This is an automated email from the ASF dual-hosted git repository. xiaoxiang pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nuttx.git
commit eb2bd58640974ced5beddb7c0d6735ed782da57a Author: zhanghongyu <[email protected]> AuthorDate: Tue Jul 29 20:00:31 2025 +0800 net/nat: replace net_lock with nat_lock(mutex) add a new API to protect access and operations on the NAT table Signed-off-by: zhanghongyu <[email protected]> --- net/nat/ipv4_nat.c | 7 +++++++ net/nat/ipv6_nat.c | 7 +++++++ net/nat/nat.c | 61 ++++++++++++++++++++++++++++++++++++++++-------------- net/nat/nat.h | 20 ++++++++++++++++++ 4 files changed, 80 insertions(+), 15 deletions(-) diff --git a/net/nat/ipv4_nat.c b/net/nat/ipv4_nat.c index d9bc41a9f6a..ffb71d442be 100644 --- a/net/nat/ipv4_nat.c +++ b/net/nat/ipv4_nat.c @@ -739,6 +739,8 @@ ipv4_nat_outbound_internal(FAR struct net_driver_s *dev, void ipv4_nat_inbound(FAR struct net_driver_s *dev, FAR struct ipv4_hdr_s *ipv4) { + nat_lock(); + /* We only process packets from NAT device and targeting at the address * assigned to the device. */ @@ -748,6 +750,8 @@ void ipv4_nat_inbound(FAR struct net_driver_s *dev, { ipv4_nat_inbound_internal(ipv4, NAT_MANIP_DST); } + + nat_unlock(); } /**************************************************************************** @@ -773,6 +777,8 @@ int ipv4_nat_outbound(FAR struct net_driver_s *dev, FAR struct ipv4_hdr_s *ipv4, enum nat_manip_type_e manip_type) { + nat_lock(); + /* We only process packets targeting at NAT device but not targeting at the * address assigned to the device. */ @@ -793,6 +799,7 @@ int ipv4_nat_outbound(FAR struct net_driver_s *dev, } } + nat_unlock(); return OK; } diff --git a/net/nat/ipv6_nat.c b/net/nat/ipv6_nat.c index 7ab4f55ab39..8348dbe7d6d 100644 --- a/net/nat/ipv6_nat.c +++ b/net/nat/ipv6_nat.c @@ -629,6 +629,8 @@ ipv6_nat_outbound_internal(FAR struct net_driver_s *dev, void ipv6_nat_inbound(FAR struct net_driver_s *dev, FAR struct ipv6_hdr_s *ipv6) { + nat_lock(); + /* We only process packets from NAT device and targeting at the address * assigned to the device. */ @@ -638,6 +640,8 @@ void ipv6_nat_inbound(FAR struct net_driver_s *dev, { ipv6_nat_inbound_internal(ipv6, NAT_MANIP_DST); } + + nat_unlock(); } /**************************************************************************** @@ -663,6 +667,8 @@ int ipv6_nat_outbound(FAR struct net_driver_s *dev, FAR struct ipv6_hdr_s *ipv6, enum nat_manip_type_e manip_type) { + nat_lock(); + /* We only process packets targeting at NAT device but not targeting at the * address assigned to the device. */ @@ -681,6 +687,7 @@ int ipv6_nat_outbound(FAR struct net_driver_s *dev, } } + nat_unlock(); return OK; } diff --git a/net/nat/nat.c b/net/nat/nat.c index 773425035a2..4ccc2d9700b 100644 --- a/net/nat/nat.c +++ b/net/nat/nat.c @@ -38,6 +38,12 @@ #ifdef CONFIG_NET_NAT +/**************************************************************************** + * Private Data + ****************************************************************************/ + +static mutex_t g_nat_lock = NXMUTEX_INITIALIZER; + /**************************************************************************** * Private Functions ****************************************************************************/ @@ -108,18 +114,15 @@ static uint16_t nat_port_select_without_stack( int nat_enable(FAR struct net_driver_s *dev) { - net_lock(); - + nat_lock(); if (IFF_IS_NAT(dev->d_flags)) { nwarn("WARNING: NAT was already enabled for %s!\n", dev->d_ifname); - net_unlock(); return -EEXIST; } IFF_SET_NAT(dev->d_flags); - - net_unlock(); + nat_unlock(); return OK; } @@ -140,12 +143,11 @@ int nat_enable(FAR struct net_driver_s *dev) int nat_disable(FAR struct net_driver_s *dev) { - net_lock(); - + nat_lock(); if (!IFF_IS_NAT(dev->d_flags)) { nwarn("WARNING: NAT was not enabled for %s!\n", dev->d_ifname); - net_unlock(); + nat_unlock(); return -ENODEV; } @@ -159,8 +161,7 @@ int nat_disable(FAR struct net_driver_s *dev) #endif IFF_CLR_NAT(dev->d_flags); - - net_unlock(); + nat_unlock(); return OK; } @@ -184,23 +185,27 @@ int nat_disable(FAR struct net_driver_s *dev) bool nat_port_inuse(uint8_t domain, uint8_t protocol, FAR const union ip_addr_u *ip, uint16_t port) { + bool ret = false; + + nat_lock(); #ifdef CONFIG_NET_NAT44 if (domain == PF_INET) { - return !!ipv4_nat_inbound_entry_find(protocol, ip->ipv4, port, - INADDR_ANY, 0, false); + ret = !!ipv4_nat_inbound_entry_find(protocol, ip->ipv4, port, + INADDR_ANY, 0, false); } #endif #ifdef CONFIG_NET_NAT66 if (domain == PF_INET6) { - return !!ipv6_nat_inbound_entry_find(protocol, ip->ipv6, port, - g_ipv6_unspecaddr, 0, false); + ret = !!ipv6_nat_inbound_entry_find(protocol, ip->ipv6, port, + g_ipv6_unspecaddr, 0, false); } #endif - return false; + nat_unlock(); + return ret; } /**************************************************************************** @@ -403,4 +408,30 @@ uint32_t nat_expire_time(uint8_t protocol) } } +/**************************************************************************** + * Name: nat_lock + * + * Description: + * Lock the NAT lock. + * + ****************************************************************************/ + +void nat_lock(void) +{ + nxmutex_lock(&g_nat_lock); +} + +/**************************************************************************** + * Name: nat_unlock + * + * Description: + * Unlock the NAT lock. + * + ****************************************************************************/ + +void nat_unlock(void) +{ + nxmutex_unlock(&g_nat_lock); +} + #endif /* CONFIG_NET_NAT */ diff --git a/net/nat/nat.h b/net/nat/nat.h index 3b966c3beeb..7ed03b37151 100644 --- a/net/nat/nat.h +++ b/net/nat/nat.h @@ -400,5 +400,25 @@ ipv6_nat_outbound_entry_find(FAR struct net_driver_s *dev, uint8_t protocol, uint16_t peer_port, bool try_create); #endif +/**************************************************************************** + * Name: nat_lock + * + * Description: + * Lock the NAT lock. + * + ****************************************************************************/ + +void nat_lock(void); + +/**************************************************************************** + * Name: nat_unlock + * + * Description: + * Unlock the NAT lock. + * + ****************************************************************************/ + +void nat_unlock(void); + #endif /* CONFIG_NET_NAT */ #endif /* __NET_NAT_NAT_H */
