Merge pull request #1403 from AndreasAakesson/dev

Network stuff, NAT (WIP), (dont build)Solo5 on Mac

Author: fwsGonzo

CMakeLists.txt

@@ -17,6 +17,8 @@ set(CMAKE_C_COMPILER_TARGET ${TRIPLE})
 
 message(STATUS "Target triple ${TRIPLE}")
 
+option(WITH_SOLO5 "Install with solo5 support" ON)
+
 set(CMAKE_TOOLCHAIN_FILE ${INCLUDEOS_ROOT}/cmake/${ARCH}-elf-toolchain.cmake)
 
 project (includeos C CXX)

api/net/inet.hpp

@@ -20,7 +20,7 @@
 
 #include <chrono>
 #include <unordered_set>
-
+#include <list>
 #include <net/inet_common.hpp>
 #include <hw/mac_addr.hpp>
 #include <hw/nic.hpp>
@@ -48,24 +48,25 @@ namespace net {
     using resolve_func = delegate<void(typename IPv::addr, Error&)>;
     using Vip_list = std::unordered_set<typename IPV::addr>;
 
+
     ///
     /// NETWORK CONFIGURATION
     ///
 
     /** Get IP address of this interface **/
-    virtual typename IPV::addr ip_addr()        = 0;
+    virtual typename IPV::addr ip_addr() const = 0;
 
     /** Get netmask of this interface **/
-    virtual typename IPV::addr netmask()        = 0;
+    virtual typename IPV::addr netmask() const = 0;
 
     /** Get default gateway for this interface **/
-    virtual typename IPV::addr gateway()        = 0;
+    virtual typename IPV::addr gateway() const = 0;
 
     /** Get default dns for this interface **/
-    virtual typename IPV::addr dns_addr()       = 0;
+    virtual typename IPV::addr dns_addr() const = 0;
 
     /** Get broadcast address for this interface **/
-    virtual typename IPV::addr broadcast_addr() = 0;
+    virtual typename IPV::addr broadcast_addr() const = 0;
 
    /** Set default gateway for this interface */
     virtual void set_gateway(typename IPV::addr server) = 0;
@@ -113,6 +114,55 @@ namespace net {
     virtual bool is_valid_source(typename IPV::addr) = 0;
 
 
+    ///
+    /// PACKET FILTERING
+    ///
+
+    using Packetfilter = delegate<typename IPV::IP_packet_ptr(typename IPV::IP_packet_ptr, const Stack&)>;
+
+    struct Filter_chain {
+      std::list<Packetfilter> chain;
+      const char* name;
+
+      typename IPV::IP_packet_ptr operator()(typename IPV::IP_packet_ptr pckt, const Stack& stack) {
+        int i = 0;
+        for (auto filter : chain) {
+          i++;
+          pckt = filter(std::move(pckt), stack);
+          if (pckt == nullptr) {
+            debug("Packet dropped in %s chain, filter %i \n", name, i);
+            // do some logging
+            return nullptr;
+          }
+        }
+        return pckt;
+      }
+
+      Filter_chain(const char* chain_name, std::initializer_list<Packetfilter> filters) :
+        chain{filters},
+        name{chain_name} {}
+    };
+
+    /**
+     * Packet filtering hooks for firewall, NAT, connection tracking etc.
+     **/
+
+    /** Packets pass through prerouting chain before routing decision */
+    virtual Filter_chain& prerouting_chain() = 0;
+
+    /** Packets pass through postrouting chain after routing decision */
+    virtual Filter_chain& postrouting_chain() = 0;
+
+    /** Packets pass through forward chain by forwarder, if enabled */
+    virtual Filter_chain& forward_chain() = 0;
+
+    /** Packets pass through input chain before hitting protocol handlers */
+    virtual Filter_chain& input_chain() = 0;
+
+    /** Packets pass through output chain after exiting protocol handlers */
+    virtual Filter_chain& output_chain() = 0;
+
+
     ///
     /// PROTOCOL OBJECTS
     ///
@@ -166,7 +216,7 @@ namespace net {
     virtual std::string ifname() const = 0;
 
     /** Get linklayer address for this interface **/
-    virtual MAC::Addr link_addr() = 0;
+    virtual MAC::Addr link_addr() const = 0;
 
     /** Add cache entry to the link / IP address cache */
     virtual void cache_link_addr(typename IPV::addr, MAC::Addr) = 0;
@@ -182,7 +232,9 @@ namespace net {
     /// ROUTING
     ///
 
-    /** Set an IP forwarding delegate. E.g. used to enable routing */
+    /** Set an IP forwarding delegate. E.g. used to enable routing.
+     *  NOTE: The packet forwarder is expected to call the forward_chain
+     **/
     virtual void set_forward_delg(Forward_delg) = 0;
 
     /** Assign boolean function to determine if we have route to a given IP */

api/net/inet4.hpp

@@ -43,25 +43,25 @@ namespace net {
     std::string ifname() const override
     { return nic_.device_name(); }
 
-    MAC::Addr link_addr() override
+    MAC::Addr link_addr() const override
     { return nic_.mac(); }
 
     hw::Nic& nic() override
     { return nic_; }
 
-    IP4::addr ip_addr() override
+    IP4::addr ip_addr() const override
     { return ip4_addr_; }
 
-    IP4::addr netmask() override
+    IP4::addr netmask() const override
     { return netmask_; }
 
-    IP4::addr gateway() override
+    IP4::addr gateway() const override
     { return gateway_; }
 
-    IP4::addr dns_addr() override
+    IP4::addr dns_addr() const override
     { return dns_server_; }
 
-    IP4::addr broadcast_addr() override
+    IP4::addr broadcast_addr() const override
     { return ip4_addr_ | ( ~ netmask_); }
 
     IP4& ip_obj() override
@@ -98,6 +98,7 @@ namespace net {
     /**
      * Set the forwarding delegate used by this stack.
      * If set it will get all incoming packets not intended for this stack.
+     * NOTE: This delegate is expected to call the forward chain
      */
     void set_forward_delg(Forward_delg fwd) override {
       ip4_.set_packet_forwarding(fwd);
@@ -306,6 +307,26 @@ namespace net {
     bool is_valid_source(IP4::addr src) override
     { return is_loopback(src) or src == ip_addr(); }
 
+    /** Packets pass through prerouting chain before routing decision */
+    virtual Filter_chain& prerouting_chain() override
+    { return prerouting_chain_; }
+
+    /** Packets pass through postrouting chain after routing decision */
+    virtual Filter_chain& postrouting_chain() override
+    { return postrouting_chain_; }
+
+    /** Packets pass through postrouting chain after routing decision */
+    virtual Filter_chain& forward_chain() override
+    { return forward_chain_; }
+
+    /** Packets pass through input chain before hitting protocol handlers */
+    virtual Filter_chain& input_chain() override
+    { return input_chain_; }
+
+    /** Packets pass through output chain after exiting protocol handlers */
+    virtual Filter_chain& output_chain() override
+    { return output_chain_; }
+
     /** Initialize with ANY_ADDR */
     Inet4(hw::Nic& nic);
 
@@ -330,6 +351,13 @@ namespace net {
     UDP    udp_;
     TCP    tcp_;
 
+    // Filter chains
+    Filter_chain prerouting_chain_{"Prerouting", {}};
+    Filter_chain postrouting_chain_{"Postrouting", {}};
+    Filter_chain input_chain_{"Input", {}};
+    Filter_chain output_chain_{"Output", {}};
+    Filter_chain forward_chain_{"Forward", {}};
+
     // we need this to store the cache per-stack
     DNSClient dns_;
     std::string domain_name_;

api/net/inet_common.hpp

@@ -53,6 +53,38 @@ namespace net {
     return checksum(0, data, len);
   }
 
+  /**
+   * @brief      Adjust the checksum according to the difference between old and new data.
+   *
+   * @note       Only supports even offsets (length needs to be even)
+   *             See: https://tools.ietf.org/html/rfc3022#page-9 (4.2) Checksum Adjustment
+   *
+   * @param      chksum  Pointer to the checksum to adjust
+   * @param      odata   The old data
+   * @param[in]  olen    The length of the old data
+   * @param      ndata   The new data
+   * @param[in]  nlen    The length of the new data
+   */
+  void checksum_adjust(uint8_t* chksum, const void* odata,
+                       int olen, const void* ndata, int nlen);
+
+  /**
+   * @brief      Helper function for adjusting checksum when only an object is changed,
+   *             e.g. IP address in a packet header
+   *
+   * @param      chksum   Pointer to the checksum to adjust
+   * @param[in]  old_obj  The old object
+   * @param[in]  new_obj  The new object
+   *
+   * @tparam     T        The type of object
+   */
+  template <typename T>
+  void checksum_adjust(uint16_t* chksum, const T* old_obj, const T* new_obj)
+  {
+    static_assert(sizeof(T) % 2 == 0, "Checksum adjust only supports even lengths");
+    checksum_adjust(reinterpret_cast<uint8_t*>(chksum), old_obj, sizeof(T), new_obj, sizeof(T));
+  }
+
   // View a packet differently based on context
   template <typename T, typename Packet>
   inline auto view_packet_as(Packet packet) noexcept {

api/net/ip4/ip4.hpp

@@ -46,7 +46,6 @@ namespace net {
     using IP_packet = PacketIP4;
     using IP_packet_ptr = std::unique_ptr<IP_packet>;
     using downstream_arp = delegate<void(Packet_ptr, IP4::addr)>;
-    using Packet_filter = delegate<IP_packet_ptr(IP_packet_ptr)>;
     using drop_handler = delegate<void(IP_packet_ptr, Direction, Drop_reason)>;
     using PMTU = uint16_t;
 
@@ -94,14 +93,6 @@ namespace net {
     void set_linklayer_out(downstream_arp s)
     { linklayer_out_ = s; }
 
-    /** Assign function to determine which upstream packets gets filtered */
-    void set_upstream_filter(Packet_filter f)
-    { upstream_filter_ = f; }
-
-    /** Assign function to determine which downstream packets gets filtered */
-    void set_downstream_filter(Packet_filter f)
-    { downstream_filter_ = f; }
-
     //
     // Delegate getters
     //
@@ -132,7 +123,7 @@ namespace net {
      *  Source IP *can* be set - if it's not, IP4 will set it
      */
     void transmit(Packet_ptr);
-    void ship(Packet_ptr);
+    void ship(Packet_ptr, addr next_hop = 0);
 
 
     /**
@@ -157,11 +148,11 @@ namespace net {
     uint64_t get_packets_dropped()
     { return packets_dropped_; }
 
-    /**  Default upstream packet filter */
-    IP_packet_ptr filter_upstream(IP_packet_ptr packet);
+    /**  Drop incoming packets invalid according to RFC */
+    IP_packet_ptr drop_invalid_in(IP_packet_ptr packet);
 
-    /**  Default downstream packet filter */
-    IP_packet_ptr filter_downstream(IP_packet_ptr packet);
+    /**  Drop outgoing packets invalid according to RFC */
+    IP_packet_ptr drop_invalid_out(IP_packet_ptr packet);
 
     /**
      *  Path MTU (and Packetization Layered Path MTU Discovery) related methods
@@ -201,10 +192,6 @@ namespace net {
     /** Packet forwarding  */
     Stack::Forward_delg forward_packet_;
 
-    /** Packet filters */
-    Packet_filter upstream_filter_;
-    Packet_filter downstream_filter_;
-
     /** All dropped packets go here */
     drop_handler drop_handler_;
 

api/net/ip4/packet_ip4.hpp

@@ -86,7 +86,7 @@ namespace net {
 
     /** Get the IP header checksum field as-is */
     uint16_t ip_checksum() const noexcept
-    { return ntohs(ip_header().check); }
+    { return ip_header().check; }
 
     /** Get source address */
     const ip4::Addr& ip_src() const noexcept
@@ -171,7 +171,7 @@ namespace net {
 
     /** Set IP header checksum field directly */
     void set_ip_checksum(uint16_t sum) noexcept
-    { ip_header().check = ntohs(sum); }
+    { ip_header().check = sum; }
 
     /** Calculate and set IP header checksum field */
     void set_ip_checksum() noexcept {