1
0
mirror of git://projects.qi-hardware.com/openwrt-xburst.git synced 2024-12-18 18:55:32 +02:00
openwrt-xburst/target/linux/lantiq/files-3.3/net/ipv4/svip_nat.c

1570 lines
41 KiB
C
Raw Normal View History

/******************************************************************************
Copyright (c) 2009
Lantiq Deutschland GmbH
Am Campeon 3; 81726 Munich, Germany
THE DELIVERY OF THIS SOFTWARE AS WELL AS THE HEREBY GRANTED NON-EXCLUSIVE,
WORLDWIDE LICENSE TO USE, COPY, MODIFY, DISTRIBUTE AND SUBLICENSE THIS
SOFTWARE IS FREE OF CHARGE.
THE LICENSED SOFTWARE IS PROVIDED "AS IS" AND INFINEON EXPRESSLY DISCLAIMS
ALL REPRESENTATIONS AND WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING
WITHOUT LIMITATION, WARRANTIES OR REPRESENTATIONS OF WORKMANSHIP,
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, DURABILITY, THAT THE
OPERATING OF THE LICENSED SOFTWARE WILL BE ERROR FREE OR FREE OF ANY THIRD
PARTY CLAIMS, INCLUDING WITHOUT LIMITATION CLAIMS OF THIRD PARTY INTELLECTUAL
PROPERTY INFRINGEMENT.
EXCEPT FOR ANY LIABILITY DUE TO WILFUL ACTS OR GROSS NEGLIGENCE AND EXCEPT
FOR ANY PERSONAL INJURY INFINEON SHALL IN NO EVENT BE LIABLE FOR ANY CLAIM
OR DAMAGES OF ANY KIND, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.
****************************************************************************
Description : This file contains implementation of Custom NAT function
for Infineon's VINETIC-SVIP16
*******************************************************************************/
#include <linux/module.h>
#include <linux/netfilter_ipv4.h>
#include <linux/if_ether.h>
#include <linux/netdevice.h>
#include <linux/inetdevice.h>
#include <linux/in.h>
#include <linux/ip.h>
#include <linux/if_vlan.h>
#include <linux/udp.h>
#include <linux/kernel.h>
#include <linux/version.h>
#include <linux/proc_fs.h>
#include <linux/in6.h> /* just to shut up a warning */
#include <linux/miscdevice.h>
#include <asm/checksum.h>
#include <linux/svip_nat.h>
MODULE_AUTHOR("Lantiq Deutschland GmbH");
MODULE_DESCRIPTION("SVIP Network Address Translation module");
MODULE_LICENSE("GPL");
#define SVIP_NAT_INFO_STR "@(#)SVIP NAT, version "SVIP_NAT_VERSION
/** maximum voice packet channels possible on the SVIP LC system
(equals maximum number of Codec channels possible) */
#define SVIP_SYS_CODEC_NUM ((SVIP_SYS_NUM) * (SVIP_CODEC_NUM))
/** end UDP port number of the SVIP Linecard System */
#define SVIP_UDP_TO ((SVIP_UDP_FROM) + (SVIP_SYS_CODEC_NUM) - 1)
/** end UDP port number of the Master SVIP in SVIP Linecard System */
#define SVIP_UDP_TO_VOFW0 ((SVIP_UDP_FROM) + (SVIP_CODEC_NUM) - 1)
#define SVIP_PORT_INRANGE(nPort) \
((nPort) >= (SVIP_UDP_FROM) && (nPort) <= (SVIP_UDP_TO))
#define SVIP_PORT_INDEX(nPort) (nPort - SVIP_UDP_FROM)
#define SVIP_NET_DEV_ETH0_IDX 0
#define SVIP_NET_DEV_VETH0_IDX 1
#define SVIP_NET_DEV_LO_IDX 2
#define SVIP_NET_DEV_ETH0_NAME "eth0"
#define SVIP_NET_DEV_ETH1_NAME "eth1"
#define SVIP_NET_DEV_VETH1_NAME "veth0"
#define SVIP_NET_DEV_LO_NAME "lo"
#define SVIP_NAT_STATS_LOC2REM 0
#define SVIP_NAT_STATS_REM2LOC 1
#define SVIP_NAT_STATS_TYPES 2
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24)
#define SVIP_NAT_FOR_EACH_NETDEV(d) for_each_netdev(&init_net, dev)
#define SVIP_NAT_IP_HDR(ethhdr) ip_hdr(ethhdr)
#else
#define SVIP_NAT_FOR_EACH_NETDEV(d) for(d=dev_base; dev; dev = dev->next)
#define SVIP_NAT_IP_HDR(ethhdr) (ethhdr)->nh.iph
#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) */
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
#define SVIP_NAT_SKB_MAC_HEADER(ethhdr) (ethhdr)->mac.ethernet
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
#define SVIP_NAT_SKB_MAC_HEADER(ethhdr) (ethhdr)->mac.raw
#else
#define SVIP_NAT_SKB_MAC_HEADER(ethhdr) skb_mac_header(ethhdr)
#endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24)
#define VLAN_DEV_REAL_DEV(dev) vlan_dev_real_dev(dev)
#define VLAN_DEV_VLAN_ID(dev) vlan_dev_vlan_id(dev)
#else
#define VLAN_DEV_REAL_DEV(dev) (VLAN_DEV_INFO(dev)->real_dev)
#define VLAN_DEV_VLAN_ID(dev) (VLAN_DEV_INFO(dev)->vlan_id)
#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) */
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0))
#define MOD_INC_USE_COUNT
#define MOD_DEC_USE_COUNT
#endif
#if ! ((LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)) && \
(defined(CONFIG_VLAN_8021Q) || defined(CONFIG_VLAN_8021Q_MODULE)))
#define VLAN_8021Q_UNUSED
#endif
extern spinlock_t vlan_group_lock;
extern struct net_device *__vlan_find_dev_deep(struct net_device *real_dev, unsigned short VID);
typedef struct SVIP_NAT_stats
{
unsigned long inPackets;
unsigned long outPackets;
unsigned long outErrors;
} SVIP_NAT_stats_t;
typedef struct SVIP_NAT_table_entry
{
SVIP_NAT_IO_Rule_t natRule;
SVIP_NAT_stats_t natStats[SVIP_NAT_STATS_TYPES];
} SVIP_NAT_table_entry_t;
/* pointer to the SVIP NAT table */
static SVIP_NAT_table_entry_t *pNatTable = NULL;
struct net_device *net_devs[3];
static u32 *paddr_eth0;
static u32 *paddr_eth0_0;
static u32 *paddr_veth0;
static u32 *pmask_veth0;
static struct semaphore *sem_nat_tbl_access;
static int proc_read_in_progress = 0;
static int nDeviceOpen = 0;
/* saves the NAT table index between subsequent invocation */
static int nProcReadIdx = 0;
static long SVIP_NAT_device_ioctl(struct file *,unsigned int ,unsigned long);
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,2,0)
static int SVIP_NAT_device_release (struct inode *,struct file *);
#else
static void SVIP_NAT_device_release (struct inode *,struct file *);
#endif
static int SVIP_NAT_device_open (struct inode *,struct file *);
/* This structure holds the interface functions supported by
the SVIP NAT configuration device. */
struct file_operations SVIP_NAT_Fops = {
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,0)
owner: THIS_MODULE,
#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,0) */
llseek: NULL, /* seek */
read: NULL,
write: NULL,
readdir: NULL, /* readdir */
poll: NULL, /* select */
unlocked_ioctl: SVIP_NAT_device_ioctl, /* ioctl */
mmap: NULL, /* mmap */
open: SVIP_NAT_device_open, /* open, */
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,2,0)
flush: NULL, /* flush */
#endif
release: SVIP_NAT_device_release /* close */
};
/** Structure holding MISC module operations */
static struct miscdevice SVIP_NAT_miscdev =
{
minor: MINOR_NUM_SVIP_NAT,
name: SVIP_NAT_DEVICE_NAME,
fops: &SVIP_NAT_Fops
};
#ifdef CONFIG_SVIP_FW_PKT_SNIFFER
int nSVIP_NAT_Sniffer;
unsigned char pSVIP_NAT_SnifferMAC[ETH_ALEN];
int nSVIP_NAT_SnifferMacSet;
#endif
/******************************************************************************/
/**
Function to read /proc/net/svip_nat/nat proc entry
\arguments
page - pointer to page buffer
start - pointer to start address pointer
off - offset
count - maximum data length to read
eof - end of file flag
data - proc read data (provided by the function
pointed to by data)
\return
length of read data
\remarks:
Each call of this routine forces a copy_to_user of the data returned by
'fn'. This routine will be called by the user until 'len = 0'.
****************************************************************************/
static int SVIP_NAT_ProcRead (char *page, char **start, off_t off,
int count, int *eof, void *data)
{
unsigned long flags;
int (*fn)(char *buf, int size);
int len;
/* If the NAT table index is negative, the reading has completed */
if (nProcReadIdx < 0)
{
nProcReadIdx = 0;
*eof = 1;
proc_read_in_progress = 0;
up(sem_nat_tbl_access);
return 0;
}
local_irq_save(flags);
if (!proc_read_in_progress)
{
proc_read_in_progress = 1;
local_irq_restore(flags);
/* we use this semaphore in order to ensure no other party(could be ioctl
FIO_SVIP_NAT_RULE_LIST), uses function SVIP_NAT_ProcReadNAT(), during
the time read of the proc file takes place */
down(sem_nat_tbl_access);
}
else
{
local_irq_restore(flags);
}
if (data != NULL)
{
fn = data;
len = fn (page, count);
/* In this setup each read of the proc entries returns the read data by
'fn' to the user. The user keeps issuing read requests as long as the
returned value of 'len' is greater than zero. */
*eof = 1;
*start = page;
}
else
{
len = 0;
}
return len;
}
#ifdef CONFIG_SVIP_FW_PKT_SNIFFER
/**
Function to read remaining proc entries
*/
static int SVIP_NAT_ProcReadGen (char *page, char **start, off_t off,
int count, int *eof, void *data)
{
int (*fn)(char *buf, int size);
int len = 0;
MOD_INC_USE_COUNT;
if (data == NULL)
{
MOD_DEC_USE_COUNT;
return 0;
}
fn = data;
len = fn (page, count);
if (len <= off + count)
{
*eof = 1;
}
*start = page + off;
len -= off;
if (len > count)
{
len = count;
}
if (len < 0)
{
len = 0;
}
MOD_DEC_USE_COUNT;
return len;
}
#endif
/******************************************************************************/
/**
Function for setting up /proc/net/svip_nat read data
\arguments
buf - pointer to read buffer
count - size of read buffer
\return
length of read data into buffer
\remarks:
The global variable 'nProcReadIdx' is used to save the table index where
the reading of the NAT table stopped. Reading is stopped when the end of
the read buffer is approached. On the next itteration the reading continues
from the saved index.
*******************************************************************************/
static int SVIP_NAT_ProcReadNAT(char *buf, int count)
{
int i, j;
int len = 0;
SVIP_NAT_IO_Rule_t *pNatRule;
if (nProcReadIdx == -1)
{
nProcReadIdx = 0;
return 0;
}
if (nProcReadIdx == 0)
{
len = sprintf(buf+len,
"Remote host IP " /* 16 char */
"Remote host MAC " /* 19 char */
"Local host IP " /* 15 char */
"Local host MAC " /* 19 char */
"Local host UDP " /* 16 char */
"Loc->Rem(in/out/err) " /* 22 char */
"Rem->Loc(in/out/err)\n\r");
}
for (i = nProcReadIdx; i < SVIP_SYS_CODEC_NUM; i++)
{
int slen;
pNatRule = &pNatTable[i].natRule;
if (pNatRule->remIP != 0)
{
/* make sure not to overwrite the buffer */
if (count < len+120)
break;
/* remIP */
slen = sprintf(buf+len, "%d.%d.%d.%d",
(int)((pNatRule->remIP >> 24) & 0xff),
(int)((pNatRule->remIP >> 16) & 0xff),
(int)((pNatRule->remIP >> 8) & 0xff),
(int)((pNatRule->remIP >> 0) & 0xff));
len += slen;
for (j = 0; j < (16-slen); j++)
len += sprintf(buf+len, " ");
/* remMAC */
slen = 0;
for (j = 0; j < ETH_ALEN; j++)
{
slen += sprintf(buf+len+slen, "%02x%s",
pNatRule->remMAC[j], j < ETH_ALEN-1 ? ":" : " ");
}
len += slen;
for (j = 0; j < (19-slen); j++)
len += sprintf(buf+len, " ");
/* locIP */
slen = sprintf(buf+len, "%d.%d.%d.%d",
(int)((pNatRule->locIP >> 24) & 0xff),
(int)((pNatRule->locIP >> 16) & 0xff),
(int)((pNatRule->locIP >> 8) & 0xff),
(int)((pNatRule->locIP >> 0) & 0xff));
len += slen;
for (j = 0; j < (15-slen); j++)
len += sprintf(buf+len, " ");
/* locMAC */
slen = 0;
for (j = 0; j < ETH_ALEN; j++)
{
slen += sprintf(buf+len+slen, "%02x%s",
pNatRule->locMAC[j], j < ETH_ALEN-1 ? ":" : " ");
}
len += slen;
for (j = 0; j < (19-slen); j++)
len += sprintf(buf+len, " ");
/* locUDP */
slen = sprintf(buf+len, "%d", pNatRule->locUDP);
len += slen;
for (j = 0; j < (16-slen); j++)
len += sprintf(buf+len, " ");
/* NAT statistics, Local to Remote translation */
slen = sprintf(buf+len, "(%ld/%ld/%ld)",
pNatTable[i].natStats[SVIP_NAT_STATS_LOC2REM].inPackets,
pNatTable[i].natStats[SVIP_NAT_STATS_LOC2REM].outPackets,
pNatTable[i].natStats[SVIP_NAT_STATS_LOC2REM].outErrors);
len += slen;
for (j = 0; j < (22-slen); j++)
len += sprintf(buf+len, " ");
/* NAT statistics, Remote to Local translation */
len += sprintf(buf+len, "(%ld/%ld/%ld)\n\r",
pNatTable[i].natStats[SVIP_NAT_STATS_REM2LOC].inPackets,
pNatTable[i].natStats[SVIP_NAT_STATS_REM2LOC].outPackets,
pNatTable[i].natStats[SVIP_NAT_STATS_REM2LOC].outErrors);
}
}
if (i == SVIP_SYS_CODEC_NUM)
nProcReadIdx = -1; /* reading completed */
else
nProcReadIdx = i; /* reading still in process, buffer was full */
return len;
}
#ifdef CONFIG_SVIP_FW_PKT_SNIFFER
/**
Converts MAC address from ascii to hex respesentaion
*/
static int SVIP_NAT_MacAsciiToHex(const char *pMacStr, unsigned char *pMacHex)
{
int i=0, c=0, b=0, n=0;
memset(pMacHex, 0, ETH_ALEN);
while (pMacStr[i] != '\0')
{
if (n >= 0)
{
unsigned char nToHex = 0;
/* check for hex digit */
if (pMacStr[i] >= '0' && pMacStr[i] <= '9')
nToHex = 0x30;
else if (pMacStr[i] >= 'a' && pMacStr[i] <= 'f')
nToHex = 0x57;
else if (pMacStr[i] >= 'A' && pMacStr[i] <= 'F')
nToHex = 0x37;
else
{
if (n != 0)
{
printk(KERN_ERR "SVIP NAT: invalid MAC address format[%s]\n", pMacStr);
return -1;
}
i++;
continue;
}
n^=1;
pMacHex[b] |= ((pMacStr[i] - nToHex)&0xf) << (4*n);
if (n == 0)
{
/* advance to next byte, check if complete */
if (++b >= ETH_ALEN)
return 0;
/* byte completed, next we expect a colon... */
c = 1;
/* and, do not check for hex digit */
n = -1;
}
i++;
continue;
}
if (c == 1)
{
if (pMacStr[i] == ':')
{
/* next we expect hex digit, again */
n = 0;
}
else
{
printk(KERN_ERR "SVIP NAT: invalid MAC address format[%s]\n", pMacStr);
return -1;
}
}
i++;
}
return 0;
}
/**
Used to set the destination MAC address of a host where incoming
SVIP VoFW packets are to be addressed. In case the address is set
to 00:00:00:00:00:00 (the default case), the packets will written
out to eth0 with its original MAC addess.
\remark
usage: 'echo "00:03:19:00:15:D1" > cat /proc/net/svip_nat/snifferMAC'
*/
int SVIP_NAT_ProcWriteSnifferMAC (struct file *file, const char *buffer,
unsigned long count, void *data)
{
/* at least strlen("xx:xx:xx:xx:xx:xx") characters, followed by '\0' */
if (count >= 18)
{
int ret;
ret = SVIP_NAT_MacAsciiToHex(buffer, pSVIP_NAT_SnifferMAC);
if (ret != 0)
return 0;
if (!(pSVIP_NAT_SnifferMAC[0]==0 && pSVIP_NAT_SnifferMAC[1]==0 &&
pSVIP_NAT_SnifferMAC[2]==0 && pSVIP_NAT_SnifferMAC[3]==0 &&
pSVIP_NAT_SnifferMAC[4]==0 && pSVIP_NAT_SnifferMAC[5]==0))
{
nSVIP_NAT_SnifferMacSet = 1;
}
}
return count;
}
/**
Used to read the destination MAC address of a sniffer host
*/
int SVIP_NAT_ProcReadSnifferMAC (char *buf, int count)
{
int len = 0;
len = snprintf(buf, count, "%02x:%02x:%02x:%02x:%02x:%02x\n",
pSVIP_NAT_SnifferMAC[0], pSVIP_NAT_SnifferMAC[1],
pSVIP_NAT_SnifferMAC[2], pSVIP_NAT_SnifferMAC[3],
pSVIP_NAT_SnifferMAC[4], pSVIP_NAT_SnifferMAC[5]);
if (len > count)
{
printk(KERN_ERR "SVIP NAT: Only part of the text could be put into the buffer\n");
return count;
}
return len;
}
/**
Used to switch VoFW message sniffer on/off
\remark
usage: 'echo "1" > cat /proc/net/svip_nat/snifferOnOff'
*/
int SVIP_NAT_ProcWriteSnifferOnOff (struct file *file, const char *buffer,
unsigned long count, void *data)
{
/* at least one digit expected, followed by '\0' */
if (count >= 2)
{
int ret, nSnifferOnOff;
ret = sscanf(buffer, "%d", &nSnifferOnOff);
if (ret != 1)
return count;
if (nSnifferOnOff > 0)
nSnifferOnOff = 1;
nSVIP_NAT_Sniffer = nSnifferOnOff;
}
return count;
}
/**
Used to read the VoFW message sniffer configuration (on/off)
*/
int SVIP_NAT_ProcReadSnifferOnOff (char *buf, int count)
{
int len = 0;
len = snprintf(buf, count, "%d\n", nSVIP_NAT_Sniffer);
if (len > count)
{
printk(KERN_ERR "SVIP NAT: Only part of the text could be put into the buffer\n");
return count;
}
return len;
}
#endif
/******************************************************************************/
/**
Creates proc read/write entries
\return
0 on success, -1 on error
*/
/******************************************************************************/
static int SVIP_NAT_ProcInstall(void)
{
struct proc_dir_entry *pProcParentDir, *pProcDir;
struct proc_dir_entry *pProcNode;
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
pProcParentDir = proc_net;
#else
pProcParentDir = init_net.proc_net;
#endif
pProcDir = proc_mkdir(SVIP_NAT_DEVICE_NAME, pProcParentDir);
if (pProcDir == NULL)
{
printk(KERN_ERR "SVIP NAT: cannot create proc dir %s/%s\n\r",
pProcParentDir->name, SVIP_NAT_DEVICE_NAME);
return -1;
}
pProcNode = create_proc_read_entry("nat", S_IFREG|S_IRUGO, pProcDir,
SVIP_NAT_ProcRead, (void *)SVIP_NAT_ProcReadNAT);
if (pProcNode == NULL)
{
printk(KERN_ERR "SVIP NAT: cannot create proc entry %s/%s",
pProcDir->name, "nat");
return -1;
}
#ifdef CONFIG_SVIP_FW_PKT_SNIFFER
nSVIP_NAT_Sniffer = 0;
/* creates proc entry for switching on/off sniffer to VoFW messages */
pProcNode = create_proc_read_entry("snifferOnOff", S_IFREG|S_IRUGO|S_IWUGO,
pProcDir, SVIP_NAT_ProcReadGen, (void *)SVIP_NAT_ProcReadSnifferOnOff);
if (pProcNode == NULL)
{
printk(KERN_ERR "SVIP NAT: cannot create proc entry %s/%s\n\r",
pProcDir->name, "snifferOnOff");
return -1;
}
pProcNode->write_proc = SVIP_NAT_ProcWriteSnifferOnOff;
memset (pSVIP_NAT_SnifferMAC, 0, ETH_ALEN);
nSVIP_NAT_SnifferMacSet = 0;
/* creates proc entry for setting MAC address of sniffer host to VoFW messages */
pProcNode = create_proc_read_entry("snifferMAC", S_IFREG|S_IRUGO|S_IWUGO,
pProcDir, SVIP_NAT_ProcReadGen, (void *)SVIP_NAT_ProcReadSnifferMAC);
if (pProcNode == NULL)
{
printk(KERN_ERR "SVIP NAT: cannot create proc entry %s/%s\n\r",
pProcDir->name, "snifferMAC");
return -1;
}
pProcNode->write_proc = SVIP_NAT_ProcWriteSnifferMAC;
#endif
return 0;
}
/******************************************************************************/
/**
No actions done here, simply a check is performed if an open has already
been performed. Currently only a single open is allowed as it is a sufficient
to have hat a single process configuring the SVIP NAT at one time.
\arguments
inode - pointer to disk file data
file - pointer to device file data
\return
0 on success, else -1
*/
/******************************************************************************/
static int SVIP_NAT_device_open(struct inode *inode, struct file *file)
{
unsigned long flags;
struct in_device *in_dev;
struct in_ifaddr *ifa;
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
local_irq_save(flags);
#else
local_save_flags(flags);
#endif
if (nDeviceOpen)
{
MOD_INC_USE_COUNT;
local_irq_restore(flags);
nDeviceOpen++;
return 0;
}
/* find pointer to IP address of eth0 */
if ((in_dev=in_dev_get(net_devs[SVIP_NET_DEV_ETH0_IDX])) != NULL)
{
for (ifa = in_dev->ifa_list; ifa != NULL; ifa = ifa->ifa_next)
{
if (!paddr_eth0 && ifa->ifa_address != 0)
{
paddr_eth0 = &ifa->ifa_address;
continue;
}
if (paddr_eth0 && ifa->ifa_address != 0)
{
paddr_eth0_0 = &ifa->ifa_address;
break;
}
}
in_dev_put(in_dev);
}
if (paddr_eth0 == NULL || paddr_eth0_0 == NULL)
{
local_irq_restore(flags);
return -ENODATA;
}
/* find pointer to IP address of veth0 */
if ((in_dev=in_dev_get(net_devs[SVIP_NET_DEV_VETH0_IDX])) != NULL)
{
for (ifa = in_dev->ifa_list; ifa != NULL; ifa = ifa->ifa_next)
{
if (ifa->ifa_address != 0)
{
paddr_veth0 = &ifa->ifa_address;
pmask_veth0 = &ifa->ifa_mask;
break;
}
}
in_dev_put(in_dev);
}
if (paddr_veth0 == NULL)
{
local_irq_restore(flags);
return -ENODATA;
}
MOD_INC_USE_COUNT;
nDeviceOpen++;
local_irq_restore(flags);
return 0;
}
/******************************************************************************/
/**
This function is called when a process closes the SVIP NAT device file
\arguments
inode - pointer to disk file data
file - pointer to device file data
\return
0 on success, else -1
*/
/******************************************************************************/
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,2,0)
static int SVIP_NAT_device_release(struct inode *inode,
struct file *file)
#else
static void SVIP_NAT_device_release(struct inode *inode,
struct file *file)
#endif
{
unsigned long flags;
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
save_flags(flags);
cli();
#else
local_save_flags(flags);
#endif
/* The device can now be openned by the next caller */
nDeviceOpen--;
MOD_DEC_USE_COUNT;
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
restore_flags(flags);
#else
local_irq_restore(flags);
#endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,2,0)
return 0;
#endif
}
/******************************************************************************/
/**
This function is called when a process closes the SVIP NAT device file
\arguments
inode - pointer to disk file data
file - pointer to device file data
ioctl_num - ioctl number requested
ioctl_param - pointer to data related to the ioctl number
\return
0 on success, else -1
*/
/******************************************************************************/
long SVIP_NAT_device_ioctl (struct file *file,
unsigned int ioctl_num, unsigned long ioctl_param)
{
int ret = 0;
SVIP_NAT_IO_Rule_t *pNatRule, *pNatRuleIn;
SVIP_UDP_PORT_t nPort;
int nNatIdx;
int bWrite = 0;
int bRead = 0;
unsigned char *pData = 0;
int nSize;
if (_IOC_DIR(ioctl_num) & _IOC_WRITE)
bWrite = 1;
if (_IOC_DIR(ioctl_num) & _IOC_READ)
bRead = 1;
nSize = _IOC_SIZE(ioctl_num);
if (nSize > sizeof(int))
{
if (bRead || bWrite)
{
pData = kmalloc (nSize, GFP_KERNEL);
if (bWrite)
{
if (copy_from_user ((void *)pData, (void *)ioctl_param, nSize) != 0)
{
printk(KERN_ERR "SVIP NAT: ioctl %x: copy_from_user() failed!\n", ioctl_num);
ret = -1;
goto error;
}
}
}
}
switch (ioctl_num)
{
case FIO_SVIP_NAT_RULE_ADD:
pNatRuleIn = (SVIP_NAT_IO_Rule_t *)pData;
/* check if destination UDP port is within range */
nPort = ntohs(pNatRuleIn->locUDP);
if (!SVIP_PORT_INRANGE(nPort))
{
printk(KERN_ERR "SVIP NAT: Error, UDP port(%d) is out of range(%d..%d)\n",
nPort, SVIP_UDP_FROM, SVIP_UDP_TO);
ret = -1;
goto error;
}
nNatIdx = SVIP_PORT_INDEX(nPort);
down(sem_nat_tbl_access);
pNatRule = &pNatTable[nNatIdx].natRule;
/* add rule to the NAT table */
pNatRule->remIP = pNatRuleIn->remIP;
memcpy((char *)pNatRule->remMAC, (char *)pNatRuleIn->remMAC, ETH_ALEN);
pNatRule->locIP = pNatRuleIn->locIP;
memcpy((char *)pNatRule->locMAC, (char *)pNatRuleIn->locMAC, ETH_ALEN);
pNatRule->locUDP = pNatRuleIn->locUDP;
memset(pNatTable[nNatIdx].natStats, 0,
sizeof(SVIP_NAT_stats_t)*SVIP_NAT_STATS_TYPES);
up(sem_nat_tbl_access);
break;
case FIO_SVIP_NAT_RULE_REMOVE:
pNatRuleIn = (SVIP_NAT_IO_Rule_t *)pData;
/* check if destination UDP port is within range */
nPort = ntohs(pNatRuleIn->locUDP);
if (!SVIP_PORT_INRANGE(nPort))
{
printk(KERN_ERR "SVIP NAT: Error, UDP port(%d) is out of range(%d..%d)\n",
nPort, SVIP_UDP_FROM, SVIP_UDP_TO);
ret = -1;
goto error;
}
nNatIdx = SVIP_PORT_INDEX(nPort);
down(sem_nat_tbl_access);
/* remove rule from the NAT table */
memset(&pNatTable[nNatIdx], 0, sizeof(SVIP_NAT_table_entry_t));
up(sem_nat_tbl_access);
break;
case FIO_SVIP_NAT_RULE_LIST:
{
int len;
char buf[256];
down(sem_nat_tbl_access);
while (nProcReadIdx != -1)
{
len = SVIP_NAT_ProcReadNAT(buf, 256);
if (len > 0)
printk("%s", buf);
}
nProcReadIdx = 0;
up(sem_nat_tbl_access);
break;
}
default:
printk(KERN_ERR "SVIP NAT: unsupported ioctl (%x) command for device %s\n",
ioctl_num, PATH_SVIP_NAT_DEVICE_NAME);
ret = -1;
goto error;
}
if (nSize > sizeof(int))
{
if (bRead)
{
if (copy_to_user ((void *)ioctl_param, (void *)pData, nSize) != 0)
{
printk(KERN_ERR "SVIP NAT: ioctl %x: copy_to_user() failed!\n", ioctl_num);
ret = -1;
goto error;
}
}
}
error:
if (pData)
kfree(pData);
return ret;
}
#if 0
void dump_msg(unsigned char *pData, unsigned int nLen)
{
int i;
for (i=0; i<nLen; i++)
{
if (!i || !(i%16))
printk("\n ");
else if (i && !(i%4))
printk(" ");
printk("%02x", pData[i]);
}
if (--i%16)
printk("\n");
}
#endif
/******************************************************************************/
/**
Used to recalculate IP/UDP checksum using the original IP/UDP checksum
coming with the packet. The original source and destination IP addresses
are accounted for, and, the checksum is updated using the new source and
destination IP addresses.
\arguments
skb - pointer to the receiving socket buffer
csum_old - original checksum
saddr_old - pointer to original source IP address
saddr_new - pointer to new source IP address
daddr_old - pointer to original destination IP address
daddr_new - pointer to new destination IP address
\return
recalculated IP/UDP checksum
*/
/******************************************************************************/
static inline u16 ip_udp_quick_csum(u16 csum_old, u16 *saddr_old, u16 *saddr_new,
u16 *daddr_old, u16 *daddr_new)
{
u32 sum;
sum = csum_old;
/* convert back from one's complement */
sum = ~sum & 0xffff;
if (sum < saddr_old[0]) sum += 0xffff;
sum -= saddr_old[0];
if (sum < saddr_old[1]) sum += 0xffff;
sum -= saddr_old[1];
if (sum < daddr_old[0]) sum += 0xffff;
sum -= daddr_old[0];
if (sum < daddr_old[1]) sum += 0xffff;
sum -= daddr_old[1];
sum += saddr_new[0];
sum += saddr_new[1];
sum += daddr_new[0];
sum += daddr_new[1];
/* take only 16 bits out of the 32 bit sum and add up the carries */
while (sum >> 16)
sum = (sum & 0xffff)+((sum >> 16) & 0xffff);
/* one's complement the result */
sum = ~sum;
return (u16)(sum & 0xffff);
}
/******************************************************************************/
/**
Returns a pointer to an ipv4 address assigned to device dev. The ipv4
instance checked is pointed to by ifa_start. The function is suited for
itterative calls.
\arguments
dev - pointer to network interface
ifa_start - pointer to ipv4 instance to return ipv4 address assigned
to, NULL for the first one
ppifa_addr - output parameter
\return
pointer to the next ipv4 instance, which can be null if ifa_start was
the last instance present
*/
/******************************************************************************/
static struct in_ifaddr *get_ifaddr(struct net_device *dev,
struct in_ifaddr *ifa_start, unsigned int **ppifa_addr)
{
struct in_device *in_dev;
struct in_ifaddr *ifa = NULL;
if ((in_dev=in_dev_get(dev)) != NULL)
{
if (ifa_start == NULL)
ifa = in_dev->ifa_list;
else
ifa = ifa_start;
if (ifa)
{
*ppifa_addr = &ifa->ifa_address;
ifa = ifa->ifa_next;
}
in_dev_put(in_dev);
return ifa;
}
*ppifa_addr = NULL;
return NULL;
}
/******************************************************************************/
/**
This function performs IP NAT for received packets satisfying the
following requirements:
- packet is destined to local IP host
- transport protocol type is UDP
- destination UDP port is within range
\arguments
skb - pointer to the receiving socket buffer
\return
returns 1 on performed SVIP NAT, else returns 0
\remarks
When function returns 0, it indicates the caller to pass the
packet up the IP stack to make further decision about it
*/
/******************************************************************************/
int do_SVIP_NAT (struct sk_buff *skb)
{
struct net_device *real_dev;
struct iphdr *iph;
struct udphdr *udph;
SVIP_NAT_IO_Rule_t *pNatRule;
int nNatIdx, in_eth0, nDir;
#ifndef VLAN_8021Q_UNUSED
int vlan;
unsigned short vid;
#endif /* ! VLAN_8021Q_UNUSED */
SVIP_UDP_PORT_t nPort;
u32 orgSrcIp, orgDstIp, *pSrcIp, *pDstIp;
struct ethhdr *ethh;
/* do not consider if SVIP NAT device not open. */
if (!nDeviceOpen)
{
return 0;
}
/* consider only UDP packets. */
iph = SVIP_NAT_IP_HDR(skb);
if (iph->protocol != IPPROTO_UDP)
{
return 0;
}
udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl);
/* consider only packets which UDP port numbers reside within
the predefined SVIP NAT UDP port range. */
if ((!SVIP_PORT_INRANGE(ntohs(udph->dest))) &&
(!SVIP_PORT_INRANGE(ntohs(udph->source))))
{
return 0;
}
#ifndef VLAN_8021Q_UNUSED
/* check if packet delivered over VLAN. VLAN packets will be routed over
the VLAN interfaces of the respective real Ethernet interface, if one
exists(VIDs must match). Else, the packet will be send out as IEEE 802.3
Ethernet frame */
if (skb->dev->priv_flags & IFF_802_1Q_VLAN)
{
vlan = 1;
vid = VLAN_DEV_VLAN_ID(skb->dev);
real_dev = VLAN_DEV_REAL_DEV(skb->dev);
}
else
{
vlan = 0;
vid = 0;
real_dev = skb->dev;
}
#endif /* ! VLAN_8021Q_UNUSED */
#ifdef CONFIG_SVIP_FW_PKT_SNIFFER
/** Debugging feature which can be enabled by writing,
'echo 1 > /proc/net/svip_nat/snifferOnOff'.
It copies all packets received on veth0 and, sends them out over eth0.
When a destination MAC address is specified through
/proc/net/svip_nat/snifferMAC, this MAC addess will substitute the
original MAC address of the packet.
It is recommended to specify a MAC address of some host where Wireshark
runs and sniffs for this traffic, else you may flood your LAN with
undeliverable traffic.
NOTE: In case of VLAN traffic the VLAN header information is lost. */
if (nSVIP_NAT_Sniffer)
{
if (real_dev == net_devs[SVIP_NET_DEV_VETH0_IDX])
{
struct sk_buff *copied_skb;
/* gain the Ethernet header from the skb */
skb_push(skb, ETH_HLEN);
copied_skb = skb_copy (skb, GFP_ATOMIC);
if (nSVIP_NAT_SnifferMacSet == 1)
{
ethh = (struct ethhdr *)SVIP_NAT_SKB_MAC_HEADER(copied_skb);
memcpy((char *)ethh->h_dest, (char *)pSVIP_NAT_SnifferMAC, ETH_ALEN);
}
copied_skb->dev = net_devs[SVIP_NET_DEV_ETH0_IDX];
dev_queue_xmit(copied_skb);
/* skip the ETH header again */
skb_pull(skb, ETH_HLEN);
}
}
#endif
/* check if packet arrived on eth0 */
if (real_dev == net_devs[SVIP_NET_DEV_ETH0_IDX])
{
/* check if destination IP address equals the primary assigned IP address
of interface eth0. This is the case of packets originating from a
remote peer that are to be delivered to a channel residing on THIS
voice linecard system. This is typical SVIP NAT case, therefore this
rule is placed on top. */
if (iph->daddr == *paddr_eth0)
{
nPort = ntohs(udph->dest);
nDir = SVIP_NAT_STATS_REM2LOC;
}
/* check if destination IP address equals the secondary assigned IP address
of interface eth0. This is not a typical SVIP NAT case. It is basically
there, as someone might like for debugging purpose to use the LCC to route
Slave SVIP packets which are part of voice/fax streaming. */
else if (iph->daddr == *paddr_eth0_0)
{
nPort = ntohs(udph->source);
nDir = SVIP_NAT_STATS_LOC2REM;
}
#ifndef VLAN_8021Q_UNUSED
/* when the packet did not hit the top two rules, here we check if the packet
has addressed any of the IP addresses assigned to the VLAN interface attached
to eth0. This is not recommended approach because of the CPU cost incurred. */
else if (vlan)
{
unsigned int *pifa_addr;
struct in_ifaddr *ifa_start = NULL;
int i = 0;
do
{
ifa_start = get_ifaddr(skb->dev, ifa_start, &pifa_addr);
if (!pifa_addr)
{
/* VLAN packet received on vlan interface attached to eth0,
however no IP address assigned to the interface.
The packet is ignored. */
return 0;
}
if (iph->daddr == *pifa_addr)
{
/* packet destined to... */
break;
}
if (!ifa_start)
{
return 0;
}
i++;
} while (ifa_start);
if (!i)
{
/* ...primary assigned IP address to the VLAN interface. */
nPort = ntohs(udph->dest);
nDir = SVIP_NAT_STATS_REM2LOC;
}
else
{
/* ...secondary assigned IP address to the VLAN interface. */
nPort = ntohs(udph->source);
nDir = SVIP_NAT_STATS_LOC2REM;
}
}
#endif /* ! VLAN_8021Q_UNUSED */
else
{
return 0;
}
in_eth0 = 1;
}
/* check if packet arrived on veth0 */
else if (real_dev == net_devs[SVIP_NET_DEV_VETH0_IDX])
{
nPort = ntohs(udph->source);
nDir = SVIP_NAT_STATS_LOC2REM;
in_eth0 = 0;
}
else
{
/* packet arrived neither on eth0, nor veth0 */
return 0;
}
/* calculate the respective index of the NAT table */
nNatIdx = SVIP_PORT_INDEX(nPort);
/* process the packet if a respective NAT rule exists */
pNatRule = &pNatTable[nNatIdx].natRule;
ethh = (struct ethhdr *)SVIP_NAT_SKB_MAC_HEADER(skb);
/* copy packet's original source and destination IP addresses to use
later on to perform efficient checksum recalculation */
orgSrcIp = iph->saddr;
orgDstIp = iph->daddr;
if (in_eth0)
{
u8 *pDstMac;
/* Process packet arrived on eth0 */
if (nDir == SVIP_NAT_STATS_REM2LOC && iph->saddr == pNatRule->remIP)
{
pDstIp = &pNatRule->locIP;
pDstMac = pNatRule->locMAC;
}
else if (nDir == SVIP_NAT_STATS_LOC2REM && iph->saddr == pNatRule->locIP)
{
pDstIp = &pNatRule->remIP;
pDstMac = pNatRule->remMAC;
}
else
{
/* Rule check failed. The packet is passed up the layers,
it will be dropped by UDP */
return 0;
}
if ((*pDstIp & *pmask_veth0) == (*paddr_veth0 & *pmask_veth0))
{
#ifndef VLAN_8021Q_UNUSED
if (vlan)
{
struct net_device *vlan_dev;
spin_lock_bh(&vlan_group_lock);
vlan_dev = __vlan_find_dev_deep(net_devs[SVIP_NET_DEV_VETH0_IDX], vid);
spin_unlock_bh(&vlan_group_lock);
if (vlan_dev)
{
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
struct vlan_ethhdr *vethh;
skb_push(skb, VLAN_ETH_HLEN);
/* reconstruct the VLAN header.
NOTE: priority information is lost */
vethh = (struct vlan_ethhdr *)skb->data;
vethh->h_vlan_proto = htons(ETH_P_8021Q);
vethh->h_vlan_TCI = htons(vid);
vethh->h_vlan_encapsulated_proto = htons(ETH_P_IP);
ethh = (struct ethhdr *)vethh;
#else
skb_push(skb, ETH_HLEN);
#endif
skb->dev = vlan_dev;
}
else
{
skb->dev = net_devs[SVIP_NET_DEV_VETH0_IDX];
skb_push(skb, ETH_HLEN);
}
}
else
#endif /* ! VLAN_8021Q_UNUSED */
{
skb->dev = net_devs[SVIP_NET_DEV_VETH0_IDX];
skb_push(skb, ETH_HLEN);
}
pSrcIp = paddr_veth0;
}
else
{
#ifndef VLAN_8021Q_UNUSED
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
if (vlan)
{
struct vlan_ethhdr *vethh;
/* reconstruct the VLAN header.
NOTE: priority information is lost */
skb_push(skb, VLAN_ETH_HLEN);
vethh = (struct vlan_ethhdr *)skb->data;
vethh->h_vlan_proto = htons(ETH_P_8021Q);
vethh->h_vlan_TCI = htons(vid);
vethh->h_vlan_encapsulated_proto = htons(ETH_P_IP);
ethh = (struct ethhdr *)vethh;
}
else
#endif
#endif /* ! VLAN_8021Q_UNUSED */
{
skb_push(skb, ETH_HLEN);
}
/* source IP address equals the destination IP address
of the incoming packet */
pSrcIp = &iph->daddr;
}
iph->saddr = *pSrcIp;
memcpy((char *)ethh->h_source, (char *)skb->dev->dev_addr, ETH_ALEN);
iph->daddr = *pDstIp;
memcpy((char *)ethh->h_dest, (char *)pDstMac, ETH_ALEN);
}
else
{
/* Process packet arrived on veth0 */
if (iph->saddr != pNatRule->locIP)
{
/* Rule check failed. The packet is passed up the layers,
it will be dropped by UDP */
return 0;
}
if (!((pNatRule->remIP & *pmask_veth0) == (*paddr_veth0 & *pmask_veth0)))
{
#ifndef VLAN_8021Q_UNUSED
if (vlan)
{
struct net_device *vlan_dev;
spin_lock_bh(&vlan_group_lock);
vlan_dev = __vlan_find_dev_deep(net_devs[SVIP_NET_DEV_ETH0_IDX], vid);
spin_unlock_bh(&vlan_group_lock);
if (vlan_dev)
{
unsigned int *pifa_addr;
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
struct vlan_ethhdr *vethh;
skb_push(skb, VLAN_ETH_HLEN);
/* construct the VLAN header, note priority information is lost */
vethh = (struct vlan_ethhdr *)skb->data;
vethh->h_vlan_proto = htons(ETH_P_8021Q);
vethh->h_vlan_TCI = htons(vid);
vethh->h_vlan_encapsulated_proto = htons(ETH_P_IP);
ethh = (struct ethhdr *)vethh;
#else
skb_push(skb, ETH_HLEN);
#endif
skb->dev = vlan_dev;
get_ifaddr(skb->dev, NULL, &pifa_addr);
if (pifa_addr)
{
pSrcIp = pifa_addr;
}
else
{
pSrcIp = paddr_eth0;
}
}
else
{
skb->dev = net_devs[SVIP_NET_DEV_ETH0_IDX];
pSrcIp = paddr_eth0;
skb_push(skb, ETH_HLEN);
}
}
else
#endif /* ! VLAN_8021Q_UNUSED */
{
skb->dev = net_devs[SVIP_NET_DEV_ETH0_IDX];
pSrcIp = paddr_eth0;
skb_push(skb, ETH_HLEN);
}
}
else
{
pSrcIp = paddr_veth0;
#ifndef VLAN_8021Q_UNUSED
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
if (vlan)
{
struct vlan_ethhdr *vethh;
skb_push(skb, VLAN_ETH_HLEN);
/* reconstruct the VLAN header.
NOTE: priority information is lost. */
vethh = (struct vlan_ethhdr *)skb->data;
vethh->h_vlan_proto = htons(ETH_P_8021Q);
vethh->h_vlan_TCI = htons(vid);
vethh->h_vlan_encapsulated_proto = htons(ETH_P_IP);
ethh = (struct ethhdr *)vethh;
}
else
#endif
#endif /* ! VLAN_8021Q_UNUSED */
{
skb_push(skb, ETH_HLEN);
}
}
iph->saddr = *pSrcIp;
memcpy((char *)ethh->h_source, (char *)skb->dev->dev_addr, ETH_ALEN);
iph->daddr = pNatRule->remIP;
memcpy((char *)ethh->h_dest, (char *)pNatRule->remMAC, ETH_ALEN);
}
pNatTable[nNatIdx].natStats[nDir].inPackets++;
iph->check = ip_udp_quick_csum(iph->check, (u16 *)&orgSrcIp, (u16 *)&iph->saddr,
(u16 *)&orgDstIp, (u16 *)&iph->daddr);
if (udph->check != 0)
{
udph->check = ip_udp_quick_csum(udph->check, (u16 *)&orgSrcIp, (u16 *)&iph->saddr,
(u16 *)&orgDstIp, (u16 *)&iph->daddr);
}
/* write the packet out, directly to the network device */
if (dev_queue_xmit(skb) < 0)
pNatTable[nNatIdx].natStats[nDir].outErrors++;
else
pNatTable[nNatIdx].natStats[nDir].outPackets++;
return 1;
}
/******************************************************************************/
/**
Function executed upon unloading of the SVIP NAT module. It unregisters the
SVIP NAT configuration device and frees the memory used for the NAT table.
\remarks:
Currently the SVIP NAT module is statically linked into the Linux kernel
therefore this routine cannot be executed.
*******************************************************************************/
static int __init init(void)
{
int ret = 0;
struct net_device *dev;
if (misc_register(&SVIP_NAT_miscdev) != 0)
{
printk(KERN_ERR "%s: cannot register SVIP NAT device node.\n",
SVIP_NAT_miscdev.name);
return -EIO;
}
/* allocation of memory for NAT table */
pNatTable = (SVIP_NAT_table_entry_t *)kmalloc(
sizeof(SVIP_NAT_table_entry_t) * SVIP_SYS_CODEC_NUM, GFP_ATOMIC);
if (pNatTable == NULL)
{
printk (KERN_ERR "SVIP NAT: Error(%d), allocating memory for NAT table\n", ret);
return -1;
}
/* clear the NAT table */
memset((void *)pNatTable, 0, sizeof(SVIP_NAT_table_entry_t) * SVIP_SYS_CODEC_NUM);
if ((sem_nat_tbl_access = kmalloc(sizeof(struct semaphore), GFP_KERNEL)))
{
sema_init(sem_nat_tbl_access, 1);
}
SVIP_NAT_ProcInstall();
/* find pointers to 'struct net_device' of eth0 and veth0, respectevely */
read_lock(&dev_base_lock);
SVIP_NAT_FOR_EACH_NETDEV(dev)
{
if (!strcmp(dev->name, SVIP_NET_DEV_ETH0_NAME))
{
net_devs[SVIP_NET_DEV_ETH0_IDX] = dev;
}
if (!strcmp(dev->name, SVIP_NET_DEV_VETH1_NAME))
{
net_devs[SVIP_NET_DEV_VETH0_IDX] = dev;
}
else if (!strcmp(dev->name, SVIP_NET_DEV_ETH1_NAME))
{
net_devs[SVIP_NET_DEV_VETH0_IDX] = dev;
}
}
read_unlock(&dev_base_lock);
if (net_devs[SVIP_NET_DEV_ETH0_IDX] == NULL ||
net_devs[SVIP_NET_DEV_VETH0_IDX] == NULL)
{
printk (KERN_ERR "SVIP NAT: Error, unable to locate eth0 and veth0 interfaces\n");
return -1;
}
printk ("%s, (c) 2009, Lantiq Deutschland GmbH\n", &SVIP_NAT_INFO_STR[4]);
return ret;
}
/******************************************************************************/
/**
Function executed upon unloading of the SVIP NAT module. It unregisters the
SVIP NAT configuration device and frees the memory used for the NAT table.
\remarks:
Currently the SVIP NAT module is statically linked into the Linux kernel
therefore this routine cannot be executed.
*******************************************************************************/
static void __exit fini(void)
{
MOD_DEC_USE_COUNT;
/* unregister SVIP NAT configuration device */
misc_deregister(&SVIP_NAT_miscdev);
/* release memory of SVIP NAT table */
if (pNatTable != NULL)
{
kfree (pNatTable);
}
}
module_init(init);
module_exit(fini);