1.1 --- a/src/internet-stack/ipv4-netfilter.cc Fri Jul 31 00:57:33 2009 +0600
1.2 +++ b/src/internet-stack/ipv4-netfilter.cc Thu Aug 06 01:55:49 2009 +0600
1.3 @@ -18,18 +18,38 @@
1.4 * Author: Qasim Javed <qasim@utdallas.edu>
1.5 */
1.6 #include "ns3/log.h"
1.7 +#include "ns3/uinteger.h"
1.8 #include "ipv4-netfilter.h"
1.9 #include "ip-conntrack-info.h"
1.10 #include "ipv4-conntrack-l3-protocol.h"
1.11 #include "tcp-conntrack-l4-protocol.h"
1.12 #include "udp-conntrack-l4-protocol.h"
1.13 #include "icmpv4-conntrack-l4-protocol.h"
1.14 +#include "tcp-header.h"
1.15 +#include "udp-header.h"
1.16
1.17 NS_LOG_COMPONENT_DEFINE ("Ipv4Netfilter");
1.18
1.19 namespace ns3 {
1.20 +
1.21 +NS_OBJECT_ENSURE_REGISTERED (Ipv4Netfilter);
1.22 +
1.23 +TypeId
1.24 +Ipv4Netfilter::GetTypeId (void)
1.25 +{
1.26 + static TypeId tId = TypeId ("ns3::Ipv4Netfilter")
1.27 + .SetParent<Object> ()
1.28 + .AddAttribute ("EnableNat", "0 disbales NAT and is the default, 1 enabled NAT",
1.29 + UintegerValue (0),
1.30 + MakeUintegerAccessor (&Ipv4Netfilter::m_enableNat),
1.31 + MakeUintegerChecker <uint8_t> ())
1.32 + ;
1.33 +
1.34 + return tId;
1.35 +}
1.36
1.37 Ipv4Netfilter::Ipv4Netfilter ()
1.38 + : m_enableNat (0)
1.39 {
1.40 NS_LOG_FUNCTION_NOARGS();
1.41
1.42 @@ -52,23 +72,31 @@
1.43 /* Create and register ICMP connection tracking module */
1.44 Ptr<Icmpv4ConntrackL4Protocol> icmpv4 = Create<Icmpv4ConntrackL4Protocol> ();
1.45 this->RegisterL4Protocol (icmpv4);
1.46 +
1.47 + //Ptr <NetworkAddressTranslation> networkAddressTranslation = Create<NetworkAddressTranslation> (this);
1.48
1.49 /* Create and register hook callbacks */
1.50 NetfilterHookCallback preRouting = MakeCallback (&Ipv4Netfilter::NetfilterConntrackIn, this);
1.51 NetfilterHookCallback localIn = MakeCallback (&Ipv4ConntrackL3Protocol::Ipv4Confirm, PeekPointer (ipv4));
1.52
1.53 - Ipv4NetfilterHook nfh = Ipv4NetfilterHook (1, NF_INET_PRE_ROUTING, 1, preRouting);
1.54 - Ipv4NetfilterHook nfh1 = Ipv4NetfilterHook (1, NF_INET_LOCAL_OUT, 1, preRouting);
1.55 - Ipv4NetfilterHook nfh2 = Ipv4NetfilterHook (1, NF_INET_POST_ROUTING, 1, localIn);
1.56 - Ipv4NetfilterHook nfh3 = Ipv4NetfilterHook (1, NF_INET_LOCAL_IN, 1, localIn);
1.57 + Ipv4NetfilterHook nfh = Ipv4NetfilterHook (1, NF_INET_PRE_ROUTING, NF_IP_PRI_CONNTRACK , preRouting);
1.58 + Ipv4NetfilterHook nfh1 = Ipv4NetfilterHook (1, NF_INET_LOCAL_OUT, NF_IP_PRI_CONNTRACK, preRouting);
1.59 + Ipv4NetfilterHook nfh2 = Ipv4NetfilterHook (1, NF_INET_POST_ROUTING, NF_IP_PRI_CONNTRACK_CONFIRM, localIn);
1.60 + Ipv4NetfilterHook nfh3 = Ipv4NetfilterHook (1, NF_INET_LOCAL_IN, NF_IP_PRI_CONNTRACK_CONFIRM, localIn);
1.61 +
1.62 this->RegisterNetfilterHook (nfh);
1.63 this->RegisterNetfilterHook (nfh1);
1.64 this->RegisterNetfilterHook (nfh2);
1.65 this->RegisterNetfilterHook (nfh3);
1.66 +
1.67 + if (m_enableNat)
1.68 + EnableNat ();
1.69 +
1.70 + nextAvailablePort = 1024;
1.71 }
1.72
1.73 uint32_t
1.74 -Ipv4Netfilter::RegisterNetfilterHook (Ipv4NetfilterHook& hook)
1.75 +Ipv4Netfilter::RegisterNetfilterHook (Ipv4NetfilterHook hook)
1.76 {
1.77 //NS_LOG_FUNCTION (this << hook);
1.78 m_netfilterHooks[hook.GetHookNumber ()].Insert (hook);
1.79 @@ -138,13 +166,10 @@
1.80 }
1.81
1.82 int
1.83 -Ipv4Netfilter::UpdateConntrackStatus (NetfilterConntrackTuple tuple, uint32_t status)
1.84 +Ipv4Netfilter::UpdateConntrackInfo (uint8_t info)
1.85 {
1.86 - uint32_t curStatus1 = m_netfilterTupleHash[IP_CT_DIR_ORIGINAL][tuple].GetStatus ();
1.87 - m_netfilterTupleHash[IP_CT_DIR_ORIGINAL][tuple].SetStatus (curStatus1 | status);
1.88 - uint32_t curStatus2 = m_netfilterTupleHash[IP_CT_DIR_REPLY][tuple].GetStatus ();
1.89 - m_netfilterTupleHash[IP_CT_DIR_REPLY][tuple].SetStatus (curStatus2 | status);
1.90 -
1.91 + m_hash[currentOriginalTuple].SetInfo (info);
1.92 + m_hash[currentReplyTuple].SetInfo (info);
1.93 return 0;
1.94 }
1.95
1.96 @@ -206,7 +231,7 @@
1.97 NS_LOG_FUNCTION (this << packet);
1.98 //NetfilterConntrackTuple tuple (ipHeader.GetSource(), 0, ipHeader.GetDestination(), 0);
1.99 NetfilterConntrackTuple tuple;
1.100 - uint8_t conntrackInfo;
1.101 + uint8_t conntrackInfo = 0;
1.102
1.103 /* Get a tuple from the information in the packet */
1.104 if (!NetfilterConntrackGetTuple (packet, protocolFamily, protocol, tuple, l3Protocol, l4Protocol))
1.105 @@ -223,6 +248,14 @@
1.106 //TupleHashI newIt = NewConnection(tuple, l3Protocol, l4Protocol, packet);
1.107 it = NewConnection (tuple, l3Protocol, l4Protocol, packet);
1.108 }
1.109 +
1.110 + NetfilterConntrackTuple replyTuple;
1.111 +
1.112 + if (!InvertTuple (replyTuple, tuple, l3Protocol, l4Protocol))
1.113 + return -1;
1.114 +
1.115 + currentOriginalTuple = tuple;
1.116 + currentReplyTuple = replyTuple;
1.117
1.118 /* TODO: Add a pointer to the hashed tuple in IpConntrackInfo()
1.119 * and store these tuples somehwere, when you destruct then you
1.120 @@ -236,7 +269,8 @@
1.121 setReply = 1;
1.122 } else {
1.123 NS_LOG_DEBUG (":: Packet is in the original direction ::");
1.124 - if ( m_hash[tuple].GetStatus () & IPS_SEEN_REPLY_BIT) {
1.125 + if ( m_hash[tuple].GetStatus () & IPS_SEEN_REPLY) {
1.126 + NS_LOG_DEBUG (":: Connection ESTABLISHED! ::");
1.127 conntrackInfo = IP_CT_ESTABLISHED;
1.128 }
1.129 else {
1.130 @@ -245,7 +279,10 @@
1.131 }
1.132
1.133 }
1.134 - NS_LOG_DEBUG ("Adding the conntrack packet tag" );
1.135 +
1.136 + m_unconfirmed[tuple].SetInfo (conntrackInfo);
1.137 + //UpdateConntrackInfo (conntrackInfo);
1.138 + /*NS_LOG_DEBUG ("Adding the conntrack packet tag" );
1.139 ConntrackTag ctTag;
1.140 bool tagFound = packet->PeekPacketTag (ctTag);
1.141
1.142 @@ -253,6 +290,7 @@
1.143 packet->AddPacketTag (ConntrackTag (conntrackInfo));
1.144 else
1.145 NS_LOG_DEBUG ("Tag already present");
1.146 + */
1.147
1.148 return NF_ACCEPT;
1.149
1.150 @@ -286,6 +324,13 @@
1.151 // Call layer 4 Packet callback
1.152 //uint32_t ret = l4proto->packet(packet, protocolFamily, hookNumber);
1.153
1.154 + if (setReply)
1.155 + {
1.156 + NS_LOG_DEBUG ("Setting IPS_SEEN_REPLY");
1.157 + m_hash[currentOriginalTuple].SetStatus ( IPS_SEEN_REPLY );
1.158 + m_hash[currentReplyTuple].SetStatus ( IPS_SEEN_REPLY );
1.159 + }
1.160 +
1.161 return NF_ACCEPT;
1.162
1.163 }
1.164 @@ -299,61 +344,187 @@
1.165 /* If this packet has been seen previously, Ignore. */
1.166
1.167 /* Find layer 3 helper for this packet */
1.168 - Ptr<NetfilterConntrackL3Protocol> l3proto = FindL3ProtocolHelper (1);
1.169 + /*Ptr<NetfilterConntrackL3Protocol> l3proto = FindL3ProtocolHelper (1);
1.170
1.171 - Ipv4Header ipHeader;
1.172 + Ipv4Header ipHeader;
1.173
1.174 //packet->RemoveHeader(ipHeader);
1.175 packet->PeekHeader (ipHeader);
1.176
1.177 NS_LOG_DEBUG ( "IP header protocol: " << (int)ipHeader.GetProtocol ());
1.178 -
1.179 +
1.180 Ptr<NetfilterConntrackL4Protocol> l4proto = FindL4ProtocolHelper (ipHeader.GetProtocol ());
1.181 -
1.182 - NetfilterConntrackTuple orig;
1.183 -
1.184 +
1.185 + NetfilterConntrackTuple orig;*/
1.186 +
1.187 /* Get a tuple from the information in the packet */
1.188 - if (!NetfilterConntrackGetTuple (packet, 1, ipHeader.GetProtocol (), orig, l3proto, l4proto))
1.189 - {
1.190 + /*if (!NetfilterConntrackGetTuple (packet, 1, ipHeader.GetProtocol (), orig, l3proto, l4proto))
1.191 + {
1.192 NS_LOG_DEBUG ("Cannot create a tuple from the packet");
1.193 return -1;
1.194 - }
1.195 -
1.196 - NetfilterConntrackTuple reply;
1.197 + }
1.198
1.199 - InvertTuple (reply, orig, l3proto, l4proto);
1.200 + NetfilterConntrackTuple reply;
1.201 +
1.202 +
1.203 + InvertTuple (reply, orig, l3proto, l4proto);
1.204 +
1.205 + currentOriginalTuple = orig;
1.206 + currentReplyTuple = reply;
1.207 +
1.208 + NS_LOG_DEBUG ("Current Original Tuple: " << currentOriginalTuple.GetSource () << ", " << currentOriginalTuple.GetDestination ());
1.209 + NS_LOG_DEBUG ("Current Reply Tuple: " << currentReplyTuple.GetSource () << ", " << currentReplyTuple.GetDestination ());
1.210 + //currentTuple[IP_CT_DIR_REPLY] = reply;*/
1.211
1.212 /**************************/
1.213
1.214 - ConntrackTag ctTag;
1.215 + /*ConntrackTag ctTag;
1.216
1.217 - if (!packet->PeekPacketTag (ctTag))
1.218 - {
1.219 + if (!packet->PeekPacketTag (ctTag))
1.220 + {
1.221 NS_LOG_DEBUG ("ConntrackTag not found");
1.222 return 0;
1.223 - }
1.224 - else {
1.225 + }
1.226 + else {
1.227 if ( CTINFO2DIR (ctTag.GetConntrack ()) != IP_CT_DIR_ORIGINAL)
1.228 - return 0;
1.229 + return 0;
1.230
1.231 if (m_hash.find (orig) != m_hash.end () && m_hash.find (reply) != m_hash.end () )
1.232 {
1.233 - NS_LOG_DEBUG ("Entries already present!");
1.234 - return NF_DROP;
1.235 + NS_LOG_DEBUG ("Entries already present!");
1.236 + return NF_DROP;
1.237 }
1.238
1.239 NS_LOG_DEBUG ("Creating confirmed hash entries");
1.240 - //m_hash[orig] = IpConntrackInfo().SetStatus(IPS_CONFIRMED);
1.241 - m_hash[orig] = IpConntrackInfo ();
1.242 - m_hash[reply] = IpConntrackInfo ();
1.243 + //m_hash[orig] = IpConntrackInfo().SetStatus(IPS_CONFIRMED);
1.244 + m_hash[orig] = IpConntrackInfo ();
1.245 + m_hash[reply] = IpConntrackInfo ();
1.246
1.247 + }*/
1.248 +
1.249 + if ( CTINFO2DIR (m_unconfirmed[currentOriginalTuple].GetInfo ()) != IP_CT_DIR_ORIGINAL)
1.250 + {
1.251 + NS_LOG_DEBUG ("Not a packet in the original direction");
1.252 + return NF_ACCEPT;
1.253 }
1.254
1.255 - //packet->AddHeader(ipHeader);
1.256 + /*if (m_hash.find (currentOriginalTuple) != m_hash.end () && m_hash.find (currentReplyTuple) != m_hash.end () )
1.257 + {
1.258 + NS_LOG_DEBUG ("Entries already present!");
1.259 + return NF_DROP;
1.260 + }*/
1.261 +
1.262 + NS_LOG_DEBUG ("Creating confirmed hash entries");
1.263 + m_hash[currentOriginalTuple] = m_unconfirmed[currentOriginalTuple];
1.264 + m_hash[currentReplyTuple] = m_unconfirmed[currentOriginalTuple];
1.265
1.266 return 0;
1.267 }
1.268
1.269 +uint32_t
1.270 +Ipv4Netfilter::NetfilterDoNat (Hooks_t hookNumber, Ptr<Packet> p,
1.271 + Ptr<NetDevice> in, Ptr<NetDevice> out, ContinueCallback& ccb)
1.272 +{
1.273 + NS_LOG_FUNCTION ( this << p );
1.274 + /*ConntrackTag ctTag;
1.275 +
1.276 + bool found = p->PeekPacketTag (ctTag);
1.277 +
1.278 + if (!found)
1.279 + {
1.280 + NS_LOG_DEBUG ("Conntrack tag not found");
1.281 + return NF_ACCEPT;
1.282 + }*/
1.283 +
1.284 + /* Conntrack has a higher priority so currentOriginalTuple and
1.285 + * currentReply tuple should always be correct
1.286 + */
1.287 +
1.288 + //std::vector<NatRule>::iterator it = FindNatDevice (out);
1.289 +
1.290 + /*if (it == m_natRules.end ())
1.291 + {
1.292 + NS_LOG_DEBUG ("No NAT rule for device " << out->GetId ());
1.293 + return NF_ACCEPT;
1.294 + }*/
1.295 +
1.296 + NS_LOG_DEBUG ("Current Original Tuple: " << currentOriginalTuple.GetSource () << ", " << currentOriginalTuple.GetDestination ());
1.297 + NS_LOG_DEBUG ("Current Reply Tuple: " << currentReplyTuple.GetSource () << ", " << currentReplyTuple.GetDestination ());
1.298 +
1.299 + NS_LOG_DEBUG ("ConntrackInfo: " << (uint16_t)m_unconfirmed[currentOriginalTuple].GetInfo () );
1.300 +
1.301 + /* TODO: Why are you checking m_hash here when the info is in
1.302 + * m_unconfirmed. This could be a problem because NAT is sandwiched
1.303 + * between conntrack hook callbacks
1.304 + */
1.305 + switch (m_unconfirmed[currentOriginalTuple].GetInfo ())
1.306 + {
1.307 + case IP_CT_RELATED:
1.308 + case IP_CT_RELATED + IP_CT_IS_REPLY:
1.309 + /* This should be updated when "expectations" are added */
1.310 + break;
1.311 +
1.312 + case IP_CT_NEW:
1.313 +
1.314 + if ( hookNumber == NF_INET_POST_ROUTING )
1.315 + {
1.316 + NS_LOG_DEBUG ("SRC_NAT: New Connection encountered");
1.317 +
1.318 + TupleHashI it;
1.319 +
1.320 +
1.321 + if ( (it = m_hash.find (currentOriginalTuple)) != m_hash.end ())
1.322 + {
1.323 + if ( !((it->second).GetStatus () & IPS_SRC_NAT_DONE) )
1.324 + {
1.325 + /* Get a unique tuple and create a mapping */
1.326 +
1.327 + NS_LOG_DEBUG ("Doing rule lookup at device " << out->GetIfIndex ());
1.328 + std::vector<NatRule>::iterator it =
1.329 + FindNatRule ( Ipv4Address (currentOriginalTuple.GetSource ()), out );
1.330 +
1.331 + if ( it == m_natRules.end () )
1.332 + {
1.333 + NS_LOG_DEBUG ("No rule matched!");
1.334 + return NF_ACCEPT;
1.335 + }
1.336 +
1.337 + NS_LOG_DEBUG ("Creating a NAT mapping");
1.338 +
1.339 + /* Create a NULL mapping, which does not contain port numbers */
1.340 + NetfilterConntrackTuple mapping =
1.341 + NetfilterConntrackTuple (it->GetMangledSource (), nextAvailablePort,
1.342 + currentOriginalTuple.GetDestination (), 9);
1.343 + mapping.SetDirection (IP_CT_DIR_ORIGINAL);
1.344 + nextAvailablePort++;
1.345 +
1.346 + NS_LOG_DEBUG ("Creating a NAT mapping for the tuple " << currentOriginalTuple
1.347 + << ": " << mapping );
1.348 + m_natMappings[currentOriginalTuple] = mapping;
1.349 + m_natReplyLookup[mapping] = currentOriginalTuple;
1.350 + }
1.351 +
1.352 +
1.353 + NS_LOG_DEBUG (":: Translating addresses and fixing IP checksum ::");
1.354 + NetfilterNatPacket (hookNumber, p);
1.355 + }
1.356 + else
1.357 + NS_LOG_DEBUG ("BUG: currentTuple non-existent in hash!");
1.358 + }
1.359 +
1.360 + break;
1.361 +
1.362 + default:
1.363 + NS_LOG_DEBUG ("SRC_NAT: Connection is established!");
1.364 + NS_LOG_DEBUG (":: Translating addresses and fixing IP checksum ::");
1.365 + NetfilterNatPacket (hookNumber, p);
1.366 +
1.367 + }
1.368 +
1.369 +
1.370 + return NF_ACCEPT;
1.371 +}
1.372 +
1.373 bool
1.374 Ipv4Netfilter::InvertTuple (NetfilterConntrackTuple& inverse, NetfilterConntrackTuple& orig,
1.375 Ptr<NetfilterConntrackL3Protocol> l3Protocol,
1.376 @@ -369,31 +540,188 @@
1.377 return l4Protocol->InvertTuple (inverse, orig);
1.378
1.379 }
1.380 +
1.381 +TupleHash&
1.382 +Ipv4Netfilter::GetHash ()
1.383 +{
1.384 + return m_hash;
1.385 +}
1.386 +
1.387 +void
1.388 +Ipv4Netfilter::AddNatRule (NatRule natRule)
1.389 +{
1.390 + m_natRules.push_back (natRule);
1.391 +}
1.392
1.393 -/*uint32_t
1.394 -Ipv4Netfilter::Ipv4Confirm(Hooks_t hookNumber, Ptr<Packet> packet, Ptr<NetDevice> in,
1.395 - Ptr<NetDevice> out, ContinueCallback& ccb)
1.396 +std::vector<NatRule>::iterator
1.397 +Ipv4Netfilter::FindNatRule (NatRule natRule)
1.398 {
1.399 - NS_LOG_DEBUG (":: Executing hook function Ipv4Confirm ::");
1.400 - ConntrackTag ctinfo;
1.401 - bool tagFound = packet->PeekPacketTag(ctinfo);
1.402 + std::vector<NatRule>::iterator it = m_natRules.begin ();
1.403
1.404 - if (!tagFound || ctinfo.GetConntrack() == IP_CT_RELATED + IP_CT_IS_REPLY)
1.405 + for ( ; it != m_natRules.end (); it++)
1.406 {
1.407 - NS_LOG_DEBUG ("Conntrack tag not found");
1.408 - return 0;
1.409 + if ( *it == natRule )
1.410 + return it;
1.411 }
1.412
1.413 - // Call conntrack helper here
1.414 + return m_natRules.end ();
1.415 +}
1.416
1.417 - // NetfilterConntrackConfirm
1.418 - NS_LOG_DEBUG ("Invoking the ContinueCallback");
1.419 - ccb (packet);
1.420 +std::vector<NatRule>::iterator
1.421 +Ipv4Netfilter::FindNatRule (Ipv4Address orig, Ptr<NetDevice> out)
1.422 +{
1.423 + std::vector<NatRule>::iterator it = m_natRules.begin ();
1.424
1.425 + NS_LOG_DEBUG ("Number of rules: " << m_natRules.size () );
1.426 + NS_LOG_DEBUG ("Orig: " << orig );
1.427
1.428 + for ( ; it != m_natRules.end (); it++)
1.429 + {
1.430 + NS_LOG_DEBUG ("Rule source: " << it->GetOriginalSource () << ", passed in source: " << orig);
1.431 + NS_LOG_DEBUG ("Rule device: " << it->GetDevice () << ", passed in dev: " << out);
1.432 + if ( it->GetOriginalSource () == orig && it->GetDevice () == out)
1.433 + {
1.434 + NS_LOG_DEBUG ("Rule match found!");
1.435 + return it;
1.436 + }
1.437 + }
1.438
1.439 + return m_natRules.end ();
1.440 +}
1.441 +
1.442 +void
1.443 +Ipv4Netfilter::EnableNat ()
1.444 +{
1.445 + m_enableNat = 1;
1.446
1.447 - return 0;
1.448 -}*/
1.449 + NS_LOG_DEBUG (":: Enabling NAT ::");
1.450 +
1.451 + NetfilterHookCallback doNat = MakeCallback (&Ipv4Netfilter::NetfilterDoNat, this);
1.452 +
1.453 + Ipv4NetfilterHook natCallback1 = Ipv4NetfilterHook (1, NF_INET_POST_ROUTING, NF_IP_PRI_NAT_SRC, doNat);
1.454 + Ipv4NetfilterHook natCallback2 = Ipv4NetfilterHook (1, NF_INET_PRE_ROUTING, NF_IP_PRI_NAT_DST, doNat);
1.455 +
1.456 +
1.457 + this->RegisterNetfilterHook (natCallback1);
1.458 + this->RegisterNetfilterHook (natCallback2);
1.459 +}
1.460 +
1.461 +uint32_t
1.462 +Ipv4Netfilter::NetfilterNatPacket (Hooks_t hookNumber, Ptr<Packet> p)
1.463 +{
1.464 + NS_LOG_FUNCTION ( this << p );
1.465 + Ipv4Header ipHeader;
1.466 + uint16_t dstPort; //, srcPort;
1.467 + Ipv4Address dstAddress, srcAddress;
1.468 +
1.469 + p->RemoveHeader (ipHeader);
1.470 +
1.471 + uint16_t protocol = ipHeader.GetProtocol ();
1.472 +
1.473 + if (hookNumber == NF_INET_POST_ROUTING)
1.474 + {
1.475 + NetfilterConntrackTuple mapped = m_natMappings[currentOriginalTuple];
1.476 +
1.477 + ipHeader.SetSource (mapped.GetSource ());
1.478 +
1.479 + if (protocol == IPPROTO_TCP)
1.480 + {
1.481 + TcpHeader tcpHeader;
1.482 +
1.483 + p->RemoveHeader (tcpHeader);
1.484 +
1.485 + tcpHeader.SetSourcePort (mapped.GetSourcePort ());
1.486 +
1.487 + p->AddHeader (tcpHeader);
1.488 +
1.489 + }
1.490 + else
1.491 + {
1.492 + UdpHeader udpHeader;
1.493 +
1.494 + p->RemoveHeader (udpHeader);
1.495 +
1.496 + udpHeader.SetSourcePort (mapped.GetSourcePort ());
1.497 +
1.498 + p->AddHeader (udpHeader);
1.499 + }
1.500 +
1.501 + p->AddHeader (ipHeader);
1.502 +
1.503 + NetfilterConntrackTuple oldOriginalTuple = currentOriginalTuple;
1.504 +
1.505 +
1.506 + currentOriginalTuple = NetfilterConntrackTuple (mapped.GetSource(), mapped.GetSourcePort (),
1.507 + currentOriginalTuple.GetDestination (),
1.508 + currentOriginalTuple.GetDestinationPort ());
1.509 +
1.510 + currentOriginalTuple.SetDirection (IP_CT_DIR_ORIGINAL);
1.511 +
1.512 + currentReplyTuple = NetfilterConntrackTuple (currentOriginalTuple.GetDestination (),
1.513 + currentOriginalTuple.GetDestinationPort (),
1.514 + mapped.GetSource (), mapped.GetSourcePort ());
1.515 +
1.516 + currentReplyTuple.SetDirection (IP_CT_DIR_REPLY);
1.517 +
1.518 + std::cout <<" New Original Tuple: " << currentOriginalTuple << std::endl;
1.519 + std::cout <<" New Reply Tuple: " << currentReplyTuple << std::endl;
1.520 +
1.521 + m_unconfirmed[currentOriginalTuple] = m_unconfirmed[oldOriginalTuple];
1.522 +
1.523 + }
1.524 + else if (hookNumber == NF_INET_PRE_ROUTING)
1.525 + {
1.526 + NS_LOG_DEBUG ("Mapping back to LAN address");
1.527 + //NetfilterConntrackTuple mapped = m_natMappings[currentReplyTuple];
1.528 + NetfilterConntrackTuple temp = currentReplyTuple;
1.529 + temp.SetDirection (IP_CT_DIR_ORIGINAL);
1.530 + TranslationMapI transIt = m_natReplyLookup.find (temp);
1.531 +
1.532 + if (transIt == m_natMappings.end ())
1.533 + {
1.534 + NS_LOG_DEBUG ("No such mapping found!");
1.535 + return NF_ACCEPT;
1.536 + }
1.537 +
1.538 + dstPort = (transIt->second).GetSourcePort ();
1.539 + dstAddress = (transIt->second).GetSource ();
1.540 +
1.541 + currentOriginalTuple = NetfilterConntrackTuple ((transIt->second).GetSource (), (transIt->second).GetSourcePort (), dstAddress, dstPort);
1.542 + currentReplyTuple = NetfilterConntrackTuple (dstAddress, dstPort, (transIt->second).GetSource (), (transIt->second).GetSourcePort ());
1.543 +
1.544 + NS_LOG_DEBUG ("Setting Destination IP address to : " << dstAddress);
1.545 + ipHeader.SetDestination (dstAddress);
1.546 +
1.547 + if (protocol == IPPROTO_TCP)
1.548 + {
1.549 + TcpHeader tcpHeader;
1.550 +
1.551 + p->RemoveHeader (tcpHeader);
1.552 +
1.553 + tcpHeader.SetDestinationPort (dstPort);
1.554 +
1.555 + p->AddHeader (tcpHeader);
1.556 +
1.557 + }
1.558 + else
1.559 + {
1.560 + UdpHeader udpHeader;
1.561 +
1.562 + p->RemoveHeader (udpHeader);
1.563 +
1.564 + udpHeader.SetDestinationPort (dstPort);
1.565 + NS_LOG_DEBUG ("Setting destination port to: " << dstPort);
1.566 +
1.567 + p->AddHeader (udpHeader);
1.568 + }
1.569 +
1.570 + p->AddHeader (ipHeader);
1.571 + }
1.572 +
1.573 +
1.574 +
1.575 + return NF_ACCEPT;
1.576 +
1.577 +}
1.578
1.579 } // Namespace ns3