mirrors/krata
1
0
Fork 0
mirror of https://github.com/edera-dev/krata.git synced 2025-11-03 07:19:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

network: nat now ignores local CIDRs and correctly represents ethernet addresses in the key

Browse Source
This commit is contained in:
Alex Zenla
2024-02-10 14:20:37 +00:00
parent d2136b5d8c
commit 6913e837f8
2 changed files with 28 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
network/src/backend.rs
View File

@ -117,7 +117,7 @@ impl NetworkBackend {
let mut udev = ChannelDevice::new(1500, tx_sender.clone()); let mut udev = ChannelDevice::new(1500, tx_sender.clone());
let mac = MacAddr6::random(); let mac = MacAddr6::random();
let mac = smoltcp::wire::EthernetAddress(mac.to_array()); let mac = smoltcp::wire::EthernetAddress(mac.to_array());
let nat = NatRouter::new(proxy, mac, tx_sender.clone()); let nat = NatRouter::new(proxy, mac, addresses.clone(), tx_sender.clone());
let mac = HardwareAddress::Ethernet(mac); let mac = HardwareAddress::Ethernet(mac);
let config = Config::new(mac); let config = Config::new(mac);
let mut iface = Interface::new(config, &mut udev, Instant::now()); let mut iface = Interface::new(config, &mut udev, Instant::now());

36
network/src/nat.rs
View File

@ -10,9 +10,10 @@ use etherparse::NetSlice;
use etherparse::SlicedPacket; use etherparse::SlicedPacket;
use etherparse::TcpHeaderSlice; use etherparse::TcpHeaderSlice;
use etherparse::UdpHeaderSlice; use etherparse::UdpHeaderSlice;
use log::debug; use log::{debug, trace};
use smoltcp::wire::EthernetAddress; use smoltcp::wire::EthernetAddress;
use smoltcp::wire::IpAddress; use smoltcp::wire::IpAddress;
use smoltcp::wire::IpCidr;
use smoltcp::wire::IpEndpoint; use smoltcp::wire::IpEndpoint;
use std::collections::hash_map::Entry; use std::collections::hash_map::Entry;
use std::collections::HashMap; use std::collections::HashMap;
@ -74,7 +75,8 @@ impl NatTable {
} }
pub struct NatRouter { pub struct NatRouter {
_local_mac: EthernetAddress, local_mac: EthernetAddress,
local_cidrs: Vec<IpCidr>,
factory: Box<dyn NatHandlerFactory>, factory: Box<dyn NatHandlerFactory>,
table: NatTable, table: NatTable,
tx_sender: Sender<Vec<u8>>, tx_sender: Sender<Vec<u8>>,
@ -85,12 +87,14 @@ pub struct NatRouter {
impl NatRouter { impl NatRouter {
pub fn new( pub fn new(
factory: Box<dyn NatHandlerFactory>, factory: Box<dyn NatHandlerFactory>,
mac: EthernetAddress, local_mac: EthernetAddress,
local_cidrs: Vec<IpCidr>,
tx_sender: Sender<Vec<u8>>, tx_sender: Sender<Vec<u8>>,
) -> Self { ) -> Self {
let (reclaim_sender, reclaim_receiver) = channel(4); let (reclaim_sender, reclaim_receiver) = channel(4);
Self { Self {
_local_mac: mac, local_mac,
local_cidrs,
factory, factory,
table: NatTable::new(), table: NatTable::new(),
tx_sender, tx_sender,
@ -119,7 +123,15 @@ impl NatRouter {
return Ok(()); return Ok(());
}; };
let _mac = EthernetAddress(ether.destination()); let mac = EthernetAddress(ether.destination());
if mac != self.local_mac {
trace!(
"received packet with destination {} which is not the local mac {}",
mac,
self.local_mac
);
return Ok(());
}
let Some(ref net) = packet.net else { let Some(ref net) = packet.net else {
return Ok(()); return Ok(());
@ -196,8 +208,8 @@ impl NatRouter {
let dest = IpEndpoint::new(dest_addr, header.destination_port()); let dest = IpEndpoint::new(dest_addr, header.destination_port());
let key = NatKey { let key = NatKey {
protocol: NatKeyProtocol::Tcp, protocol: NatKeyProtocol::Tcp,
client_mac: EthernetAddress(ether.destination()), client_mac: EthernetAddress(ether.source()),
local_mac: EthernetAddress(ether.source()), local_mac: EthernetAddress(ether.destination()),
client_ip: source, client_ip: source,
external_ip: dest, external_ip: dest,
}; };
@ -218,8 +230,8 @@ impl NatRouter {
let dest = IpEndpoint::new(dest_addr, header.destination_port()); let dest = IpEndpoint::new(dest_addr, header.destination_port());
let key = NatKey { let key = NatKey {
protocol: NatKeyProtocol::Udp, protocol: NatKeyProtocol::Udp,
client_mac: EthernetAddress(ether.destination()), client_mac: EthernetAddress(ether.source()),
local_mac: EthernetAddress(ether.source()), local_mac: EthernetAddress(ether.destination()),
client_ip: source, client_ip: source,
external_ip: dest, external_ip: dest,
}; };
@ -228,6 +240,12 @@ impl NatRouter {
} }
pub async fn process_nat(&mut self, data: &[u8], key: NatKey) -> Result<()> { pub async fn process_nat(&mut self, data: &[u8], key: NatKey) -> Result<()> {
for cidr in &self.local_cidrs {
if cidr.contains_addr(&key.external_ip.addr) {
return Ok(());
}
}
let handler: Option<&mut Box<dyn NatHandler>> = match self.table.inner.entry(key) { let handler: Option<&mut Box<dyn NatHandler>> = match self.table.inner.entry(key) {
Entry::Occupied(entry) => Some(entry.into_mut()), Entry::Occupied(entry) => Some(entry.into_mut()),
Entry::Vacant(entry) => { Entry::Vacant(entry) => {