-
Notifications
You must be signed in to change notification settings - Fork 4
/
conntrack.go
115 lines (96 loc) · 2.41 KB
/
conntrack.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
package main
import (
"net"
"time"
log "github.com/sirupsen/logrus"
"go.universe.tf/natlab/portmanager"
)
type TranslatorVerdict int
const (
TranslatorVerdictAccept TranslatorVerdict = iota
TranslatorVerdictMangle
TranslatorVerdictDrop
)
// Translator is the top-level interface. Packets get fed in, may be
// mutated, and the verdict dictates whether the packet makes it off
// the machine.
type Translator interface {
TranslateOutUDP(packet []byte) TranslatorVerdict
TranslateInUDP(packet []byte) TranslatorVerdict
}
type ctEntry struct {
Original UDPAddr
Mapped UDPAddr
Close func()
Deadline time.Time
}
func (e *ctEntry) expired() bool {
return e.Deadline.Before(time.Now())
}
func (e *ctEntry) extend() {
e.Deadline = time.Now().Add(120 * time.Second)
}
type endpointIndependentNAT struct {
publicIP net.IP
// byOriginal matches on outbound packet 4-tuples.
byOriginal map[UDPAddr]*ctEntry
// byMapped matches on inbound packet 4-tuples
byMapped map[UDPAddr]*ctEntry
portManager *portmanager.PortManager
}
func NewAddressAndPortDependentNAT(wanIPs []net.IP) Translator {
cfg := &portmanager.Config{
WANIPs: wanIPs,
}
return &endpointIndependentNAT{
byOriginal: map[UDPAddr]*ctEntry{},
byMapped: map[UDPAddr]*ctEntry{},
portManager: portmanager.New(cfg),
}
}
func (n endpointIndependentNAT) TranslateOutUDP(bs []byte) TranslatorVerdict {
p := NewPacket(bs)
key := p.UDPSrcAddr()
ct := n.byOriginal[key]
if ct != nil && ct.expired() {
n.deleteMapping(ct)
ct = nil
}
if ct == nil {
mappedAddr, close, err := n.portManager.AllocateUDP(p.UDPSrcAddr().ToNetUDPAddr())
if err != nil {
log.Errorf("Failed to park port: %s", err)
return TranslatorVerdictDrop
}
ct = &ctEntry{
Original: key,
Mapped: FromNetUDPAddr(mappedAddr),
Close: close,
}
ct.extend()
n.byOriginal[ct.Original] = ct
n.byMapped[ct.Mapped] = ct
}
p.SetUDPSrcAddr(ct.Mapped)
return TranslatorVerdictMangle
}
func (n endpointIndependentNAT) TranslateInUDP(bs []byte) TranslatorVerdict {
p := NewPacket(bs)
key := p.UDPDstAddr()
ct := n.byMapped[key]
if ct == nil {
return TranslatorVerdictDrop
}
if ct.expired() {
n.deleteMapping(ct)
return TranslatorVerdictDrop
}
ct.extend()
p.SetUDPDstAddr(ct.Original)
return TranslatorVerdictMangle
}
func (n endpointIndependentNAT) deleteMapping(ct *ctEntry) {
delete(n.byOriginal, ct.Original)
delete(n.byMapped, ct.Mapped)
ct.Close()
}