inet::Ipv4NatTable Class Reference

#include <Ipv4NatTable.h>

Inheritance diagram for inet::Ipv4NatTable:

Public Member Functions
virtual	~Ipv4NatTable ()
virtual Result	datagramPreRoutingHook (Packet *datagram) override
	This is the first hook called by the network protocol before it routes a datagram that was received from the lower layer. More...
virtual Result	datagramForwardHook (Packet *datagram) override
	This is the second hook called by the network protocol before it sends a datagram to the lower layer. More...
virtual Result	datagramPostRoutingHook (Packet *datagram) override
	This is the last hook called by the network protocol before it sends a datagram to the lower layer. More...
virtual Result	datagramLocalInHook (Packet *datagram) override
	This is the last hook called by the network protocol before it sends a datagram to the upper layer. More...
virtual Result	datagramLocalOutHook (Packet *datagram) override
	This is the first hook called by the network protocol before it routes a datagram that was received from the upper layer. More...
Public Member Functions inherited from inet::NetfilterBase::HookBase
virtual	~HookBase ()
void	registeredTo (INetfilter *nf)
void	unregisteredFrom (INetfilter *nf)
bool	isRegisteredHook (INetfilter *nf)
Public Member Functions inherited from inet::INetfilter::IHook
virtual	~IHook ()

Protected Member Functions
virtual int	numInitStages () const override
virtual void	initialize (int stage) override
virtual void	handleMessage (cMessage *message) override
virtual void	parseConfig ()
virtual Result	processPacket (Packet *packet, INetfilter::IHook::Type type)

Protected Attributes
cXMLElement *	config = nullptr
ModuleRefByPar< INetfilter >	networkProtocol
std::multimap< INetfilter::IHook::Type, std::pair< PacketFilter *, Ipv4NatEntry > >	natEntries
Protected Attributes inherited from inet::NetfilterBase::HookBase
std::vector< INetfilter * >	netfilters

Additional Inherited Members
Public Types inherited from inet::INetfilter::IHook
enum	Type {   PREROUTING, LOCALIN, FORWARD, POSTROUTING,   LOCALOUT }
enum	Result { ACCEPT, DROP, QUEUE, STOLEN }

Constructor & Destructor Documentation

~Ipv4NatTable()

inet::Ipv4NatTable::~Ipv4NatTable ( )

virtual

{
    for (auto& it : natEntries)
        delete it.second.first;
}

Member Function Documentation

datagramForwardHook()

virtual Result inet::Ipv4NatTable::datagramForwardHook ( Packet *  datagram )

inlineoverridevirtual

This is the second hook called by the network protocol before it sends a datagram to the lower layer.

This is done after the datagramPreRoutingHook or the datagramLocalInHook is called and the datagram is routed.

Implements inet::INetfilter::IHook.

{ return processPacket(datagram, FORWARD); }

datagramLocalInHook()

virtual Result inet::Ipv4NatTable::datagramLocalInHook ( Packet *  datagram )

inlineoverridevirtual

This is the last hook called by the network protocol before it sends a datagram to the upper layer.

This is done after the datagramPreRoutingHook is called and the datagram is routed.

Implements inet::INetfilter::IHook.

{ return processPacket(datagram, LOCALIN); }

datagramLocalOutHook()

virtual Result inet::Ipv4NatTable::datagramLocalOutHook ( Packet *  datagram )

inlineoverridevirtual

This is the first hook called by the network protocol before it routes a datagram that was received from the upper layer.

The nextHopAddress is ignored when the outputNetworkInterface is a nullptr. After this is done

Implements inet::INetfilter::IHook.

{ return processPacket(datagram, LOCALOUT); }

datagramPostRoutingHook()

virtual Result inet::Ipv4NatTable::datagramPostRoutingHook ( Packet *  datagram )

inlineoverridevirtual

This is the last hook called by the network protocol before it sends a datagram to the lower layer.

Implements inet::INetfilter::IHook.

{ return processPacket(datagram, POSTROUTING); }

datagramPreRoutingHook()

virtual Result inet::Ipv4NatTable::datagramPreRoutingHook ( Packet *  datagram )

inlineoverridevirtual

This is the first hook called by the network protocol before it routes a datagram that was received from the lower layer.

The nextHopAddress is ignored when the outputNetworkInterface is nullptr.

Implements inet::INetfilter::IHook.

{ return processPacket(datagram, PREROUTING); }

handleMessage()

void inet::Ipv4NatTable::handleMessage ( cMessage *  message )

overrideprotectedvirtual

{
    throw cRuntimeError("This module can not handle messages");
}

initialize()

void inet::Ipv4NatTable::initialize ( int  stage )

overrideprotectedvirtual

{
    cSimpleModule::initialize(stage);
    if (stage == INITSTAGE_LOCAL) {
        config = par("config");
        networkProtocol.reference(this, "networkProtocolModule", true);
    }
    else if (stage == INITSTAGE_NETWORK_LAYER) {
        parseConfig();
        if (natEntries.size() != 0)
            networkProtocol->registerHook(0, this);
        auto text = std::to_string(natEntries.size()) + " entries";
        getDisplayString().setTagArg("t", 0, text.c_str());
    }
}

numInitStages()

virtual int inet::Ipv4NatTable::numInitStages ( ) const

inlineoverrideprotectedvirtual

{ return NUM_INIT_STAGES; }

parseConfig()

void inet::Ipv4NatTable::parseConfig ( )

protectedvirtual

{
    cXMLElementList xmlEntries = config->getChildrenByTagName("entry");
    for (auto& xmlEntry : xmlEntries) {
        // type
        const char *typeAttr = xmlEntry->getAttribute("type");
        INetfilter::IHook::Type type;
        if (!strcmp("prerouting", typeAttr))
            type = PREROUTING;
        else if (!strcmp("localin", typeAttr))
            type = LOCALIN;
        else if (!strcmp("forward", typeAttr))
            type = FORWARD;
        else if (!strcmp("postrouting", typeAttr))
            type = POSTROUTING;
        else if (!strcmp("localout", typeAttr))
            type = LOCALOUT;
        else
            throw cRuntimeError("Unknown type");
        // filter
        PacketFilter *packetFilter = new PacketFilter();
        const char *packetFilterAttr = xmlEntry->getAttribute("packetFilter");
        packetFilter->setExpression(packetFilterAttr != nullptr ? packetFilterAttr : "*");
        // NAT entry
        Ipv4NatEntry natEntry;
        const char *destAddressAttr = xmlEntry->getAttribute("destAddress");
        if (destAddressAttr != nullptr && *destAddressAttr != '\0')
            natEntry.setDestAddress(Ipv4Address(destAddressAttr));
        const char *destPortAttr = xmlEntry->getAttribute("destPort");
        if (destPortAttr != nullptr && *destPortAttr != '\0')
            natEntry.setDestPort(atoi(destPortAttr));
        const char *srcAddressAttr = xmlEntry->getAttribute("srcAddress");
        if (srcAddressAttr != nullptr && *srcAddressAttr != '\0')
            natEntry.setSrcAddress(Ipv4Address(srcAddressAttr));
        const char *srcPortAttr = xmlEntry->getAttribute("srcPort");
        if (srcPortAttr != nullptr && *srcPortAttr != '\0')
            natEntry.setSrcPort(atoi(srcPortAttr));
        // insert
        natEntries.insert({type, {packetFilter, natEntry}});
    }
}

Referenced by initialize().

processPacket()

INetfilter::IHook::Result inet::Ipv4NatTable::processPacket ( Packet *  packet, INetfilter::IHook::Type  type  )

protectedvirtual

{
    Enter_Method("processPacket");
    auto lt = natEntries.lower_bound(type);
    auto ut = natEntries.upper_bound(type);
    for (; lt != ut; lt++) {
        const auto& packetFilter = lt->second.first;
        const auto& natEntry = lt->second.second;
        // TODO this might be slow for too many filters
        if (packetFilter->matches(packet)) {
            auto& ipv4Header = removeNetworkProtocolHeader<Ipv4Header>(packet);
            if (!natEntry.getDestAddress().isUnspecified())
                ipv4Header->setDestAddress(natEntry.getDestAddress());
            if (!natEntry.getSrcAddress().isUnspecified())
                ipv4Header->setSrcAddress(natEntry.getSrcAddress());
            auto transportProtocol = ipv4Header->getProtocol();
#ifdef INET_WITH_UDP
            if (transportProtocol == &Protocol::udp) {
                auto& udpHeader = removeTransportProtocolHeader<UdpHeader>(packet);
                // TODO if (!Udp::verifyCrc(Protocol::ipv4, udpHeader, packet))
                auto udpData = packet->peekData();
                if (natEntry.getDestPort() != -1)
                    udpHeader->setDestPort(natEntry.getDestPort());
                if (natEntry.getSrcPort() != -1)
                    udpHeader->setSrcPort(natEntry.getSrcPort());
                Udp::insertCrc(&Protocol::ipv4, ipv4Header->getSrcAddress(), ipv4Header->getDestAddress(), udpHeader, packet);
                insertTransportProtocolHeader(packet, Protocol::udp, udpHeader);
            }
            else
#endif
#ifdef INET_WITH_TCP_COMMON
            if (transportProtocol == &Protocol::tcp) {
                auto& tcpHeader = removeTransportProtocolHeader<tcp::TcpHeader>(packet);
                // TODO if (!Tcp::verifyCrc(Protocol::ipv4, tcpHeader, packet))
                if (natEntry.getDestPort() != -1)
                    tcpHeader->setDestPort(natEntry.getDestPort());
                if (natEntry.getSrcPort() != -1)
                    tcpHeader->setSrcPort(natEntry.getSrcPort());
                tcp::TcpCrcInsertionHook::insertCrc(&Protocol::ipv4, ipv4Header->getSrcAddress(), ipv4Header->getDestAddress(), tcpHeader, packet);
                insertTransportProtocolHeader(packet, Protocol::tcp, tcpHeader);
            }
            else
#endif
                throw cRuntimeError("Unknown protocol: '%s'", transportProtocol ? transportProtocol->getName() : std::to_string((int)ipv4Header->getProtocolId()).c_str());
            insertNetworkProtocolHeader(packet, Protocol::ipv4, ipv4Header);
            break;
        }
    }
    return ACCEPT;
}

Member Data Documentation

config

cXMLElement* inet::Ipv4NatTable::config = nullptr

protected

Referenced by initialize(), and parseConfig().

natEntries

std::multimap<INetfilter::IHook::Type, std::pair<PacketFilter *, Ipv4NatEntry> > inet::Ipv4NatTable::natEntries

protected

Referenced by initialize(), parseConfig(), processPacket(), and ~Ipv4NatTable().

networkProtocol

ModuleRefByPar<INetfilter> inet::Ipv4NatTable::networkProtocol

protected

Referenced by initialize().

---

The documentation for this class was generated from the following files:

• Ipv4NatTable.h
• Ipv4NatTable.cc