.Subnet.Addr == packet.SwapBytesUint32(pktIPv4.DstAddr) + packetSentToUs = port.Subnet.Addr == packet.SwapBytesIPv4Addr(pktIPv4.DstAddr) } // If traffic is directed at private interface IP and KNI is @@ -265,8 +265,8 @@ func PrivateToPublicTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { // Do lookup v, found := port.translationTable[protocol].Load(pri2pubKey) - var v4addr uint32 - var v6addr [common.IPv6AddrLen]uint8 + var v4addr types.IPv4Address + var v6addr types.IPv6Address var newPort uint16 var zeroAddr bool @@ -309,12 +309,12 @@ func PrivateToPublicTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { } // Find corresponding MAC address - var mac macAddress + var mac types.MACAddress var found bool if pktIPv6 != nil { mac, found = port.opposite.getMACForIPv6(pktIPv6.DstAddr) } else { - mac, found = port.opposite.getMACForIPv4(packet.SwapBytesUint32(pktIPv4.DstAddr)) + mac, found = port.opposite.getMACForIPv4(packet.SwapBytesIPv4Addr(pktIPv4.DstAddr)) } if !found { port.dumpPacket(pkt, DirDROP) @@ -330,7 +330,7 @@ func PrivateToPublicTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { if ipv6 { pktIPv6.SrcAddr = v6addr } else { - pktIPv4.SrcAddr = packet.SwapBytesUint32(v4addr) + pktIPv4.SrcAddr = packet.SwapBytesIPv4Addr(v4addr) } setPacketSrcPort(pkt, ipv6, newPort, pktTCP, pktUDP, pktICMP) @@ -345,11 +345,10 @@ func PrivateToPublicTranslation(pkt *packet.Packet, ctx flow.UserContext) uint { // Used to generate key in public to private translation func generateLookupKeyFromDstAddr(pkt *packet.Packet, pktIPv4 *packet.IPv4Hdr, pktIPv6 *packet.IPv6Hdr, port uint16) interface{} { if pktIPv4 != nil { - key := Tuple{ - addr: packet.SwapBytesUint32(pktIPv4.DstAddr), + return Tuple{ + addr: packet.SwapBytesIPv4Addr(pktIPv4.DstAddr), port: port, } - return key } else { return Tuple6{ addr: pktIPv6.DstAddr, @@ -361,7 +360,7 @@ func generateLookupKeyFromDstAddr(pkt *packet.Packet, pktIPv4 *packet.IPv4Hdr, p // Used to generate key in private to public translation func generateLookupKeyFromSrcAddr(pkt *packet.Packet, pktIPv4 *packet.IPv4Hdr, pktIPv6 *packet.IPv6Hdr, port uint16) (interface{}, interface{}) { if pktIPv4 != nil { - saddr := packet.SwapBytesUint32(pktIPv4.SrcAddr) + saddr := packet.SwapBytesIPv4Addr(pktIPv4.SrcAddr) return Tuple{ addr: saddr, port: port, @@ -376,11 +375,11 @@ func generateLookupKeyFromSrcAddr(pkt *packet.Packet, pktIPv4 *packet.IPv4Hdr, p // Simple check for FIN or RST in TCP func (pp *portPair) checkTCPTermination(ipv6 bool, hdr *packet.TCPHdr, port int, dir terminationDirection) { - if hdr.TCPFlags&common.TCPFlagFin != 0 { + if hdr.TCPFlags&types.TCPFlagFin != 0 { // First check for FIN pp.mutex.Lock() - pme := &pp.getPublicPortPortmap(ipv6, common.TCPNumber)[port] + pme := &pp.getPublicPortPortmap(ipv6, types.TCPNumber)[port] if pme.finCount == 0 { pme.finCount = 1 pme.terminationDirection = dir @@ -389,20 +388,20 @@ func (pp *portPair) checkTCPTermination(ipv6 bool, hdr *packet.TCPHdr, port int, } pp.mutex.Unlock() - } else if hdr.TCPFlags&common.TCPFlagRst != 0 { + } else if hdr.TCPFlags&types.TCPFlagRst != 0 { // RST means that connection is terminated immediately pp.mutex.Lock() - pp.deleteOldConnection(ipv6, common.TCPNumber, port) + pp.deleteOldConnection(ipv6, types.TCPNumber, port) pp.mutex.Unlock() - } else if hdr.TCPFlags&common.TCPFlagAck != 0 { + } else if hdr.TCPFlags&types.TCPFlagAck != 0 { // Check for ACK last so that if there is also FIN, // termination doesn't happen. Last ACK should come without // FIN pp.mutex.Lock() - pme := &pp.getPublicPortPortmap(ipv6, common.TCPNumber)[port] + pme := &pp.getPublicPortPortmap(ipv6, types.TCPNumber)[port] if pme.finCount == 2 { - pp.deleteOldConnection(ipv6, common.TCPNumber, port) + pp.deleteOldConnection(ipv6, types.TCPNumber, port) // Set some time while port cannot be used before // connection timeout is reached pme.lastused = time.Now().Add(portReuseSetLastusedTime) @@ -432,12 +431,12 @@ func (port *ipPort) parsePacketAndCheckARP(pkt *packet.Packet) (dir uint, vlanhd return DirSEND, pktVLAN, pktIPv4, nil } -func getAddrFromTuple(v interface{}, ipv6 bool) (uint32, [common.IPv6AddrLen]uint8, uint16, bool) { +func getAddrFromTuple(v interface{}, ipv6 bool) (types.IPv4Address, types.IPv6Address, uint16, bool) { if ipv6 { value := v.(Tuple6) - return 0, value.addr, value.port, value.addr == [common.IPv6AddrLen]uint8{} + return 0, value.addr, value.port, value.addr == types.IPv6Address{} } else { value := v.(Tuple) - return value.addr, [common.IPv6AddrLen]uint8{}, value.port, value.addr == 0 + return value.addr, types.IPv6Address{}, value.port, value.addr == 0 } } diff --git a/nat/util.go b/nat/util.go index 0ec388e..9ed74c9 100644 --- a/nat/util.go +++ b/nat/util.go @@ -12,8 +12,8 @@ import ( "github.com/vishvananda/netlink" - "github.com/intel-go/nff-go/common" "github.com/intel-go/nff-go/packet" + "github.com/intel-go/nff-go/types" upd "github.com/intel-go/nff-go-nat/updatecfg" ) @@ -35,14 +35,6 @@ func StringIPv4Int(addr uint32) string { addr&0xff) } -func StringIPv4Array(addr [common.IPv4AddrLen]uint8) string { - return fmt.Sprintf("%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]) -} - -func StringMAC(mac [common.EtherAddrLen]uint8) string { - return fmt.Sprintf("%02x:%02x:%02x:%02x:%02x:%02x", mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]) -} - func swapAddrIPv4(pkt *packet.Packet) { ipv4 := pkt.GetIPv4NoCheck() @@ -64,7 +56,7 @@ func (port *ipPort) startTrace(dir uint) *os.File { "kni", } - fname := fmt.Sprintf("%s-%d-%s.pcap", dumpNameLookup[dir], port.Index, packet.MACToString(port.SrcMACAddress)) + fname := fmt.Sprintf("%s-%d-%s.pcap", dumpNameLookup[dir], port.Index, port.SrcMACAddress.String()) file, err := os.Create(fname) if err != nil { @@ -120,27 +112,27 @@ func convertSubnet(s *upd.Subnet) (*ipv4Subnet, *ipv6Subnet, error) { return &ipv4Subnet{ Addr: addr, - Mask: uint32(0xffffffff) << (32 - s.GetMaskBitsNumber()), + Mask: types.IPv4Address(0xffffffff) << (32 - s.GetMaskBitsNumber()), }, nil, nil } func convertForwardedPort(p *upd.ForwardedPort) (*forwardedPort, error) { bytes := p.GetTargetAddress().GetAddress() addr, err := convertIPv4(bytes) - var addr6 [common.IPv6AddrLen]uint8 + var addr6 types.IPv6Address var ipv6 bool if err != nil { - if len(bytes) == common.IPv6AddrLen { + if len(bytes) == types.IPv6AddrLen { copy(addr6[:], bytes) ipv6 = true } else { return nil, err } } - if uint8(p.GetProtocol()) != common.TCPNumber && - uint8(p.GetProtocol()) != common.UDPNumber && - p.GetProtocol() != (common.TCPNumber|upd.Protocol_IPv6_Flag) && - p.GetProtocol() != (common.UDPNumber|upd.Protocol_IPv6_Flag) { + if uint8(p.GetProtocol()) != types.TCPNumber && + uint8(p.GetProtocol()) != types.UDPNumber && + p.GetProtocol() != (types.TCPNumber|upd.Protocol_IPv6_Flag) && + p.GetProtocol() != (types.UDPNumber|upd.Protocol_IPv6_Flag) { return nil, fmt.Errorf("Bad protocol identifier %d", p.GetProtocol()) } @@ -221,16 +213,16 @@ func ParseAllKnownL4(pkt *packet.Packet, pktIPv4 *packet.IPv4Hdr, pktIPv6 *packe } switch protocol { - case common.TCPNumber: + case types.TCPNumber: pktTCP := (*packet.TCPHdr)(pkt.L4) return protocol, pktTCP, nil, nil, packet.SwapBytesUint16(pktTCP.SrcPort), packet.SwapBytesUint16(pktTCP.DstPort) - case common.UDPNumber: + case types.UDPNumber: pktUDP := (*packet.UDPHdr)(pkt.L4) return protocol, nil, pktUDP, nil, packet.SwapBytesUint16(pktUDP.SrcPort), packet.SwapBytesUint16(pktUDP.DstPort) - case common.ICMPNumber: + case types.ICMPNumber: pktICMP := (*packet.ICMPHdr)(pkt.L4) return protocol, nil, nil, pktICMP, packet.SwapBytesUint16(pktICMP.Identifier), packet.SwapBytesUint16(pktICMP.Identifier) - case common.ICMPv6Number: + case types.ICMPv6Number: pktICMP := (*packet.ICMPHdr)(pkt.L4) return protocol, nil, nil, pktICMP, packet.SwapBytesUint16(pktICMP.Identifier), packet.SwapBytesUint16(pktICMP.Identifier) default: @@ -266,7 +258,7 @@ func bringInterfaceUp(dev netlink.Link, name string) error { return nil } -func (port *ipPort) setLinkIPv4KNIAddress(ipv4addr, mask, oldaddr, oldmask uint32, bringup bool) error { +func (port *ipPort) setLinkIPv4KNIAddress(ipv4addr, mask, oldaddr, oldmask types.IPv4Address, bringup bool) error { if port.KNIName == "" { return nil } @@ -277,8 +269,8 @@ func (port *ipPort) setLinkIPv4KNIAddress(ipv4addr, mask, oldaddr, oldmask uint3 } if oldaddr != 0 { - a := packet.IPv4ToBytes(oldaddr) - m := packet.IPv4ToBytes(oldmask) + a := types.IPv4ToBytes(oldaddr) + m := types.IPv4ToBytes(oldmask) addr := &netlink.Addr{ IPNet: &net.IPNet{ IP: net.IPv4(a[3], a[2], a[1], a[0]), @@ -299,8 +291,8 @@ func (port *ipPort) setLinkIPv4KNIAddress(ipv4addr, mask, oldaddr, oldmask uint3 } } - a := packet.IPv4ToBytes(ipv4addr) - m := packet.IPv4ToBytes(mask) + a := types.IPv4ToBytes(ipv4addr) + m := types.IPv4ToBytes(mask) addr := &netlink.Addr{ IPNet: &net.IPNet{ IP: net.IPv4(a[3], a[2], a[1], a[0]), @@ -317,7 +309,7 @@ func (port *ipPort) setLinkIPv4KNIAddress(ipv4addr, mask, oldaddr, oldmask uint3 return nil } -func (port *ipPort) setLinkIPv6KNIAddress(ipv6addr, mask, oldaddr, oldmask [common.IPv6AddrLen]uint8, bringup bool) error { +func (port *ipPort) setLinkIPv6KNIAddress(ipv6addr, mask, oldaddr, oldmask types.IPv6Address, bringup bool) error { if port.KNIName == "" { return nil }