Try to shield nat from the TCP/IP protocol stack

When developing the H323 device, I found that there is a public IP address, which is really good, because the TransportAddress in H245 contains the IP address information. Sometimes it may be at least theoretically true after portforward ). Unfortunately, adsl is used for Internet access. Generally, private addresses are used. There is no way to change the kernel.

Make a pc or other device in the LAN hereinafter referred to as A) and some internet IP addresses of the PC or other devices hereinafter referred to as B) Communication, and dial-up server hereinafter referred to as C, has an Internet IP address.

Basic Ideas:
Data packets from PPPOE are strictly PPP data packets, which are directly forwarded to the Intranet without NAT, and vice versa. I click the intercepted data packet in ip_rcv.
Of course, the original dial-up gateway also has A proxy arp function. In arp_rcv, cut off the arp packet issued by A and specifically respond to conv. c ).

The specific process is as follows:
1. in arp. c and ip_input.c each bury a hook function pointer), the actual processing put it in the external module for implementation, so as to facilitate debugging and modification, the kernel only needs to be changed once.
2. implement the actual ip packet forwarding in the Module Program: If the ip packet comes from an address, add the MAC frame header to the packet, and then pass the packet through dev_queue_xmit () forward to the internal LAN. Skip routing, NAT, firewall, and other functional modules. in the reverse direction, the MAC packet received by A is identified by IP addresses.
3. The arp request received by A is confirmed by the MAC address of. Then discard the arp request packet.
4. The IP address used by the application to read ppp0 is the dynamic IP address obtained by dialing.

Note:
1. the return value of new_ip_rcv is 0, indicating that the packet has been short-circuited, and the kernel does not further process the packet.
1 is returned. If there is a problem with this package, the system will discard it. If there are other data packets, the kernel will continue to process them normally.
2. In new_arp_rcv, 0 is returned, indicating that it is a normal arp packet. The system continues normal processing and returns 1. The system will not proceed with this packet.
3. The program has many hardcodes, such as ppp0 and eth0. In addition, when the dial-up server determines whether the packet is sent by A, the IP address is used, and the MAC address may be more reasonable.

[Code] Kernel 2.2.20) modification: 1. arp. c Join: Int (* arp_rcv_hook) (struct sk_buff * skb, struct device * dev, struct packet_type * pt) = 0; Change: ....... Int arp_rcv (struct sk_buff * skb, struct device * dev, struct packet_type * pt) { ..... /* * Check for bad requests for 127. x and requests for multicast * And in the case of requests for us we add the requester to the arp * Cache. */ /* Special case: IPv4 duplicate address detection packet (RFC2131 )*/ If (arp_rcv_hook & arp_rcv_hook (skb, dev, pt)/* about 689 rows */ Goto out; If (sip = 0 ){ ..... } 2. ip_input.c Join: Int (* ip_rcv_hook) (struct skb_buff *) = 0; Change: Int ip_rcv (struct sk_buff * skb, struct device * dev, struct packet_type * pt) { ...... If (ip_rcv_hook)/* about 464th rows */ { Int retval; Retval = (* ip_rcv_hook) (skb ); If (retval = 0) Return 0; Else if (retval = 1) Goto drop; } # Ifdef CONFIG_FIREWALL ...... } 3. netsyms. c Join: Extern int (* arp_rcv_hook) (struct sk_buff *, struct device *, struct packet_type *); EXPORT_SYMBOL_NOVERS (arp_rcv_hook ); Extern int (* ip_rcv_hook) (struct sk_buff *); EXPORT_SYMBOL_NOVERS (ip_rcv_hook ); Application: /* Conv. c route cut between adsl and lan device * Email: jundai20@hotmail.com */ # Include # Include # Include # Include # Include # Include # Include "conv. h" Int ppp_ipaddr; MODULE_PARM (ppp_ipaddr, "I "); /* This our_memcpy it is runs in kernel, * So the des, src is equ to phy address */ Void our_memcpy (unsigned char * des, unsigned char * src, unsigned int len) { Unsigned int I; For (I = 0; I * (des + I) = * (src + I ); } Struct sk_buff * ppp2eth (struct sk_buff * skb) { Unsigned char ethhdr [14] = {0 x, 0x06, 0x4e, 0 x, 0 x, 0 x, 0x00, 0xe0, 0x4c, 0xe0, 0xf8, 0x35,0x08,0x00};/* change the mac addr pls */ Struct sk_buff * skb2; Unsigned int size; Size = skb-> len + 14; Skb2 = alloc_skb (size, GFP_ATOMIC ); Our_memcpy (skb2-> data, ethhdr, 14 ); Our_memcpy (skb2-> data + 14, skb-> data, skb-> len ); Skb2-> tail + = size; Skb2-> len = size; _ Kfree_skb (skb ); Return skb2; } Struct sk_buff * eth2ppp (struct sk_buff * skb) { Return skb; } Int new_ip_rcv (struct sk_buff * skb) { Struct device * lan_eth, * ppp_h; Struct sk_buff * skb_new; Lan_eth = dev_get ("eth1 "); Ppp_h = dev_get ("ppp0 "); If (lan_eth = NULL | ppp_h = NULL) Return 0; If (skb-> dev-> name [0] = 'P ') { If (skb-> nh. iph-> saddr! = 0x12345678)/* change to the ip addr as you wish */ Return 3; Skb_new = ppp2eth (skb ); Skb_new-> dev = lan_eth; Dev_queue_xmit (skb_new ); Return 0; } Else if (skb-> dev-> name [0] = 'E' & skb-> dev-> name [3] = '1 ') { If (skb-> nh. iph-> saddr! = Ppp_ipaddr) Return 3; Skb_new = eth2ppp (skb ); Skb_new-> dev = ppp_h; Dev_queue_xmit (skb_new ); } // If we return 1, we will free skb Return 0; } Int new_arp_rcv (struct sk_buff * skb, struct device * dev, struct packet_type * pt) { Struct arphdr * arp = skb-> nh. arph; Unsigned char * arp_ptr = (unsigned char *) (arp + 1 ); Unsigned long sip, tip; Unsigned char * sha; Sha = arp_ptr; Arp_ptr + = dev-> addr_len; Our_memcpy (unsigned char *) (& sip), arp_ptr, 4 ); Arp_ptr + = 4; Arp_ptr + = dev-> addr_len; Our_memcpy (unsigned char *) (& tip), arp_ptr, 4 ); If (* sha = 0x00 & * (sha + 1) = 0x06 & * (sha + 2) = 0x4e & * (sha + 3) = 0x00 & * (sha + 4) = 0x04 & * (sha + 5) = 0x94 & arp-> ar_op = _ constant_htons (ARPOP_REQUEST )) { Arp_send (ARPOP_REPLY, ETH_P_ARP, sip, dev, tip, sha, dev-> dev_addr, sha ); Return 1; } Else Return 0; } Int init_module () { EXPORT_NO_SYMBOLS; Arp_rcv_hook = new_arp_rcv; Ip_rcv_hook = new_ip_rcv; Printk ("now enter ipnat: % x... \ n", ppp_ipaddr ); Return 0; } Void cleanup_module () { Arp_rcv_hook = 0; Ip_rcv_hook = 0; Printk ("now net_hook will quit. \ n "); } /* Conv. h: head file for conv. c * Email: jundai20@hotmail.com */ Extern int (* ip_rcv_hook) (struct sk_buff *); Extern int (* arp_rcv_hook) (struct sk_buff *, struct device * dev, struct packet_type * pt ); Extern void arp_send (int type, int ptype, u32 dest_ip, Struct device * dev, u32 src_ip, Unsigned char * dest_hw, unsigned char * src_hw, unsigned char * th ); Extern struct device * dev_get (const char * name ); Extern struct sk_buff * skb_realloc_headroom (struct sk_buff * skb, int newheadroom ); Extern void _ kfree_skb (struct sk_buff *); # Ifndef ARPOP_REPLY # Define ARPOP_REPLY 2 # Endif # Ifndef ETH_P_ARP # Define ETH_P_ARP 0x0806 # Endif # Ifndef GFP_ATOMIC # Define GFP_ATOMIC 0x08 # Endif /* Passnat. c: user interface for use conv * Email: jundai20@hotmail.com */ # Include # Include # Include # Include # Include # Include Int main () { Struct ifreq ifr; Struct sockaddr_in * skt; Int eth_s; Unsigned long ip_addr_rtrn; Unsigned char command [256] = {0 }; If (eth_s = socket (AF_INET, SOCK_DGRAM, 0) <0) { Perror ("socket "); Exit (0 ); } Strcpy (ifr. ifr_name, "ppp0 "); If (ioctl (eth_s, SIOCGIFADDR, & ifr) <0 ); Skt = (struct sockaddr_in *) & ifr. I

Related Articles]

• Introduction to network protocols TCP/IP, IPX/SPX, and NETBEUI
  

• Interpreting TCP/IP protocol by connecting to an instance
  

• In-depth understanding of TCP/IP