diff options
author | blogic <blogic@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2012-10-05 10:12:53 +0000 |
---|---|---|
committer | blogic <blogic@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2012-10-05 10:12:53 +0000 |
commit | 5c105d9f3fd086aff195d3849dcf847d6b0bd927 (patch) | |
tree | 1229a11f725bfa58aa7c57a76898553bb5f6654a /target/linux/lantiq/files/net/ipv4 | |
download | openwrt-5c105d9f3fd086aff195d3849dcf847d6b0bd927.tar.gz openwrt-5c105d9f3fd086aff195d3849dcf847d6b0bd927.zip |
branch Attitude Adjustment
git-svn-id: svn://svn.openwrt.org/openwrt/branches/attitude_adjustment@33625 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'target/linux/lantiq/files/net/ipv4')
-rw-r--r-- | target/linux/lantiq/files/net/ipv4/svip_nat.c | 1569 |
1 files changed, 1569 insertions, 0 deletions
diff --git a/target/linux/lantiq/files/net/ipv4/svip_nat.c b/target/linux/lantiq/files/net/ipv4/svip_nat.c new file mode 100644 index 000000000..04a0d223a --- /dev/null +++ b/target/linux/lantiq/files/net/ipv4/svip_nat.c @@ -0,0 +1,1569 @@ +/****************************************************************************** + + Copyright (c) 2009 + Lantiq Deutschland GmbH + Am Campeon 3; 81726 Munich, Germany + + THE DELIVERY OF THIS SOFTWARE AS WELL AS THE HEREBY GRANTED NON-EXCLUSIVE, + WORLDWIDE LICENSE TO USE, COPY, MODIFY, DISTRIBUTE AND SUBLICENSE THIS + SOFTWARE IS FREE OF CHARGE. + + THE LICENSED SOFTWARE IS PROVIDED "AS IS" AND INFINEON EXPRESSLY DISCLAIMS + ALL REPRESENTATIONS AND WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING + WITHOUT LIMITATION, WARRANTIES OR REPRESENTATIONS OF WORKMANSHIP, + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, DURABILITY, THAT THE + OPERATING OF THE LICENSED SOFTWARE WILL BE ERROR FREE OR FREE OF ANY THIRD + PARTY CLAIMS, INCLUDING WITHOUT LIMITATION CLAIMS OF THIRD PARTY INTELLECTUAL + PROPERTY INFRINGEMENT. + + EXCEPT FOR ANY LIABILITY DUE TO WILFUL ACTS OR GROSS NEGLIGENCE AND EXCEPT + FOR ANY PERSONAL INJURY INFINEON SHALL IN NO EVENT BE LIABLE FOR ANY CLAIM + OR DAMAGES OF ANY KIND, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, + ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + DEALINGS IN THE SOFTWARE. + + **************************************************************************** + +Description : This file contains implementation of Custom NAT function +for Infineon's VINETIC-SVIP16 + *******************************************************************************/ + +#include <linux/module.h> +#include <linux/netfilter_ipv4.h> +#include <linux/if_ether.h> +#include <linux/netdevice.h> +#include <linux/inetdevice.h> +#include <linux/in.h> +#include <linux/ip.h> +#include <linux/if_vlan.h> +#include <linux/udp.h> +#include <linux/kernel.h> +#include <linux/version.h> +#include <linux/proc_fs.h> +#include <linux/in6.h> /* just to shut up a warning */ +#include <linux/miscdevice.h> +#include <asm/checksum.h> + +#include <linux/svip_nat.h> + +MODULE_AUTHOR("Lantiq Deutschland GmbH"); +MODULE_DESCRIPTION("SVIP Network Address Translation module"); +MODULE_LICENSE("GPL"); + +#define SVIP_NAT_INFO_STR "@(#)SVIP NAT, version "SVIP_NAT_VERSION + +/** maximum voice packet channels possible on the SVIP LC system + (equals maximum number of Codec channels possible) */ +#define SVIP_SYS_CODEC_NUM ((SVIP_SYS_NUM) * (SVIP_CODEC_NUM)) + +/** end UDP port number of the SVIP Linecard System */ +#define SVIP_UDP_TO ((SVIP_UDP_FROM) + (SVIP_SYS_CODEC_NUM) - 1) + +/** end UDP port number of the Master SVIP in SVIP Linecard System */ +#define SVIP_UDP_TO_VOFW0 ((SVIP_UDP_FROM) + (SVIP_CODEC_NUM) - 1) + +#define SVIP_PORT_INRANGE(nPort) \ + ((nPort) >= (SVIP_UDP_FROM) && (nPort) <= (SVIP_UDP_TO)) + +#define SVIP_PORT_INDEX(nPort) (nPort - SVIP_UDP_FROM) + +#define SVIP_NET_DEV_ETH0_IDX 0 +#define SVIP_NET_DEV_VETH0_IDX 1 +#define SVIP_NET_DEV_LO_IDX 2 + +#define SVIP_NET_DEV_ETH0_NAME "eth0" +#define SVIP_NET_DEV_ETH1_NAME "eth1" +#define SVIP_NET_DEV_VETH1_NAME "veth0" +#define SVIP_NET_DEV_LO_NAME "lo" + +#define SVIP_NAT_STATS_LOC2REM 0 +#define SVIP_NAT_STATS_REM2LOC 1 +#define SVIP_NAT_STATS_TYPES 2 + +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) +#define SVIP_NAT_FOR_EACH_NETDEV(d) for_each_netdev(&init_net, dev) +#define SVIP_NAT_IP_HDR(ethhdr) ip_hdr(ethhdr) +#else +#define SVIP_NAT_FOR_EACH_NETDEV(d) for(d=dev_base; dev; dev = dev->next) +#define SVIP_NAT_IP_HDR(ethhdr) (ethhdr)->nh.iph +#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) */ + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) +#define SVIP_NAT_SKB_MAC_HEADER(ethhdr) (ethhdr)->mac.ethernet +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24) +#define SVIP_NAT_SKB_MAC_HEADER(ethhdr) (ethhdr)->mac.raw +#else +#define SVIP_NAT_SKB_MAC_HEADER(ethhdr) skb_mac_header(ethhdr) +#endif + +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) +#define VLAN_DEV_REAL_DEV(dev) vlan_dev_real_dev(dev) +#define VLAN_DEV_VLAN_ID(dev) vlan_dev_vlan_id(dev) +#else +#define VLAN_DEV_REAL_DEV(dev) (VLAN_DEV_INFO(dev)->real_dev) +#define VLAN_DEV_VLAN_ID(dev) (VLAN_DEV_INFO(dev)->vlan_id) +#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) */ + +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)) +#define MOD_INC_USE_COUNT +#define MOD_DEC_USE_COUNT +#endif + +#if ! ((LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)) && \ + (defined(CONFIG_VLAN_8021Q) || defined(CONFIG_VLAN_8021Q_MODULE))) +#define VLAN_8021Q_UNUSED +#endif + + +extern spinlock_t vlan_group_lock; +extern struct net_device *__vlan_find_dev_deep(struct net_device *real_dev, unsigned short VID); + +typedef struct SVIP_NAT_stats +{ + unsigned long inPackets; + unsigned long outPackets; + unsigned long outErrors; +} SVIP_NAT_stats_t; + +typedef struct SVIP_NAT_table_entry +{ + SVIP_NAT_IO_Rule_t natRule; + SVIP_NAT_stats_t natStats[SVIP_NAT_STATS_TYPES]; +} SVIP_NAT_table_entry_t; + +/* pointer to the SVIP NAT table */ +static SVIP_NAT_table_entry_t *pNatTable = NULL; + +struct net_device *net_devs[3]; +static u32 *paddr_eth0; +static u32 *paddr_eth0_0; +static u32 *paddr_veth0; +static u32 *pmask_veth0; + +static struct semaphore *sem_nat_tbl_access; +static int proc_read_in_progress = 0; + +static int nDeviceOpen = 0; + +/* saves the NAT table index between subsequent invocation */ +static int nProcReadIdx = 0; + +static long SVIP_NAT_device_ioctl(struct file *,unsigned int ,unsigned long); +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,2,0) +static int SVIP_NAT_device_release (struct inode *,struct file *); +#else +static void SVIP_NAT_device_release (struct inode *,struct file *); +#endif +static int SVIP_NAT_device_open (struct inode *,struct file *); + +/* This structure holds the interface functions supported by + the SVIP NAT configuration device. */ +struct file_operations SVIP_NAT_Fops = { +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,0) +owner: THIS_MODULE, +#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,0) */ + llseek: NULL, /* seek */ + read: NULL, + write: NULL, + readdir: NULL, /* readdir */ + poll: NULL, /* select */ + unlocked_ioctl: SVIP_NAT_device_ioctl, /* ioctl */ + mmap: NULL, /* mmap */ + open: SVIP_NAT_device_open, /* open, */ +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,2,0) + flush: NULL, /* flush */ +#endif + release: SVIP_NAT_device_release /* close */ +}; + +/** Structure holding MISC module operations */ +static struct miscdevice SVIP_NAT_miscdev = +{ +minor: MINOR_NUM_SVIP_NAT, + name: SVIP_NAT_DEVICE_NAME, + fops: &SVIP_NAT_Fops +}; + +#ifdef CONFIG_SVIP_FW_PKT_SNIFFER +int nSVIP_NAT_Sniffer; +unsigned char pSVIP_NAT_SnifferMAC[ETH_ALEN]; +int nSVIP_NAT_SnifferMacSet; +#endif + +/******************************************************************************/ +/** + Function to read /proc/net/svip_nat/nat proc entry + + \arguments + page - pointer to page buffer + start - pointer to start address pointer + off - offset + count - maximum data length to read + eof - end of file flag + data - proc read data (provided by the function + pointed to by data) + + \return + length of read data + + \remarks: + Each call of this routine forces a copy_to_user of the data returned by + 'fn'. This routine will be called by the user until 'len = 0'. + ****************************************************************************/ +static int SVIP_NAT_ProcRead (char *page, char **start, off_t off, + int count, int *eof, void *data) +{ + unsigned long flags; + int (*fn)(char *buf, int size); + int len; + + /* If the NAT table index is negative, the reading has completed */ + if (nProcReadIdx < 0) + { + nProcReadIdx = 0; + *eof = 1; + proc_read_in_progress = 0; + up(sem_nat_tbl_access); + return 0; + } + + local_irq_save(flags); + if (!proc_read_in_progress) + { + proc_read_in_progress = 1; + local_irq_restore(flags); + /* we use this semaphore in order to ensure no other party(could be ioctl + FIO_SVIP_NAT_RULE_LIST), uses function SVIP_NAT_ProcReadNAT(), during + the time read of the proc file takes place */ + down(sem_nat_tbl_access); + } + else + { + local_irq_restore(flags); + } + + if (data != NULL) + { + fn = data; + len = fn (page, count); + /* In this setup each read of the proc entries returns the read data by + 'fn' to the user. The user keeps issuing read requests as long as the + returned value of 'len' is greater than zero. */ + *eof = 1; + *start = page; + } + else + { + len = 0; + } + + return len; +} + +#ifdef CONFIG_SVIP_FW_PKT_SNIFFER +/** + Function to read remaining proc entries + */ +static int SVIP_NAT_ProcReadGen (char *page, char **start, off_t off, + int count, int *eof, void *data) +{ + int (*fn)(char *buf, int size); + int len = 0; + + MOD_INC_USE_COUNT; + + if (data == NULL) + { + MOD_DEC_USE_COUNT; + return 0; + } + + fn = data; + len = fn (page, count); + + if (len <= off + count) + { + *eof = 1; + } + *start = page + off; + len -= off; + if (len > count) + { + len = count; + } + if (len < 0) + { + len = 0; + } + + MOD_DEC_USE_COUNT; + + return len; +} +#endif + +/******************************************************************************/ +/** + Function for setting up /proc/net/svip_nat read data + + \arguments + buf - pointer to read buffer + count - size of read buffer + + \return + length of read data into buffer + + \remarks: + The global variable 'nProcReadIdx' is used to save the table index where + the reading of the NAT table stopped. Reading is stopped when the end of + the read buffer is approached. On the next itteration the reading continues + from the saved index. + *******************************************************************************/ +static int SVIP_NAT_ProcReadNAT(char *buf, int count) +{ + int i, j; + int len = 0; + SVIP_NAT_IO_Rule_t *pNatRule; + + if (nProcReadIdx == -1) + { + nProcReadIdx = 0; + return 0; + } + + if (nProcReadIdx == 0) + { + len = sprintf(buf+len, + "Remote host IP " /* 16 char */ + "Remote host MAC " /* 19 char */ + "Local host IP " /* 15 char */ + "Local host MAC " /* 19 char */ + "Local host UDP " /* 16 char */ + "Loc->Rem(in/out/err) " /* 22 char */ + "Rem->Loc(in/out/err)\n\r"); + } + + for (i = nProcReadIdx; i < SVIP_SYS_CODEC_NUM; i++) + { + int slen; + + pNatRule = &pNatTable[i].natRule; + + if (pNatRule->remIP != 0) + { + /* make sure not to overwrite the buffer */ + if (count < len+120) + break; + + /* remIP */ + slen = sprintf(buf+len, "%d.%d.%d.%d", + (int)((pNatRule->remIP >> 24) & 0xff), + (int)((pNatRule->remIP >> 16) & 0xff), + (int)((pNatRule->remIP >> 8) & 0xff), + (int)((pNatRule->remIP >> 0) & 0xff)); + len += slen; + for (j = 0; j < (16-slen); j++) + len += sprintf(buf+len, " "); + + /* remMAC */ + slen = 0; + for (j = 0; j < ETH_ALEN; j++) + { + slen += sprintf(buf+len+slen, "%02x%s", + pNatRule->remMAC[j], j < ETH_ALEN-1 ? ":" : " "); + } + len += slen; + for (j = 0; j < (19-slen); j++) + len += sprintf(buf+len, " "); + + /* locIP */ + slen = sprintf(buf+len, "%d.%d.%d.%d", + (int)((pNatRule->locIP >> 24) & 0xff), + (int)((pNatRule->locIP >> 16) & 0xff), + (int)((pNatRule->locIP >> 8) & 0xff), + (int)((pNatRule->locIP >> 0) & 0xff)); + len += slen; + for (j = 0; j < (15-slen); j++) + len += sprintf(buf+len, " "); + + /* locMAC */ + slen = 0; + for (j = 0; j < ETH_ALEN; j++) + { + slen += sprintf(buf+len+slen, "%02x%s", + pNatRule->locMAC[j], j < ETH_ALEN-1 ? ":" : " "); + } + len += slen; + for (j = 0; j < (19-slen); j++) + len += sprintf(buf+len, " "); + + /* locUDP */ + slen = sprintf(buf+len, "%d", pNatRule->locUDP); + len += slen; + for (j = 0; j < (16-slen); j++) + len += sprintf(buf+len, " "); + + /* NAT statistics, Local to Remote translation */ + slen = sprintf(buf+len, "(%ld/%ld/%ld)", + pNatTable[i].natStats[SVIP_NAT_STATS_LOC2REM].inPackets, + pNatTable[i].natStats[SVIP_NAT_STATS_LOC2REM].outPackets, + pNatTable[i].natStats[SVIP_NAT_STATS_LOC2REM].outErrors); + len += slen; + for (j = 0; j < (22-slen); j++) + len += sprintf(buf+len, " "); + + /* NAT statistics, Remote to Local translation */ + len += sprintf(buf+len, "(%ld/%ld/%ld)\n\r", + pNatTable[i].natStats[SVIP_NAT_STATS_REM2LOC].inPackets, + pNatTable[i].natStats[SVIP_NAT_STATS_REM2LOC].outPackets, + pNatTable[i].natStats[SVIP_NAT_STATS_REM2LOC].outErrors); + } + } + if (i == SVIP_SYS_CODEC_NUM) + nProcReadIdx = -1; /* reading completed */ + else + nProcReadIdx = i; /* reading still in process, buffer was full */ + + return len; +} + +#ifdef CONFIG_SVIP_FW_PKT_SNIFFER +/** + Converts MAC address from ascii to hex respesentaion + */ +static int SVIP_NAT_MacAsciiToHex(const char *pMacStr, unsigned char *pMacHex) +{ + int i=0, c=0, b=0, n=0; + + memset(pMacHex, 0, ETH_ALEN); + while (pMacStr[i] != '\0') + { + if (n >= 0) + { + unsigned char nToHex = 0; + + /* check for hex digit */ + if (pMacStr[i] >= '0' && pMacStr[i] <= '9') + nToHex = 0x30; + else if (pMacStr[i] >= 'a' && pMacStr[i] <= 'f') + nToHex = 0x57; + else if (pMacStr[i] >= 'A' && pMacStr[i] <= 'F') + nToHex = 0x37; + else + { + if (n != 0) + { + printk(KERN_ERR "SVIP NAT: invalid MAC address format[%s]\n", pMacStr); + return -1; + } + i++; + continue; + } + n^=1; + pMacHex[b] |= ((pMacStr[i] - nToHex)&0xf) << (4*n); + if (n == 0) + { + /* advance to next byte, check if complete */ + if (++b >= ETH_ALEN) + return 0; + /* byte completed, next we expect a colon... */ + c = 1; + /* and, do not check for hex digit */ + n = -1; + } + i++; + continue; + } + if (c == 1) + { + if (pMacStr[i] == ':') + { + /* next we expect hex digit, again */ + n = 0; + } + else + { + printk(KERN_ERR "SVIP NAT: invalid MAC address format[%s]\n", pMacStr); + return -1; + } + } + i++; + } + return 0; +} + +/** + Used to set the destination MAC address of a host where incoming + SVIP VoFW packets are to be addressed. In case the address is set + to 00:00:00:00:00:00 (the default case), the packets will written + out to eth0 with its original MAC addess. + + \remark +usage: 'echo "00:03:19:00:15:D1" > cat /proc/net/svip_nat/snifferMAC' +*/ +int SVIP_NAT_ProcWriteSnifferMAC (struct file *file, const char *buffer, + unsigned long count, void *data) +{ + /* at least strlen("xx:xx:xx:xx:xx:xx") characters, followed by '\0' */ + if (count >= 18) + { + int ret; + + ret = SVIP_NAT_MacAsciiToHex(buffer, pSVIP_NAT_SnifferMAC); + + if (ret != 0) + return 0; + + if (!(pSVIP_NAT_SnifferMAC[0]==0 && pSVIP_NAT_SnifferMAC[1]==0 && + pSVIP_NAT_SnifferMAC[2]==0 && pSVIP_NAT_SnifferMAC[3]==0 && + pSVIP_NAT_SnifferMAC[4]==0 && pSVIP_NAT_SnifferMAC[5]==0)) + { + nSVIP_NAT_SnifferMacSet = 1; + } + } + return count; +} + +/** + Used to read the destination MAC address of a sniffer host + */ +int SVIP_NAT_ProcReadSnifferMAC (char *buf, int count) +{ + int len = 0; + + len = snprintf(buf, count, "%02x:%02x:%02x:%02x:%02x:%02x\n", + pSVIP_NAT_SnifferMAC[0], pSVIP_NAT_SnifferMAC[1], + pSVIP_NAT_SnifferMAC[2], pSVIP_NAT_SnifferMAC[3], + pSVIP_NAT_SnifferMAC[4], pSVIP_NAT_SnifferMAC[5]); + + if (len > count) + { + printk(KERN_ERR "SVIP NAT: Only part of the text could be put into the buffer\n"); + return count; + } + + return len; +} + +/** + Used to switch VoFW message sniffer on/off + + \remark +usage: 'echo "1" > cat /proc/net/svip_nat/snifferOnOff' +*/ +int SVIP_NAT_ProcWriteSnifferOnOff (struct file *file, const char *buffer, + unsigned long count, void *data) +{ + /* at least one digit expected, followed by '\0' */ + if (count >= 2) + { + int ret, nSnifferOnOff; + + ret = sscanf(buffer, "%d", &nSnifferOnOff); + + if (ret != 1) + return count; + + if (nSnifferOnOff > 0) + nSnifferOnOff = 1; + + nSVIP_NAT_Sniffer = nSnifferOnOff; + } + return count; +} + +/** + Used to read the VoFW message sniffer configuration (on/off) + */ +int SVIP_NAT_ProcReadSnifferOnOff (char *buf, int count) +{ + int len = 0; + + len = snprintf(buf, count, "%d\n", nSVIP_NAT_Sniffer); + + if (len > count) + { + printk(KERN_ERR "SVIP NAT: Only part of the text could be put into the buffer\n"); + return count; + } + + return len; +} +#endif + +/******************************************************************************/ +/** + Creates proc read/write entries + + \return + 0 on success, -1 on error + */ +/******************************************************************************/ +static int SVIP_NAT_ProcInstall(void) +{ + struct proc_dir_entry *pProcParentDir, *pProcDir; + struct proc_dir_entry *pProcNode; + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24) + pProcParentDir = proc_net; +#else + pProcParentDir = init_net.proc_net; +#endif + pProcDir = proc_mkdir(SVIP_NAT_DEVICE_NAME, pProcParentDir); + if (pProcDir == NULL) + { + printk(KERN_ERR "SVIP NAT: cannot create proc dir %s/%s\n\r", + pProcParentDir->name, SVIP_NAT_DEVICE_NAME); + return -1; + } + + pProcNode = create_proc_read_entry("nat", S_IFREG|S_IRUGO, pProcDir, + SVIP_NAT_ProcRead, (void *)SVIP_NAT_ProcReadNAT); + if (pProcNode == NULL) + { + printk(KERN_ERR "SVIP NAT: cannot create proc entry %s/%s", + pProcDir->name, "nat"); + return -1; + } + +#ifdef CONFIG_SVIP_FW_PKT_SNIFFER + nSVIP_NAT_Sniffer = 0; + /* creates proc entry for switching on/off sniffer to VoFW messages */ + pProcNode = create_proc_read_entry("snifferOnOff", S_IFREG|S_IRUGO|S_IWUGO, + pProcDir, SVIP_NAT_ProcReadGen, (void *)SVIP_NAT_ProcReadSnifferOnOff); + if (pProcNode == NULL) + { + printk(KERN_ERR "SVIP NAT: cannot create proc entry %s/%s\n\r", + pProcDir->name, "snifferOnOff"); + return -1; + } + pProcNode->write_proc = SVIP_NAT_ProcWriteSnifferOnOff; + + memset (pSVIP_NAT_SnifferMAC, 0, ETH_ALEN); + nSVIP_NAT_SnifferMacSet = 0; + /* creates proc entry for setting MAC address of sniffer host to VoFW messages */ + pProcNode = create_proc_read_entry("snifferMAC", S_IFREG|S_IRUGO|S_IWUGO, + pProcDir, SVIP_NAT_ProcReadGen, (void *)SVIP_NAT_ProcReadSnifferMAC); + if (pProcNode == NULL) + { + printk(KERN_ERR "SVIP NAT: cannot create proc entry %s/%s\n\r", + pProcDir->name, "snifferMAC"); + return -1; + } + pProcNode->write_proc = SVIP_NAT_ProcWriteSnifferMAC; +#endif + + return 0; +} + +/******************************************************************************/ +/** + No actions done here, simply a check is performed if an open has already + been performed. Currently only a single open is allowed as it is a sufficient + to have hat a single process configuring the SVIP NAT at one time. + + \arguments + inode - pointer to disk file data + file - pointer to device file data + + \return + 0 on success, else -1 + */ +/******************************************************************************/ +static int SVIP_NAT_device_open(struct inode *inode, struct file *file) +{ + unsigned long flags; + struct in_device *in_dev; + struct in_ifaddr *ifa; + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) + local_irq_save(flags); +#else + local_save_flags(flags); +#endif + + if (nDeviceOpen) + { + MOD_INC_USE_COUNT; + local_irq_restore(flags); + nDeviceOpen++; + return 0; + } + + /* find pointer to IP address of eth0 */ + if ((in_dev=in_dev_get(net_devs[SVIP_NET_DEV_ETH0_IDX])) != NULL) + { + for (ifa = in_dev->ifa_list; ifa != NULL; ifa = ifa->ifa_next) + { + if (!paddr_eth0 && ifa->ifa_address != 0) + { + paddr_eth0 = &ifa->ifa_address; + continue; + } + if (paddr_eth0 && ifa->ifa_address != 0) + { + paddr_eth0_0 = &ifa->ifa_address; + break; + } + } + in_dev_put(in_dev); + } + if (paddr_eth0 == NULL || paddr_eth0_0 == NULL) + { + local_irq_restore(flags); + return -ENODATA; + } + + /* find pointer to IP address of veth0 */ + if ((in_dev=in_dev_get(net_devs[SVIP_NET_DEV_VETH0_IDX])) != NULL) + { + for (ifa = in_dev->ifa_list; ifa != NULL; ifa = ifa->ifa_next) + { + if (ifa->ifa_address != 0) + { + paddr_veth0 = &ifa->ifa_address; + pmask_veth0 = &ifa->ifa_mask; + break; + } + } + in_dev_put(in_dev); + } + if (paddr_veth0 == NULL) + { + local_irq_restore(flags); + return -ENODATA; + } + + MOD_INC_USE_COUNT; + nDeviceOpen++; + local_irq_restore(flags); + + return 0; +} + + +/******************************************************************************/ +/** + This function is called when a process closes the SVIP NAT device file + + \arguments + inode - pointer to disk file data + file - pointer to device file data + + \return + 0 on success, else -1 + +*/ +/******************************************************************************/ +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,2,0) +static int SVIP_NAT_device_release(struct inode *inode, + struct file *file) +#else +static void SVIP_NAT_device_release(struct inode *inode, + struct file *file) +#endif +{ + unsigned long flags; + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) + save_flags(flags); + cli(); +#else + local_save_flags(flags); +#endif + + /* The device can now be openned by the next caller */ + nDeviceOpen--; + + MOD_DEC_USE_COUNT; + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) + restore_flags(flags); +#else + local_irq_restore(flags); +#endif + +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,2,0) + return 0; +#endif +} + + +/******************************************************************************/ +/** + This function is called when a process closes the SVIP NAT device file + + \arguments + inode - pointer to disk file data + file - pointer to device file data + ioctl_num - ioctl number requested + ioctl_param - pointer to data related to the ioctl number + + \return + 0 on success, else -1 + +*/ +/******************************************************************************/ +long SVIP_NAT_device_ioctl (struct file *file, + unsigned int ioctl_num, unsigned long ioctl_param) +{ + int ret = 0; + SVIP_NAT_IO_Rule_t *pNatRule, *pNatRuleIn; + SVIP_UDP_PORT_t nPort; + int nNatIdx; + int bWrite = 0; + int bRead = 0; + unsigned char *pData = 0; + int nSize; + + if (_IOC_DIR(ioctl_num) & _IOC_WRITE) + bWrite = 1; + if (_IOC_DIR(ioctl_num) & _IOC_READ) + bRead = 1; + nSize = _IOC_SIZE(ioctl_num); + + if (nSize > sizeof(int)) + { + if (bRead || bWrite) + { + pData = kmalloc (nSize, GFP_KERNEL); + if (bWrite) + { + if (copy_from_user ((void *)pData, (void *)ioctl_param, nSize) != 0) + { + printk(KERN_ERR "SVIP NAT: ioctl %x: copy_from_user() failed!\n", ioctl_num); + ret = -1; + goto error; + } + } + } + } + + switch (ioctl_num) + { + case FIO_SVIP_NAT_RULE_ADD: + + pNatRuleIn = (SVIP_NAT_IO_Rule_t *)pData; + + /* check if destination UDP port is within range */ + nPort = ntohs(pNatRuleIn->locUDP); + + if (!SVIP_PORT_INRANGE(nPort)) + { + printk(KERN_ERR "SVIP NAT: Error, UDP port(%d) is out of range(%d..%d)\n", + nPort, SVIP_UDP_FROM, SVIP_UDP_TO); + ret = -1; + goto error; + } + nNatIdx = SVIP_PORT_INDEX(nPort); + + down(sem_nat_tbl_access); + pNatRule = &pNatTable[nNatIdx].natRule; + + /* add rule to the NAT table */ + pNatRule->remIP = pNatRuleIn->remIP; + memcpy((char *)pNatRule->remMAC, (char *)pNatRuleIn->remMAC, ETH_ALEN); + pNatRule->locIP = pNatRuleIn->locIP; + memcpy((char *)pNatRule->locMAC, (char *)pNatRuleIn->locMAC, ETH_ALEN); + pNatRule->locUDP = pNatRuleIn->locUDP; + + memset(pNatTable[nNatIdx].natStats, 0, + sizeof(SVIP_NAT_stats_t)*SVIP_NAT_STATS_TYPES); + up(sem_nat_tbl_access); + break; + + case FIO_SVIP_NAT_RULE_REMOVE: + + pNatRuleIn = (SVIP_NAT_IO_Rule_t *)pData; + + /* check if destination UDP port is within range */ + nPort = ntohs(pNatRuleIn->locUDP); + if (!SVIP_PORT_INRANGE(nPort)) + { + printk(KERN_ERR "SVIP NAT: Error, UDP port(%d) is out of range(%d..%d)\n", + nPort, SVIP_UDP_FROM, SVIP_UDP_TO); + ret = -1; + goto error; + } + nNatIdx = SVIP_PORT_INDEX(nPort); + down(sem_nat_tbl_access); + /* remove rule from the NAT table */ + memset(&pNatTable[nNatIdx], 0, sizeof(SVIP_NAT_table_entry_t)); + up(sem_nat_tbl_access); + break; + + case FIO_SVIP_NAT_RULE_LIST: + { + int len; + char buf[256]; + + down(sem_nat_tbl_access); + while (nProcReadIdx != -1) + { + len = SVIP_NAT_ProcReadNAT(buf, 256); + if (len > 0) + printk("%s", buf); + } + nProcReadIdx = 0; + up(sem_nat_tbl_access); + break; + } + + default: + printk(KERN_ERR "SVIP NAT: unsupported ioctl (%x) command for device %s\n", + ioctl_num, PATH_SVIP_NAT_DEVICE_NAME); + ret = -1; + goto error; + } + + if (nSize > sizeof(int)) + { + if (bRead) + { + if (copy_to_user ((void *)ioctl_param, (void *)pData, nSize) != 0) + { + printk(KERN_ERR "SVIP NAT: ioctl %x: copy_to_user() failed!\n", ioctl_num); + ret = -1; + goto error; + } + } + } + +error: + if (pData) + kfree(pData); + + return ret; +} + +#if 0 +void dump_msg(unsigned char *pData, unsigned int nLen) +{ + int i; + + for (i=0; i<nLen; i++) + { + if (!i || !(i%16)) + printk("\n "); + else if (i && !(i%4)) + printk(" "); + printk("%02x", pData[i]); + } + if (--i%16) + printk("\n"); +} +#endif + +/******************************************************************************/ +/** + Used to recalculate IP/UDP checksum using the original IP/UDP checksum + coming with the packet. The original source and destination IP addresses + are accounted for, and, the checksum is updated using the new source and + destination IP addresses. + + \arguments + skb - pointer to the receiving socket buffer + csum_old - original checksum + saddr_old - pointer to original source IP address + saddr_new - pointer to new source IP address + daddr_old - pointer to original destination IP address + daddr_new - pointer to new destination IP address + + \return + recalculated IP/UDP checksum + */ +/******************************************************************************/ +static inline u16 ip_udp_quick_csum(u16 csum_old, u16 *saddr_old, u16 *saddr_new, + u16 *daddr_old, u16 *daddr_new) +{ + u32 sum; + + sum = csum_old; + + /* convert back from one's complement */ + sum = ~sum & 0xffff; + + if (sum < saddr_old[0]) sum += 0xffff; + sum -= saddr_old[0]; + if (sum < saddr_old[1]) sum += 0xffff; + sum -= saddr_old[1]; + if (sum < daddr_old[0]) sum += 0xffff; + sum -= daddr_old[0]; + if (sum < daddr_old[1]) sum += 0xffff; + sum -= daddr_old[1]; + + sum += saddr_new[0]; + sum += saddr_new[1]; + sum += daddr_new[0]; + sum += daddr_new[1]; + + /* take only 16 bits out of the 32 bit sum and add up the carries */ + while (sum >> 16) + sum = (sum & 0xffff)+((sum >> 16) & 0xffff); + + /* one's complement the result */ + sum = ~sum; + + return (u16)(sum & 0xffff); +} + + +/******************************************************************************/ +/** + Returns a pointer to an ipv4 address assigned to device dev. The ipv4 + instance checked is pointed to by ifa_start. The function is suited for + itterative calls. + + \arguments + dev - pointer to network interface + ifa_start - pointer to ipv4 instance to return ipv4 address assigned + to, NULL for the first one + ppifa_addr - output parameter + + \return + pointer to the next ipv4 instance, which can be null if ifa_start was + the last instance present + */ +/******************************************************************************/ +static struct in_ifaddr *get_ifaddr(struct net_device *dev, + struct in_ifaddr *ifa_start, unsigned int **ppifa_addr) +{ + struct in_device *in_dev; + struct in_ifaddr *ifa = NULL; + + if ((in_dev=in_dev_get(dev)) != NULL) + { + if (ifa_start == NULL) + ifa = in_dev->ifa_list; + else + ifa = ifa_start; + if (ifa) + { + *ppifa_addr = &ifa->ifa_address; + ifa = ifa->ifa_next; + } + in_dev_put(in_dev); + return ifa; + } + *ppifa_addr = NULL; + return NULL; +} + +/******************************************************************************/ +/** + This function performs IP NAT for received packets satisfying the + following requirements: + + - packet is destined to local IP host + - transport protocol type is UDP + - destination UDP port is within range + + \arguments + skb - pointer to the receiving socket buffer + + \return + returns 1 on performed SVIP NAT, else returns 0 + + \remarks + When function returns 0, it indicates the caller to pass the + packet up the IP stack to make further decision about it + */ +/******************************************************************************/ +int do_SVIP_NAT (struct sk_buff *skb) +{ + struct net_device *real_dev; + struct iphdr *iph; + struct udphdr *udph; + SVIP_NAT_IO_Rule_t *pNatRule; + int nNatIdx, in_eth0, nDir; +#ifndef VLAN_8021Q_UNUSED + int vlan; + unsigned short vid; +#endif /* ! VLAN_8021Q_UNUSED */ + SVIP_UDP_PORT_t nPort; + u32 orgSrcIp, orgDstIp, *pSrcIp, *pDstIp; + struct ethhdr *ethh; + + /* do not consider if SVIP NAT device not open. */ + if (!nDeviceOpen) + { + return 0; + } + + /* consider only UDP packets. */ + iph = SVIP_NAT_IP_HDR(skb); + if (iph->protocol != IPPROTO_UDP) + { + return 0; + } + + udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl); + /* consider only packets which UDP port numbers reside within + the predefined SVIP NAT UDP port range. */ + if ((!SVIP_PORT_INRANGE(ntohs(udph->dest))) && + (!SVIP_PORT_INRANGE(ntohs(udph->source)))) + { + return 0; + } + +#ifndef VLAN_8021Q_UNUSED + /* check if packet delivered over VLAN. VLAN packets will be routed over + the VLAN interfaces of the respective real Ethernet interface, if one + exists(VIDs must match). Else, the packet will be send out as IEEE 802.3 + Ethernet frame */ + if (skb->dev->priv_flags & IFF_802_1Q_VLAN) + { + vlan = 1; + vid = VLAN_DEV_VLAN_ID(skb->dev); + real_dev = VLAN_DEV_REAL_DEV(skb->dev); + } + else + { + vlan = 0; + vid = 0; + real_dev = skb->dev; + } +#endif /* ! VLAN_8021Q_UNUSED */ + +#ifdef CONFIG_SVIP_FW_PKT_SNIFFER + /** Debugging feature which can be enabled by writing, + 'echo 1 > /proc/net/svip_nat/snifferOnOff'. + It copies all packets received on veth0 and, sends them out over eth0. + When a destination MAC address is specified through + /proc/net/svip_nat/snifferMAC, this MAC addess will substitute the + original MAC address of the packet. + It is recommended to specify a MAC address of some host where Wireshark + runs and sniffs for this traffic, else you may flood your LAN with + undeliverable traffic. + +NOTE: In case of VLAN traffic the VLAN header information is lost. */ + if (nSVIP_NAT_Sniffer) + { + if (real_dev == net_devs[SVIP_NET_DEV_VETH0_IDX]) + { + struct sk_buff *copied_skb; + + /* gain the Ethernet header from the skb */ + skb_push(skb, ETH_HLEN); + + copied_skb = skb_copy (skb, GFP_ATOMIC); + + if (nSVIP_NAT_SnifferMacSet == 1) + { + ethh = (struct ethhdr *)SVIP_NAT_SKB_MAC_HEADER(copied_skb); + memcpy((char *)ethh->h_dest, (char *)pSVIP_NAT_SnifferMAC, ETH_ALEN); + } + copied_skb->dev = net_devs[SVIP_NET_DEV_ETH0_IDX]; + dev_queue_xmit(copied_skb); + + /* skip the ETH header again */ + skb_pull(skb, ETH_HLEN); + } + } +#endif + + + /* check if packet arrived on eth0 */ + if (real_dev == net_devs[SVIP_NET_DEV_ETH0_IDX]) + { + /* check if destination IP address equals the primary assigned IP address + of interface eth0. This is the case of packets originating from a + remote peer that are to be delivered to a channel residing on THIS + voice linecard system. This is typical SVIP NAT case, therefore this + rule is placed on top. */ + if (iph->daddr == *paddr_eth0) + { + nPort = ntohs(udph->dest); + nDir = SVIP_NAT_STATS_REM2LOC; + } + /* check if destination IP address equals the secondary assigned IP address + of interface eth0. This is not a typical SVIP NAT case. It is basically + there, as someone might like for debugging purpose to use the LCC to route + Slave SVIP packets which are part of voice/fax streaming. */ + else if (iph->daddr == *paddr_eth0_0) + { + nPort = ntohs(udph->source); + nDir = SVIP_NAT_STATS_LOC2REM; + } +#ifndef VLAN_8021Q_UNUSED + /* when the packet did not hit the top two rules, here we check if the packet + has addressed any of the IP addresses assigned to the VLAN interface attached + to eth0. This is not recommended approach because of the CPU cost incurred. */ + else if (vlan) + { + unsigned int *pifa_addr; + struct in_ifaddr *ifa_start = NULL; + int i = 0; + + do + { + ifa_start = get_ifaddr(skb->dev, ifa_start, &pifa_addr); + if (!pifa_addr) + { + /* VLAN packet received on vlan interface attached to eth0, + however no IP address assigned to the interface. + The packet is ignored. */ + return 0; + } + if (iph->daddr == *pifa_addr) + { + /* packet destined to... */ + break; + } + if (!ifa_start) + { + return 0; + } + i++; + } while (ifa_start); + if (!i) + { + /* ...primary assigned IP address to the VLAN interface. */ + nPort = ntohs(udph->dest); + nDir = SVIP_NAT_STATS_REM2LOC; + } + else + { + /* ...secondary assigned IP address to the VLAN interface. */ + nPort = ntohs(udph->source); + nDir = SVIP_NAT_STATS_LOC2REM; + } + } +#endif /* ! VLAN_8021Q_UNUSED */ + else + { + return 0; + } + in_eth0 = 1; + } + /* check if packet arrived on veth0 */ + else if (real_dev == net_devs[SVIP_NET_DEV_VETH0_IDX]) + { + nPort = ntohs(udph->source); + nDir = SVIP_NAT_STATS_LOC2REM; + in_eth0 = 0; + } + else + { + /* packet arrived neither on eth0, nor veth0 */ + return 0; + } + + /* calculate the respective index of the NAT table */ + nNatIdx = SVIP_PORT_INDEX(nPort); + /* process the packet if a respective NAT rule exists */ + pNatRule = &pNatTable[nNatIdx].natRule; + + ethh = (struct ethhdr *)SVIP_NAT_SKB_MAC_HEADER(skb); + + /* copy packet's original source and destination IP addresses to use + later on to perform efficient checksum recalculation */ + orgSrcIp = iph->saddr; + orgDstIp = iph->daddr; + + if (in_eth0) + { + u8 *pDstMac; + + /* Process packet arrived on eth0 */ + + if (nDir == SVIP_NAT_STATS_REM2LOC && iph->saddr == pNatRule->remIP) + { + pDstIp = &pNatRule->locIP; + pDstMac = pNatRule->locMAC; + } + else if (nDir == SVIP_NAT_STATS_LOC2REM && iph->saddr == pNatRule->locIP) + { + pDstIp = &pNatRule->remIP; + pDstMac = pNatRule->remMAC; + } + else + { + /* Rule check failed. The packet is passed up the layers, + it will be dropped by UDP */ + return 0; + } + + if ((*pDstIp & *pmask_veth0) == (*paddr_veth0 & *pmask_veth0)) + { +#ifndef VLAN_8021Q_UNUSED + if (vlan) + { + struct net_device *vlan_dev; + + spin_lock_bh(&vlan_group_lock); + vlan_dev = __vlan_find_dev_deep(net_devs[SVIP_NET_DEV_VETH0_IDX], vid); + spin_unlock_bh(&vlan_group_lock); + if (vlan_dev) + { +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) + struct vlan_ethhdr *vethh; + + skb_push(skb, VLAN_ETH_HLEN); + /* reconstruct the VLAN header. +NOTE: priority information is lost */ + vethh = (struct vlan_ethhdr *)skb->data; + vethh->h_vlan_proto = htons(ETH_P_8021Q); + vethh->h_vlan_TCI = htons(vid); + vethh->h_vlan_encapsulated_proto = htons(ETH_P_IP); + ethh = (struct ethhdr *)vethh; +#else + skb_push(skb, ETH_HLEN); +#endif + skb->dev = vlan_dev; + } + else + { + skb->dev = net_devs[SVIP_NET_DEV_VETH0_IDX]; + skb_push(skb, ETH_HLEN); + } + } + else +#endif /* ! VLAN_8021Q_UNUSED */ + { + skb->dev = net_devs[SVIP_NET_DEV_VETH0_IDX]; + skb_push(skb, ETH_HLEN); + } + pSrcIp = paddr_veth0; + } + else + { +#ifndef VLAN_8021Q_UNUSED +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) + if (vlan) + { + struct vlan_ethhdr *vethh; + + /* reconstruct the VLAN header. +NOTE: priority information is lost */ + skb_push(skb, VLAN_ETH_HLEN); + vethh = (struct vlan_ethhdr *)skb->data; + vethh->h_vlan_proto = htons(ETH_P_8021Q); + vethh->h_vlan_TCI = htons(vid); + vethh->h_vlan_encapsulated_proto = htons(ETH_P_IP); + ethh = (struct ethhdr *)vethh; + } + else +#endif +#endif /* ! VLAN_8021Q_UNUSED */ + { + skb_push(skb, ETH_HLEN); + } + /* source IP address equals the destination IP address + of the incoming packet */ + pSrcIp = &iph->daddr; + } + iph->saddr = *pSrcIp; + memcpy((char *)ethh->h_source, (char *)skb->dev->dev_addr, ETH_ALEN); + iph->daddr = *pDstIp; + memcpy((char *)ethh->h_dest, (char *)pDstMac, ETH_ALEN); + } + else + { + /* Process packet arrived on veth0 */ + + if (iph->saddr != pNatRule->locIP) + { + /* Rule check failed. The packet is passed up the layers, + it will be dropped by UDP */ + return 0; + } + + if (!((pNatRule->remIP & *pmask_veth0) == (*paddr_veth0 & *pmask_veth0))) + { +#ifndef VLAN_8021Q_UNUSED + if (vlan) + { + struct net_device *vlan_dev; + + spin_lock_bh(&vlan_group_lock); + vlan_dev = __vlan_find_dev_deep(net_devs[SVIP_NET_DEV_ETH0_IDX], vid); + spin_unlock_bh(&vlan_group_lock); + if (vlan_dev) + { + unsigned int *pifa_addr; +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) + struct vlan_ethhdr *vethh; + + skb_push(skb, VLAN_ETH_HLEN); + /* construct the VLAN header, note priority information is lost */ + vethh = (struct vlan_ethhdr *)skb->data; + vethh->h_vlan_proto = htons(ETH_P_8021Q); + vethh->h_vlan_TCI = htons(vid); + vethh->h_vlan_encapsulated_proto = htons(ETH_P_IP); + ethh = (struct ethhdr *)vethh; +#else + skb_push(skb, ETH_HLEN); +#endif + skb->dev = vlan_dev; + + get_ifaddr(skb->dev, NULL, &pifa_addr); + if (pifa_addr) + { + pSrcIp = pifa_addr; + } + else + { + pSrcIp = paddr_eth0; + } + } + else + { + skb->dev = net_devs[SVIP_NET_DEV_ETH0_IDX]; + pSrcIp = paddr_eth0; + skb_push(skb, ETH_HLEN); + } + } + else +#endif /* ! VLAN_8021Q_UNUSED */ + { + skb->dev = net_devs[SVIP_NET_DEV_ETH0_IDX]; + pSrcIp = paddr_eth0; + skb_push(skb, ETH_HLEN); + } + } + else + { + pSrcIp = paddr_veth0; +#ifndef VLAN_8021Q_UNUSED +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) + if (vlan) + { + struct vlan_ethhdr *vethh; + + skb_push(skb, VLAN_ETH_HLEN); + /* reconstruct the VLAN header. +NOTE: priority information is lost. */ + vethh = (struct vlan_ethhdr *)skb->data; + vethh->h_vlan_proto = htons(ETH_P_8021Q); + vethh->h_vlan_TCI = htons(vid); + vethh->h_vlan_encapsulated_proto = htons(ETH_P_IP); + ethh = (struct ethhdr *)vethh; + } + else +#endif +#endif /* ! VLAN_8021Q_UNUSED */ + { + skb_push(skb, ETH_HLEN); + } + } + iph->saddr = *pSrcIp; + memcpy((char *)ethh->h_source, (char *)skb->dev->dev_addr, ETH_ALEN); + iph->daddr = pNatRule->remIP; + memcpy((char *)ethh->h_dest, (char *)pNatRule->remMAC, ETH_ALEN); + } + pNatTable[nNatIdx].natStats[nDir].inPackets++; + + iph->check = ip_udp_quick_csum(iph->check, (u16 *)&orgSrcIp, (u16 *)&iph->saddr, + (u16 *)&orgDstIp, (u16 *)&iph->daddr); + if (udph->check != 0) + { + udph->check = ip_udp_quick_csum(udph->check, (u16 *)&orgSrcIp, (u16 *)&iph->saddr, + (u16 *)&orgDstIp, (u16 *)&iph->daddr); + } + + /* write the packet out, directly to the network device */ + if (dev_queue_xmit(skb) < 0) + pNatTable[nNatIdx].natStats[nDir].outErrors++; + else + pNatTable[nNatIdx].natStats[nDir].outPackets++; + + return 1; +} + +/******************************************************************************/ +/** + Function executed upon unloading of the SVIP NAT module. It unregisters the + SVIP NAT configuration device and frees the memory used for the NAT table. + + \remarks: + Currently the SVIP NAT module is statically linked into the Linux kernel + therefore this routine cannot be executed. + *******************************************************************************/ +static int __init init(void) +{ + int ret = 0; + struct net_device *dev; + + if (misc_register(&SVIP_NAT_miscdev) != 0) + { + printk(KERN_ERR "%s: cannot register SVIP NAT device node.\n", + SVIP_NAT_miscdev.name); + return -EIO; + } + + /* allocation of memory for NAT table */ + pNatTable = (SVIP_NAT_table_entry_t *)kmalloc( + sizeof(SVIP_NAT_table_entry_t) * SVIP_SYS_CODEC_NUM, GFP_ATOMIC); + if (pNatTable == NULL) + { + printk (KERN_ERR "SVIP NAT: Error(%d), allocating memory for NAT table\n", ret); + return -1; + } + + /* clear the NAT table */ + memset((void *)pNatTable, 0, sizeof(SVIP_NAT_table_entry_t) * SVIP_SYS_CODEC_NUM); + + if ((sem_nat_tbl_access = kmalloc(sizeof(struct semaphore), GFP_KERNEL))) + { + sema_init(sem_nat_tbl_access, 1); + } + + SVIP_NAT_ProcInstall(); + + /* find pointers to 'struct net_device' of eth0 and veth0, respectevely */ + read_lock(&dev_base_lock); + SVIP_NAT_FOR_EACH_NETDEV(dev) + { + if (!strcmp(dev->name, SVIP_NET_DEV_ETH0_NAME)) + { + net_devs[SVIP_NET_DEV_ETH0_IDX] = dev; + } + if (!strcmp(dev->name, SVIP_NET_DEV_VETH1_NAME)) + { + net_devs[SVIP_NET_DEV_VETH0_IDX] = dev; + } + else if (!strcmp(dev->name, SVIP_NET_DEV_ETH1_NAME)) + { + net_devs[SVIP_NET_DEV_VETH0_IDX] = dev; + } + } + read_unlock(&dev_base_lock); + + if (net_devs[SVIP_NET_DEV_ETH0_IDX] == NULL || + net_devs[SVIP_NET_DEV_VETH0_IDX] == NULL) + { + printk (KERN_ERR "SVIP NAT: Error, unable to locate eth0 and veth0 interfaces\n"); + return -1; + } + + printk ("%s, (c) 2009, Lantiq Deutschland GmbH\n", &SVIP_NAT_INFO_STR[4]); + + return ret; +} + +/******************************************************************************/ +/** + Function executed upon unloading of the SVIP NAT module. It unregisters the + SVIP NAT configuration device and frees the memory used for the NAT table. + + \remarks: + Currently the SVIP NAT module is statically linked into the Linux kernel + therefore this routine cannot be executed. + *******************************************************************************/ +static void __exit fini(void) +{ + MOD_DEC_USE_COUNT; + + /* unregister SVIP NAT configuration device */ + misc_deregister(&SVIP_NAT_miscdev); + + /* release memory of SVIP NAT table */ + if (pNatTable != NULL) + { + kfree (pNatTable); + } +} + +module_init(init); +module_exit(fini); |