blob: 58a7e9d72ae6c68515ac7db25bd4faa47f16d144 [file] [log] [blame]
Daniel Drowna45056e2012-03-23 10:42:54 -05001/*
2 * Copyright 2011 Daniel Drown
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 * translate.c - CLAT functions / partial implementation of rfc6145
17 */
18#include <string.h>
Daniel Drowna45056e2012-03-23 10:42:54 -050019
20#include "checksum.h"
21#include "clatd.h"
22#include "config.h"
Daniel Drowna45056e2012-03-23 10:42:54 -050023#include "debug.h"
junyulaic4e591a2018-11-26 22:36:10 +090024#include "icmp.h"
25#include "logging.h"
26#include "translate.h"
Lorenzo Colitti6b2007a2014-12-08 12:53:05 +090027#include "tun.h"
Daniel Drowna45056e2012-03-23 10:42:54 -050028
Lorenzo Colittiee80ca62013-04-10 16:52:22 +090029/* function: packet_checksum
30 * calculates the checksum over all the packet components starting from pos
31 * checksum - checksum of packet components before pos
32 * packet - packet to calculate the checksum of
33 * pos - position to start counting from
34 * returns - the completed 16-bit checksum, ready to write into a checksum header field
35 */
Lorenzo Colittia4454bf2014-02-25 09:27:31 +090036uint16_t packet_checksum(uint32_t checksum, clat_packet packet, clat_packet_index pos) {
Lorenzo Colittiee80ca62013-04-10 16:52:22 +090037 int i;
38 for (i = pos; i < CLAT_POS_MAX; i++) {
39 if (packet[i].iov_len > 0) {
40 checksum = ip_checksum_add(checksum, packet[i].iov_base, packet[i].iov_len);
41 }
42 }
43 return ip_checksum_finish(checksum);
44}
45
46/* function: packet_length
47 * returns the total length of all the packet components after pos
Lorenzo Colittid9084182013-03-22 00:42:21 +090048 * packet - packet to calculate the length of
Lorenzo Colitticd70b352013-04-10 12:24:56 +090049 * pos - position to start counting after
Lorenzo Colittid9084182013-03-22 00:42:21 +090050 * returns: the total length of the packet components after pos
51 */
Lorenzo Colittia4454bf2014-02-25 09:27:31 +090052uint16_t packet_length(clat_packet packet, clat_packet_index pos) {
Lorenzo Colittid9084182013-03-22 00:42:21 +090053 size_t len = 0;
54 int i;
Lorenzo Colittiee80ca62013-04-10 16:52:22 +090055 for (i = pos + 1; i < CLAT_POS_MAX; i++) {
Lorenzo Colittid9084182013-03-22 00:42:21 +090056 len += packet[i].iov_len;
57 }
58 return len;
59}
60
Lorenzo Colittiee80ca62013-04-10 16:52:22 +090061/* function: is_in_plat_subnet
62 * returns true iff the given IPv6 address is in the plat subnet.
63 * addr - IPv6 address
64 */
65int is_in_plat_subnet(const struct in6_addr *addr6) {
66 // Assumes a /96 plat subnet.
67 return (addr6 != NULL) && (memcmp(addr6, &Global_Clatd_Config.plat_subnet, 12) == 0);
68}
69
70/* function: ipv6_addr_to_ipv4_addr
71 * return the corresponding ipv4 address for the given ipv6 address
72 * addr6 - ipv6 address
73 * returns: the IPv4 address
74 */
75uint32_t ipv6_addr_to_ipv4_addr(const struct in6_addr *addr6) {
Lorenzo Colittiee80ca62013-04-10 16:52:22 +090076 if (is_in_plat_subnet(addr6)) {
77 // Assumes a /96 plat subnet.
78 return addr6->s6_addr32[3];
Lorenzo Colitticd70b352013-04-10 12:24:56 +090079 } else if (IN6_ARE_ADDR_EQUAL(addr6, &Global_Clatd_Config.ipv6_local_subnet)) {
80 // Special-case our own address.
Lorenzo Colittiee80ca62013-04-10 16:52:22 +090081 return Global_Clatd_Config.ipv4_local_subnet.s_addr;
Lorenzo Colitticd70b352013-04-10 12:24:56 +090082 } else {
83 // Third party packet. Let the caller deal with it.
84 return INADDR_NONE;
Lorenzo Colittiee80ca62013-04-10 16:52:22 +090085 }
86}
87
88/* function: ipv4_addr_to_ipv6_addr
89 * return the corresponding ipv6 address for the given ipv4 address
90 * addr4 - ipv4 address
91 */
92struct in6_addr ipv4_addr_to_ipv6_addr(uint32_t addr4) {
93 struct in6_addr addr6;
94 // Both addresses are in network byte order (addr4 comes from a network packet, and the config
95 // file entry is read using inet_ntop).
96 if (addr4 == Global_Clatd_Config.ipv4_local_subnet.s_addr) {
97 return Global_Clatd_Config.ipv6_local_subnet;
98 } else {
99 // Assumes a /96 plat subnet.
junyulaic4e591a2018-11-26 22:36:10 +0900100 addr6 = Global_Clatd_Config.plat_subnet;
Lorenzo Colittiee80ca62013-04-10 16:52:22 +0900101 addr6.s6_addr32[3] = addr4;
102 return addr6;
103 }
104}
105
Daniel Drowna45056e2012-03-23 10:42:54 -0500106/* function: fill_tun_header
107 * fill in the header for the tun fd
108 * tun_header - tunnel header, already allocated
109 * proto - ethernet protocol id: ETH_P_IP(ipv4) or ETH_P_IPV6(ipv6)
110 */
111void fill_tun_header(struct tun_pi *tun_header, uint16_t proto) {
112 tun_header->flags = 0;
113 tun_header->proto = htons(proto);
114}
115
Daniel Drowna45056e2012-03-23 10:42:54 -0500116/* function: fill_ip_header
Lorenzo Colittid9084182013-03-22 00:42:21 +0900117 * generate an ipv4 header from an ipv6 header
118 * ip_targ - (ipv4) target packet header, source: original ipv4 addr, dest: local subnet addr
Daniel Drowna45056e2012-03-23 10:42:54 -0500119 * payload_len - length of other data inside packet
120 * protocol - protocol number (tcp, udp, etc)
Lorenzo Colittid9084182013-03-22 00:42:21 +0900121 * old_header - (ipv6) source packet header, source: nat64 prefix, dest: local subnet prefix
Daniel Drowna45056e2012-03-23 10:42:54 -0500122 */
Lorenzo Colittid9084182013-03-22 00:42:21 +0900123void fill_ip_header(struct iphdr *ip, uint16_t payload_len, uint8_t protocol,
124 const struct ip6_hdr *old_header) {
Lorenzo Colitticd70b352013-04-10 12:24:56 +0900125 int ttl_guess;
Lorenzo Colittid9084182013-03-22 00:42:21 +0900126 memset(ip, 0, sizeof(struct iphdr));
Daniel Drowna45056e2012-03-23 10:42:54 -0500127
junyulaic4e591a2018-11-26 22:36:10 +0900128 ip->ihl = 5;
129 ip->version = 4;
130 ip->tos = 0;
131 ip->tot_len = htons(sizeof(struct iphdr) + payload_len);
132 ip->id = 0;
Lorenzo Colittid9084182013-03-22 00:42:21 +0900133 ip->frag_off = htons(IP_DF);
junyulaic4e591a2018-11-26 22:36:10 +0900134 ip->ttl = old_header->ip6_hlim;
Lorenzo Colittid9084182013-03-22 00:42:21 +0900135 ip->protocol = protocol;
junyulaic4e591a2018-11-26 22:36:10 +0900136 ip->check = 0;
Daniel Drowna45056e2012-03-23 10:42:54 -0500137
Lorenzo Colittiee80ca62013-04-10 16:52:22 +0900138 ip->saddr = ipv6_addr_to_ipv4_addr(&old_header->ip6_src);
139 ip->daddr = ipv6_addr_to_ipv4_addr(&old_header->ip6_dst);
Lorenzo Colitticd70b352013-04-10 12:24:56 +0900140
141 // Third-party ICMPv6 message. This may have been originated by an native IPv6 address.
142 // In that case, the source IPv6 address can't be translated and we need to make up an IPv4
143 // source address. For now, use 255.0.0.<ttl>, which at least looks useful in traceroute.
junyulaic4e591a2018-11-26 22:36:10 +0900144 if ((uint32_t)ip->saddr == INADDR_NONE) {
Lorenzo Colitticd70b352013-04-10 12:24:56 +0900145 ttl_guess = icmp_guess_ttl(old_header->ip6_hlim);
146 ip->saddr = htonl((0xff << 24) + ttl_guess);
147 }
Daniel Drowna45056e2012-03-23 10:42:54 -0500148}
149
150/* function: fill_ip6_header
Lorenzo Colittid9084182013-03-22 00:42:21 +0900151 * generate an ipv6 header from an ipv4 header
152 * ip6 - (ipv6) target packet header, source: local subnet prefix, dest: nat64 prefix
Daniel Drowna45056e2012-03-23 10:42:54 -0500153 * payload_len - length of other data inside packet
154 * protocol - protocol number (tcp, udp, etc)
Lorenzo Colittid9084182013-03-22 00:42:21 +0900155 * old_header - (ipv4) source packet header, source: local subnet addr, dest: internet's ipv4 addr
Daniel Drowna45056e2012-03-23 10:42:54 -0500156 */
Lorenzo Colittid9084182013-03-22 00:42:21 +0900157void fill_ip6_header(struct ip6_hdr *ip6, uint16_t payload_len, uint8_t protocol,
158 const struct iphdr *old_header) {
Daniel Drowna45056e2012-03-23 10:42:54 -0500159 memset(ip6, 0, sizeof(struct ip6_hdr));
160
junyulaic4e591a2018-11-26 22:36:10 +0900161 ip6->ip6_vfc = 6 << 4;
Daniel Drowna45056e2012-03-23 10:42:54 -0500162 ip6->ip6_plen = htons(payload_len);
junyulaic4e591a2018-11-26 22:36:10 +0900163 ip6->ip6_nxt = protocol;
Daniel Drowna45056e2012-03-23 10:42:54 -0500164 ip6->ip6_hlim = old_header->ttl;
165
Lorenzo Colittiee80ca62013-04-10 16:52:22 +0900166 ip6->ip6_src = ipv4_addr_to_ipv6_addr(old_header->saddr);
167 ip6->ip6_dst = ipv4_addr_to_ipv6_addr(old_header->daddr);
Daniel Drowna45056e2012-03-23 10:42:54 -0500168}
169
Lorenzo Colitti57d480d2014-02-09 10:35:38 +0900170/* function: maybe_fill_frag_header
171 * fills a fragmentation header
172 * generate an ipv6 fragment header from an ipv4 header
173 * frag_hdr - target (ipv6) fragmentation header
174 * ip6_targ - target (ipv6) header
175 * old_header - (ipv4) source packet header
176 * returns: the length of the fragmentation header if present, or zero if not present
177 */
178size_t maybe_fill_frag_header(struct ip6_frag *frag_hdr, struct ip6_hdr *ip6_targ,
179 const struct iphdr *old_header) {
180 uint16_t frag_flags = ntohs(old_header->frag_off);
junyulaic4e591a2018-11-26 22:36:10 +0900181 uint16_t frag_off = frag_flags & IP_OFFMASK;
Lorenzo Colitti57d480d2014-02-09 10:35:38 +0900182 if (frag_off == 0 && (frag_flags & IP_MF) == 0) {
183 // Not a fragment.
184 return 0;
185 }
186
junyulaic4e591a2018-11-26 22:36:10 +0900187 frag_hdr->ip6f_nxt = ip6_targ->ip6_nxt;
Lorenzo Colitti57d480d2014-02-09 10:35:38 +0900188 frag_hdr->ip6f_reserved = 0;
189 // In IPv4, the offset is the bottom 13 bits; in IPv6 it's the top 13 bits.
190 frag_hdr->ip6f_offlg = htons(frag_off << 3);
191 if (frag_flags & IP_MF) {
192 frag_hdr->ip6f_offlg |= IP6F_MORE_FRAG;
193 }
194 frag_hdr->ip6f_ident = htonl(ntohs(old_header->id));
junyulaic4e591a2018-11-26 22:36:10 +0900195 ip6_targ->ip6_nxt = IPPROTO_FRAGMENT;
Lorenzo Colitti57d480d2014-02-09 10:35:38 +0900196
197 return sizeof(*frag_hdr);
198}
199
200/* function: parse_frag_header
201 * return the length of the fragmentation header if present, or zero if not present
202 * generate an ipv6 fragment header from an ipv4 header
203 * frag_hdr - (ipv6) fragmentation header
204 * ip_targ - target (ipv4) header
205 * returns: the next header value
206 */
207uint8_t parse_frag_header(const struct ip6_frag *frag_hdr, struct iphdr *ip_targ) {
208 uint16_t frag_off = (ntohs(frag_hdr->ip6f_offlg & IP6F_OFF_MASK) >> 3);
209 if (frag_hdr->ip6f_offlg & IP6F_MORE_FRAG) {
210 frag_off |= IP_MF;
211 }
212 ip_targ->frag_off = htons(frag_off);
junyulaic4e591a2018-11-26 22:36:10 +0900213 ip_targ->id = htons(ntohl(frag_hdr->ip6f_ident) & 0xffff);
Lorenzo Colitti57d480d2014-02-09 10:35:38 +0900214 ip_targ->protocol = frag_hdr->ip6f_nxt;
215 return frag_hdr->ip6f_nxt;
216}
Lorenzo Colittif9390602014-02-13 12:53:35 +0900217
Daniel Drowna45056e2012-03-23 10:42:54 -0500218/* function: icmp_to_icmp6
Lorenzo Colitticd70b352013-04-10 12:24:56 +0900219 * translate ipv4 icmp to ipv6 icmp
Lorenzo Colittid9084182013-03-22 00:42:21 +0900220 * out - output packet
Daniel Drowna45056e2012-03-23 10:42:54 -0500221 * icmp - source packet icmp header
Lorenzo Colittid9084182013-03-22 00:42:21 +0900222 * checksum - pseudo-header checksum
Daniel Drowna45056e2012-03-23 10:42:54 -0500223 * payload - icmp payload
224 * payload_size - size of payload
Lorenzo Colittid9084182013-03-22 00:42:21 +0900225 * returns: the highest position in the output clat_packet that's filled in
Daniel Drowna45056e2012-03-23 10:42:54 -0500226 */
Lorenzo Colittia4454bf2014-02-25 09:27:31 +0900227int icmp_to_icmp6(clat_packet out, clat_packet_index pos, const struct icmphdr *icmp,
228 uint32_t checksum, const uint8_t *payload, size_t payload_size) {
Lorenzo Colittid9084182013-03-22 00:42:21 +0900229 struct icmp6_hdr *icmp6_targ = out[pos].iov_base;
Lorenzo Colitticd70b352013-04-10 12:24:56 +0900230 uint8_t icmp6_type;
231 int clat_packet_len;
Daniel Drowna45056e2012-03-23 10:42:54 -0500232
Lorenzo Colittid9084182013-03-22 00:42:21 +0900233 memset(icmp6_targ, 0, sizeof(struct icmp6_hdr));
Lorenzo Colitticd70b352013-04-10 12:24:56 +0900234
junyulaic4e591a2018-11-26 22:36:10 +0900235 icmp6_type = icmp_to_icmp6_type(icmp->type, icmp->code);
Lorenzo Colitticd70b352013-04-10 12:24:56 +0900236 icmp6_targ->icmp6_type = icmp6_type;
237 icmp6_targ->icmp6_code = icmp_to_icmp6_code(icmp->type, icmp->code);
Daniel Drowna45056e2012-03-23 10:42:54 -0500238
Lorenzo Colittid9084182013-03-22 00:42:21 +0900239 out[pos].iov_len = sizeof(struct icmp6_hdr);
Lorenzo Colitticd70b352013-04-10 12:24:56 +0900240
junyulaic4e591a2018-11-26 22:36:10 +0900241 if (pos == CLAT_POS_TRANSPORTHDR && is_icmp_error(icmp->type) && icmp6_type != ICMP6_PARAM_PROB) {
Lorenzo Colitticd70b352013-04-10 12:24:56 +0900242 // An ICMP error we understand, one level deep.
243 // Translate the nested packet (the one that caused the error).
244 clat_packet_len = ipv4_packet(out, pos + 1, payload, payload_size);
245
246 // The pseudo-header checksum was calculated on the transport length of the original IPv4
247 // packet that we were asked to translate. This transport length is 20 bytes smaller than it
248 // needs to be, because the ICMP error contains an IPv4 header, which we will be translating to
Lorenzo Colitti5a50c022014-02-10 09:20:05 +0900249 // an IPv6 header, which is 20 bytes longer. Fix it up here.
Lorenzo Colitticd70b352013-04-10 12:24:56 +0900250 // We only need to do this for ICMP->ICMPv6, not ICMPv6->ICMP, because ICMP does not use the
251 // pseudo-header when calculating its checksum (as the IPv4 header has its own checksum).
Lorenzo Colitti5a50c022014-02-10 09:20:05 +0900252 checksum = checksum + htons(20);
Lorenzo Colitticd70b352013-04-10 12:24:56 +0900253 } else if (icmp6_type == ICMP6_ECHO_REQUEST || icmp6_type == ICMP6_ECHO_REPLY) {
254 // Ping packet.
junyulaic4e591a2018-11-26 22:36:10 +0900255 icmp6_targ->icmp6_id = icmp->un.echo.id;
256 icmp6_targ->icmp6_seq = icmp->un.echo.sequence;
257 out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *)payload;
258 out[CLAT_POS_PAYLOAD].iov_len = payload_size;
259 clat_packet_len = CLAT_POS_PAYLOAD + 1;
Lorenzo Colitticd70b352013-04-10 12:24:56 +0900260 } else {
261 // Unknown type/code. The type/code conversion functions have already logged an error.
262 return 0;
263 }
Daniel Drowna45056e2012-03-23 10:42:54 -0500264
Lorenzo Colittiee80ca62013-04-10 16:52:22 +0900265 icmp6_targ->icmp6_cksum = 0; // Checksum field must be 0 when calculating checksum.
266 icmp6_targ->icmp6_cksum = packet_checksum(checksum, out, pos);
267
Lorenzo Colitticd70b352013-04-10 12:24:56 +0900268 return clat_packet_len;
Daniel Drowna45056e2012-03-23 10:42:54 -0500269}
270
271/* function: icmp6_to_icmp
Lorenzo Colitticd70b352013-04-10 12:24:56 +0900272 * translate ipv6 icmp to ipv4 icmp
Lorenzo Colittid9084182013-03-22 00:42:21 +0900273 * out - output packet
Daniel Drowna45056e2012-03-23 10:42:54 -0500274 * icmp6 - source packet icmp6 header
275 * payload - icmp6 payload
276 * payload_size - size of payload
Lorenzo Colittid9084182013-03-22 00:42:21 +0900277 * returns: the highest position in the output clat_packet that's filled in
Daniel Drowna45056e2012-03-23 10:42:54 -0500278 */
Lorenzo Colittia4454bf2014-02-25 09:27:31 +0900279int icmp6_to_icmp(clat_packet out, clat_packet_index pos, const struct icmp6_hdr *icmp6,
Brian Carlstromfcac4102014-02-24 20:03:01 -0800280 const uint8_t *payload, size_t payload_size) {
Lorenzo Colittid9084182013-03-22 00:42:21 +0900281 struct icmphdr *icmp_targ = out[pos].iov_base;
Lorenzo Colitticd70b352013-04-10 12:24:56 +0900282 uint8_t icmp_type;
Lorenzo Colitticd70b352013-04-10 12:24:56 +0900283 int clat_packet_len;
Daniel Drowna45056e2012-03-23 10:42:54 -0500284
Lorenzo Colittid9084182013-03-22 00:42:21 +0900285 memset(icmp_targ, 0, sizeof(struct icmphdr));
Daniel Drowna45056e2012-03-23 10:42:54 -0500286
junyulaic4e591a2018-11-26 22:36:10 +0900287 icmp_type = icmp6_to_icmp_type(icmp6->icmp6_type, icmp6->icmp6_code);
Lorenzo Colitticd70b352013-04-10 12:24:56 +0900288 icmp_targ->type = icmp_type;
289 icmp_targ->code = icmp6_to_icmp_code(icmp6->icmp6_type, icmp6->icmp6_code);
Daniel Drowna45056e2012-03-23 10:42:54 -0500290
Lorenzo Colittid9084182013-03-22 00:42:21 +0900291 out[pos].iov_len = sizeof(struct icmphdr);
Lorenzo Colitticd70b352013-04-10 12:24:56 +0900292
junyulaic4e591a2018-11-26 22:36:10 +0900293 if (pos == CLAT_POS_TRANSPORTHDR && is_icmp6_error(icmp6->icmp6_type) &&
Lorenzo Colitticd70b352013-04-10 12:24:56 +0900294 icmp_type != ICMP_PARAMETERPROB) {
295 // An ICMPv6 error we understand, one level deep.
296 // Translate the nested packet (the one that caused the error).
297 clat_packet_len = ipv6_packet(out, pos + 1, payload, payload_size);
298 } else if (icmp_type == ICMP_ECHO || icmp_type == ICMP_ECHOREPLY) {
299 // Ping packet.
junyulaic4e591a2018-11-26 22:36:10 +0900300 icmp_targ->un.echo.id = icmp6->icmp6_id;
301 icmp_targ->un.echo.sequence = icmp6->icmp6_seq;
302 out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *)payload;
303 out[CLAT_POS_PAYLOAD].iov_len = payload_size;
304 clat_packet_len = CLAT_POS_PAYLOAD + 1;
Lorenzo Colitticd70b352013-04-10 12:24:56 +0900305 } else {
junyulaic4e591a2018-11-26 22:36:10 +0900306 // Unknown type/code. The type/code conversion functions have already logged an error.
Lorenzo Colitticd70b352013-04-10 12:24:56 +0900307 return 0;
308 }
Daniel Drowna45056e2012-03-23 10:42:54 -0500309
Lorenzo Colittiee80ca62013-04-10 16:52:22 +0900310 icmp_targ->checksum = 0; // Checksum field must be 0 when calculating checksum.
311 icmp_targ->checksum = packet_checksum(0, out, pos);
312
Lorenzo Colitticd70b352013-04-10 12:24:56 +0900313 return clat_packet_len;
Lorenzo Colittid9084182013-03-22 00:42:21 +0900314}
Daniel Drowna45056e2012-03-23 10:42:54 -0500315
Lorenzo Colittic9f4c892013-11-18 12:59:44 +0900316/* function: generic_packet
317 * takes a generic IP packet and sets it up for translation
318 * out - output packet
319 * pos - position in the output packet of the transport header
320 * payload - pointer to IP payload
321 * len - size of ip payload
322 * returns: the highest position in the output clat_packet that's filled in
323 */
Lorenzo Colittia4454bf2014-02-25 09:27:31 +0900324int generic_packet(clat_packet out, clat_packet_index pos, const uint8_t *payload, size_t len) {
junyulaic4e591a2018-11-26 22:36:10 +0900325 out[pos].iov_len = 0;
326 out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *)payload;
327 out[CLAT_POS_PAYLOAD].iov_len = len;
Lorenzo Colittic9f4c892013-11-18 12:59:44 +0900328
329 return CLAT_POS_PAYLOAD + 1;
330}
331
Lorenzo Colittid9084182013-03-22 00:42:21 +0900332/* function: udp_packet
333 * takes a udp packet and sets it up for translation
334 * out - output packet
335 * udp - pointer to udp header in packet
Lorenzo Colitti5a50c022014-02-10 09:20:05 +0900336 * old_sum - pseudo-header checksum of old header
337 * new_sum - pseudo-header checksum of new header
Lorenzo Colittid9084182013-03-22 00:42:21 +0900338 * len - size of ip payload
339 */
junyulaic4e591a2018-11-26 22:36:10 +0900340int udp_packet(clat_packet out, clat_packet_index pos, const struct udphdr *udp, uint32_t old_sum,
341 uint32_t new_sum, size_t len) {
Brian Carlstromfcac4102014-02-24 20:03:01 -0800342 const uint8_t *payload;
Lorenzo Colittid9084182013-03-22 00:42:21 +0900343 size_t payload_size;
344
junyulaic4e591a2018-11-26 22:36:10 +0900345 if (len < sizeof(struct udphdr)) {
346 logmsg_dbg(ANDROID_LOG_ERROR, "udp_packet/(too small)");
Lorenzo Colittid9084182013-03-22 00:42:21 +0900347 return 0;
348 }
349
junyulaic4e591a2018-11-26 22:36:10 +0900350 payload = (const uint8_t *)(udp + 1);
Lorenzo Colittid9084182013-03-22 00:42:21 +0900351 payload_size = len - sizeof(struct udphdr);
352
Lorenzo Colitti5a50c022014-02-10 09:20:05 +0900353 return udp_translate(out, pos, udp, old_sum, new_sum, payload, payload_size);
Lorenzo Colittid9084182013-03-22 00:42:21 +0900354}
355
356/* function: tcp_packet
357 * takes a tcp packet and sets it up for translation
358 * out - output packet
359 * tcp - pointer to tcp header in packet
360 * checksum - pseudo-header checksum
361 * len - size of ip payload
362 * returns: the highest position in the output clat_packet that's filled in
363 */
junyulaic4e591a2018-11-26 22:36:10 +0900364int tcp_packet(clat_packet out, clat_packet_index pos, const struct tcphdr *tcp, uint32_t old_sum,
365 uint32_t new_sum, size_t len) {
Brian Carlstromfcac4102014-02-24 20:03:01 -0800366 const uint8_t *payload;
Lorenzo Colittid9084182013-03-22 00:42:21 +0900367 size_t payload_size, header_size;
368
junyulaic4e591a2018-11-26 22:36:10 +0900369 if (len < sizeof(struct tcphdr)) {
370 logmsg_dbg(ANDROID_LOG_ERROR, "tcp_packet/(too small)");
Lorenzo Colittid9084182013-03-22 00:42:21 +0900371 return 0;
372 }
373
junyulaic4e591a2018-11-26 22:36:10 +0900374 if (tcp->doff < 5) {
375 logmsg_dbg(ANDROID_LOG_ERROR, "tcp_packet/tcp header length set to less than 5: %x", tcp->doff);
Lorenzo Colittid9084182013-03-22 00:42:21 +0900376 return 0;
377 }
378
junyulaic4e591a2018-11-26 22:36:10 +0900379 if ((size_t)tcp->doff * 4 > len) {
380 logmsg_dbg(ANDROID_LOG_ERROR, "tcp_packet/tcp header length set too large: %x", tcp->doff);
Lorenzo Colittid9084182013-03-22 00:42:21 +0900381 return 0;
382 }
383
junyulaic4e591a2018-11-26 22:36:10 +0900384 header_size = tcp->doff * 4;
385 payload = ((const uint8_t *)tcp) + header_size;
Lorenzo Colittid9084182013-03-22 00:42:21 +0900386 payload_size = len - header_size;
387
Lorenzo Colitti5a50c022014-02-10 09:20:05 +0900388 return tcp_translate(out, pos, tcp, header_size, old_sum, new_sum, payload, payload_size);
Daniel Drowna45056e2012-03-23 10:42:54 -0500389}
390
391/* function: udp_translate
392 * common between ipv4/ipv6 - setup checksum and send udp packet
Lorenzo Colittid9084182013-03-22 00:42:21 +0900393 * out - output packet
394 * udp - udp header
Lorenzo Colitti5a50c022014-02-10 09:20:05 +0900395 * old_sum - pseudo-header checksum of old header
396 * new_sum - pseudo-header checksum of new header
Lorenzo Colittid9084182013-03-22 00:42:21 +0900397 * payload - tcp payload
Daniel Drowna45056e2012-03-23 10:42:54 -0500398 * payload_size - size of payload
Lorenzo Colittid9084182013-03-22 00:42:21 +0900399 * returns: the highest position in the output clat_packet that's filled in
Daniel Drowna45056e2012-03-23 10:42:54 -0500400 */
Lorenzo Colittia4454bf2014-02-25 09:27:31 +0900401int udp_translate(clat_packet out, clat_packet_index pos, const struct udphdr *udp,
402 uint32_t old_sum, uint32_t new_sum, const uint8_t *payload, size_t payload_size) {
Lorenzo Colittid9084182013-03-22 00:42:21 +0900403 struct udphdr *udp_targ = out[pos].iov_base;
Daniel Drowna45056e2012-03-23 10:42:54 -0500404
Lorenzo Colittid9084182013-03-22 00:42:21 +0900405 memcpy(udp_targ, udp, sizeof(struct udphdr));
Daniel Drowna45056e2012-03-23 10:42:54 -0500406
junyulaic4e591a2018-11-26 22:36:10 +0900407 out[pos].iov_len = sizeof(struct udphdr);
408 out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *)payload;
409 out[CLAT_POS_PAYLOAD].iov_len = payload_size;
Daniel Drowna45056e2012-03-23 10:42:54 -0500410
Lorenzo Colitti5a50c022014-02-10 09:20:05 +0900411 if (udp_targ->check) {
412 udp_targ->check = ip_checksum_adjust(udp->check, old_sum, new_sum);
413 } else {
414 // Zero checksums are special. RFC 768 says, "An all zero transmitted checksum value means that
415 // the transmitter generated no checksum (for debugging or for higher level protocols that
416 // don't care)." However, in IPv6 zero UDP checksums were only permitted by RFC 6935 (2013). So
417 // for safety we recompute it.
418 udp_targ->check = 0; // Checksum field must be 0 when calculating checksum.
419 udp_targ->check = packet_checksum(new_sum, out, pos);
420 }
421
422 // RFC 768: "If the computed checksum is zero, it is transmitted as all ones (the equivalent
423 // in one's complement arithmetic)."
424 if (!udp_targ->check) {
425 udp_targ->check = 0xffff;
426 }
Lorenzo Colittiee80ca62013-04-10 16:52:22 +0900427
428 return CLAT_POS_PAYLOAD + 1;
Daniel Drowna45056e2012-03-23 10:42:54 -0500429}
430
431/* function: tcp_translate
432 * common between ipv4/ipv6 - setup checksum and send tcp packet
Lorenzo Colittid9084182013-03-22 00:42:21 +0900433 * out - output packet
434 * tcp - tcp header
435 * header_size - size of tcp header including options
436 * checksum - partial checksum covering ipv4/ipv6 header
Daniel Drowna45056e2012-03-23 10:42:54 -0500437 * payload - tcp payload
438 * payload_size - size of payload
Lorenzo Colittid9084182013-03-22 00:42:21 +0900439 * returns: the highest position in the output clat_packet that's filled in
Daniel Drowna45056e2012-03-23 10:42:54 -0500440 */
Lorenzo Colittia4454bf2014-02-25 09:27:31 +0900441int tcp_translate(clat_packet out, clat_packet_index pos, const struct tcphdr *tcp,
junyulaic4e591a2018-11-26 22:36:10 +0900442 size_t header_size, uint32_t old_sum, uint32_t new_sum, const uint8_t *payload,
443 size_t payload_size) {
Lorenzo Colittid9084182013-03-22 00:42:21 +0900444 struct tcphdr *tcp_targ = out[pos].iov_base;
junyulaic4e591a2018-11-26 22:36:10 +0900445 out[pos].iov_len = header_size;
Daniel Drowna45056e2012-03-23 10:42:54 -0500446
Lorenzo Colittid9084182013-03-22 00:42:21 +0900447 if (header_size > MAX_TCP_HDR) {
448 // A TCP header cannot be more than MAX_TCP_HDR bytes long because it's a 4-bit field that
449 // counts in 4-byte words. So this can never happen unless there is a bug in the caller.
junyulaic4e591a2018-11-26 22:36:10 +0900450 logmsg(ANDROID_LOG_ERROR, "tcp_translate: header too long %d > %d, truncating", header_size,
451 MAX_TCP_HDR);
Lorenzo Colittid9084182013-03-22 00:42:21 +0900452 header_size = MAX_TCP_HDR;
Daniel Drowna45056e2012-03-23 10:42:54 -0500453 }
Lorenzo Colitti5cc877d2013-04-08 19:12:43 +0900454
Lorenzo Colittid9084182013-03-22 00:42:21 +0900455 memcpy(tcp_targ, tcp, header_size);
Lorenzo Colitti5cc877d2013-04-08 19:12:43 +0900456
junyulaic4e591a2018-11-26 22:36:10 +0900457 out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *)payload;
458 out[CLAT_POS_PAYLOAD].iov_len = payload_size;
Daniel Drowna45056e2012-03-23 10:42:54 -0500459
Lorenzo Colitti5a50c022014-02-10 09:20:05 +0900460 tcp_targ->check = ip_checksum_adjust(tcp->check, old_sum, new_sum);
Daniel Drowna45056e2012-03-23 10:42:54 -0500461
Lorenzo Colittiee80ca62013-04-10 16:52:22 +0900462 return CLAT_POS_PAYLOAD + 1;
Daniel Drowna45056e2012-03-23 10:42:54 -0500463}
Lorenzo Colittif9390602014-02-13 12:53:35 +0900464
Lorenzo Colitti10e88272014-06-02 21:20:40 +0900465// Weak symbol so we can override it in the unit test.
466void send_rawv6(int fd, clat_packet out, int iov_len) __attribute__((weak));
467
468void send_rawv6(int fd, clat_packet out, int iov_len) {
469 // A send on a raw socket requires a destination address to be specified even if the socket's
470 // protocol is IPPROTO_RAW. This is the address that will be used in routing lookups; the
471 // destination address in the packet header only affects what appears on the wire, not where the
472 // packet is sent to.
473 static struct sockaddr_in6 sin6 = { AF_INET6, 0, 0, { { { 0, 0, 0, 0 } } }, 0 };
junyulaic4e591a2018-11-26 22:36:10 +0900474 static struct msghdr msg = {
475 .msg_name = &sin6,
Lorenzo Colitti10e88272014-06-02 21:20:40 +0900476 .msg_namelen = sizeof(sin6),
477 };
478
junyulaic4e591a2018-11-26 22:36:10 +0900479 msg.msg_iov = out, msg.msg_iovlen = iov_len,
480 sin6.sin6_addr = ((struct ip6_hdr *)out[CLAT_POS_IPHDR].iov_base)->ip6_dst;
Lorenzo Colitti10e88272014-06-02 21:20:40 +0900481 sendmsg(fd, &msg, 0);
482}
483
Lorenzo Colittif9390602014-02-13 12:53:35 +0900484/* function: translate_packet
Lorenzo Colitti91d0f1b2014-06-02 15:49:36 +0900485 * takes a packet, translates it, and writes it to fd
486 * fd - fd to write translated packet to
487 * to_ipv6 - true if translating to ipv6, false if translating to ipv4
Lorenzo Colittif9390602014-02-13 12:53:35 +0900488 * packet - packet
489 * packetsize - size of packet
490 */
Lorenzo Colitti91d0f1b2014-06-02 15:49:36 +0900491void translate_packet(int fd, int to_ipv6, const uint8_t *packet, size_t packetsize) {
Lorenzo Colittif9390602014-02-13 12:53:35 +0900492 int iov_len = 0;
493
494 // Allocate buffers for all packet headers.
495 struct tun_pi tun_targ;
496 char iphdr[sizeof(struct ip6_hdr)];
Lorenzo Colitti57d480d2014-02-09 10:35:38 +0900497 char fraghdr[sizeof(struct ip6_frag)];
Lorenzo Colittif9390602014-02-13 12:53:35 +0900498 char transporthdr[MAX_TCP_HDR];
499 char icmp_iphdr[sizeof(struct ip6_hdr)];
Lorenzo Colitti57d480d2014-02-09 10:35:38 +0900500 char icmp_fraghdr[sizeof(struct ip6_frag)];
Lorenzo Colittif9390602014-02-13 12:53:35 +0900501 char icmp_transporthdr[MAX_TCP_HDR];
502
503 // iovec of the packets we'll send. This gets passed down to the translation functions.
504 clat_packet out = {
junyulaic4e591a2018-11-26 22:36:10 +0900505 { &tun_targ, 0 }, // Tunnel header.
506 { iphdr, 0 }, // IP header.
507 { fraghdr, 0 }, // Fragment header.
508 { transporthdr, 0 }, // Transport layer header.
509 { icmp_iphdr, 0 }, // ICMP error inner IP header.
510 { icmp_fraghdr, 0 }, // ICMP error fragmentation header.
511 { icmp_transporthdr, 0 }, // ICMP error transport layer header.
512 { NULL, 0 }, // Payload. No buffer, it's a pointer to the original payload.
Lorenzo Colittif9390602014-02-13 12:53:35 +0900513 };
514
Lorenzo Colitti91d0f1b2014-06-02 15:49:36 +0900515 if (to_ipv6) {
Lorenzo Colittif9390602014-02-13 12:53:35 +0900516 iov_len = ipv4_packet(out, CLAT_POS_IPHDR, packet, packetsize);
Lorenzo Colitti10e88272014-06-02 21:20:40 +0900517 if (iov_len > 0) {
518 send_rawv6(fd, out, iov_len);
519 }
Lorenzo Colittif9390602014-02-13 12:53:35 +0900520 } else {
Lorenzo Colitti91d0f1b2014-06-02 15:49:36 +0900521 iov_len = ipv6_packet(out, CLAT_POS_IPHDR, packet, packetsize);
Lorenzo Colitti10e88272014-06-02 21:20:40 +0900522 if (iov_len > 0) {
523 fill_tun_header(&tun_targ, ETH_P_IP);
524 out[CLAT_POS_TUNHDR].iov_len = sizeof(tun_targ);
525 send_tun(fd, out, iov_len);
526 }
Lorenzo Colittif9390602014-02-13 12:53:35 +0900527 }
528}