xf.li | f1aed28 | 2024-02-06 00:31:51 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2011 Daniel Drown |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | * |
| 16 | * translate.c - CLAT functions / partial implementation of rfc6145 |
| 17 | */ |
| 18 | #include <string.h> |
| 19 | |
| 20 | #include "icmp.h" |
| 21 | #include "translate.h" |
| 22 | #include "checksum.h" |
| 23 | #include "clatd.h" |
| 24 | #include "config.h" |
| 25 | #include "logging.h" |
| 26 | #include "debug.h" |
| 27 | #include "tun.h" |
| 28 | |
| 29 | #define CLAT_ICMP_FRAG_MEM_MAX 10 |
| 30 | #define CLAT_ICMP_FRAG_TIMEOUT 300 |
| 31 | |
| 32 | struct clat_icmp_frag g_clat_icmp_frag[CLAT_ICMP_FRAG_MEM_MAX]; |
| 33 | |
| 34 | static void clat_packet_copy(clat_packet in, clat_packet out) |
| 35 | { |
| 36 | int i; |
| 37 | for(i = 0; i < CLAT_POS_MAX; i++){ |
| 38 | if(in[i].iov_len > 0 && in[i].iov_base ){ |
| 39 | out[i].iov_base = malloc(in[i].iov_len); |
| 40 | if(out[i].iov_base){ |
| 41 | memcpy(out[i].iov_base, in[i].iov_base, in[i].iov_len); |
| 42 | out[i].iov_len = in[i].iov_len; |
| 43 | }else |
| 44 | logmsg_dbg(ANDROID_LOG_ERROR,"clat_packet_copy malloc fail"); |
| 45 | } |
| 46 | } |
| 47 | } |
| 48 | |
| 49 | static void clat_packet_free(clat_packet in) |
| 50 | { |
| 51 | int i; |
| 52 | for(i = 0; i < CLAT_POS_MAX; i++){ |
| 53 | if(in[i].iov_base) |
| 54 | free(in[i].iov_base); |
| 55 | } |
| 56 | } |
| 57 | |
| 58 | static void clat_icmp_frag_add(struct clat_icmp_frag *in){ |
| 59 | int i = 0; |
| 60 | for(i = 0; i < CLAT_ICMP_FRAG_MEM_MAX; i++){ |
| 61 | if(g_clat_icmp_frag[i].flag != 0 && |
| 62 | (in->time - g_clat_icmp_frag[i].time) > CLAT_ICMP_FRAG_TIMEOUT){ |
| 63 | logmsg_dbg(ANDROID_LOG_ERROR,"clat_icmp_frag_add timeout %d",i); |
| 64 | clat_packet_free(g_clat_icmp_frag[i].data); |
| 65 | memset(&g_clat_icmp_frag[i], 0, sizeof(struct clat_icmp_frag)); |
| 66 | } |
| 67 | if(g_clat_icmp_frag[i].flag == 0){ |
| 68 | memcpy(&g_clat_icmp_frag[i], in, sizeof(struct clat_icmp_frag)); |
| 69 | return 0; |
| 70 | } |
| 71 | } |
| 72 | logmsg_dbg(ANDROID_LOG_ERROR,"clat_icmp_frag_add noidle fail"); |
| 73 | } |
| 74 | |
| 75 | static int clat_icmp_frag_find(struct clat_icmp_frag *in){ |
| 76 | int i = 0; |
| 77 | for(i = 0; i < CLAT_ICMP_FRAG_MEM_MAX; i++){ |
| 78 | if(g_clat_icmp_frag[i].flag != 0 && |
| 79 | g_clat_icmp_frag[i].ip_id == in->ip_id){ |
| 80 | memcpy(in, &g_clat_icmp_frag[i], sizeof(struct clat_icmp_frag)); |
| 81 | memset(&g_clat_icmp_frag[i], 0, sizeof(struct clat_icmp_frag)); |
| 82 | return 0; |
| 83 | } |
| 84 | } |
| 85 | logmsg_dbg(ANDROID_LOG_ERROR,"clat_icmp_frag_find fail"); |
| 86 | return -1; |
| 87 | } |
| 88 | |
| 89 | /* function: packet_checksum |
| 90 | * calculates the checksum over all the packet components starting from pos |
| 91 | * checksum - checksum of packet components before pos |
| 92 | * packet - packet to calculate the checksum of |
| 93 | * pos - position to start counting from |
| 94 | * returns - the completed 16-bit checksum, ready to write into a checksum header field |
| 95 | */ |
| 96 | uint16_t packet_checksum(uint32_t checksum, clat_packet packet, clat_packet_index pos) { |
| 97 | int i; |
| 98 | for (i = pos; i < CLAT_POS_MAX; i++) { |
| 99 | if (packet[i].iov_len > 0) { |
| 100 | checksum = ip_checksum_add(checksum, packet[i].iov_base, packet[i].iov_len); |
| 101 | } |
| 102 | } |
| 103 | return ip_checksum_finish(checksum); |
| 104 | } |
| 105 | |
| 106 | /* function: packet_length |
| 107 | * returns the total length of all the packet components after pos |
| 108 | * packet - packet to calculate the length of |
| 109 | * pos - position to start counting after |
| 110 | * returns: the total length of the packet components after pos |
| 111 | */ |
| 112 | uint16_t packet_length(clat_packet packet, clat_packet_index pos) { |
| 113 | size_t len = 0; |
| 114 | int i; |
| 115 | for (i = pos + 1; i < CLAT_POS_MAX; i++) { |
| 116 | len += packet[i].iov_len; |
| 117 | } |
| 118 | return len; |
| 119 | } |
| 120 | |
| 121 | /* function: is_in_plat_subnet |
| 122 | * returns true iff the given IPv6 address is in the plat subnet. |
| 123 | * addr - IPv6 address |
| 124 | */ |
| 125 | int is_in_plat_subnet(const struct in6_addr *addr6) { |
| 126 | // Assumes a /96 plat subnet. |
| 127 | return (addr6 != NULL) && (memcmp(addr6, &Global_Clatd_Config.plat_subnet, 12) == 0); |
| 128 | } |
| 129 | |
| 130 | /* function: ipv6_addr_to_ipv4_addr |
| 131 | * return the corresponding ipv4 address for the given ipv6 address |
| 132 | * addr6 - ipv6 address |
| 133 | * returns: the IPv4 address |
| 134 | */ |
| 135 | uint32_t ipv6_addr_to_ipv4_addr(const struct in6_addr *addr6) { |
| 136 | if (is_in_plat_subnet(addr6)) { |
| 137 | // Assumes a /96 plat subnet. |
| 138 | return addr6->s6_addr32[3]; |
| 139 | } else if (IN6_ARE_ADDR_EQUAL(addr6, &Global_Clatd_Config.ipv6_local_subnet)) { |
| 140 | // Special-case our own address. |
| 141 | return Global_Clatd_Config.ipv4_local_subnet.s_addr; |
| 142 | } else { |
| 143 | // Third party packet. Let the caller deal with it. |
| 144 | return INADDR_NONE; |
| 145 | } |
| 146 | } |
| 147 | |
| 148 | /* function: ipv4_addr_to_ipv6_addr |
| 149 | * return the corresponding ipv6 address for the given ipv4 address |
| 150 | * addr4 - ipv4 address |
| 151 | */ |
| 152 | struct in6_addr ipv4_addr_to_ipv6_addr(uint32_t addr4) { |
| 153 | struct in6_addr addr6; |
| 154 | // Both addresses are in network byte order (addr4 comes from a network packet, and the config |
| 155 | // file entry is read using inet_ntop). |
| 156 | if (addr4 == Global_Clatd_Config.ipv4_local_subnet.s_addr) { |
| 157 | return Global_Clatd_Config.ipv6_local_subnet; |
| 158 | } else { |
| 159 | // Assumes a /96 plat subnet. |
| 160 | addr6 = Global_Clatd_Config.plat_subnet; |
| 161 | addr6.s6_addr32[3] = addr4; |
| 162 | return addr6; |
| 163 | } |
| 164 | } |
| 165 | |
| 166 | /* function: fill_tun_header |
| 167 | * fill in the header for the tun fd |
| 168 | * tun_header - tunnel header, already allocated |
| 169 | * proto - ethernet protocol id: ETH_P_IP(ipv4) or ETH_P_IPV6(ipv6) |
| 170 | */ |
| 171 | void fill_tun_header(struct tun_pi *tun_header, uint16_t proto) { |
| 172 | tun_header->flags = 0; |
| 173 | tun_header->proto = htons(proto); |
| 174 | } |
| 175 | |
| 176 | /* function: fill_ip_header |
| 177 | * generate an ipv4 header from an ipv6 header |
| 178 | * ip_targ - (ipv4) target packet header, source: original ipv4 addr, dest: local subnet addr |
| 179 | * payload_len - length of other data inside packet |
| 180 | * protocol - protocol number (tcp, udp, etc) |
| 181 | * old_header - (ipv6) source packet header, source: nat64 prefix, dest: local subnet prefix |
| 182 | */ |
| 183 | void fill_ip_header(struct iphdr *ip, uint16_t payload_len, uint8_t protocol, |
| 184 | const struct ip6_hdr *old_header) { |
| 185 | int ttl_guess; |
| 186 | memset(ip, 0, sizeof(struct iphdr)); |
| 187 | |
| 188 | ip->ihl = 5; |
| 189 | ip->version = 4; |
| 190 | ip->tos = 0; |
| 191 | ip->tot_len = htons(sizeof(struct iphdr) + payload_len); |
| 192 | ip->id = 0; |
| 193 | ip->frag_off = htons(IP_DF); |
| 194 | ip->ttl = old_header->ip6_hlim; |
| 195 | ip->protocol = protocol; |
| 196 | ip->check = 0; |
| 197 | |
| 198 | ip->saddr = ipv6_addr_to_ipv4_addr(&old_header->ip6_src); |
| 199 | ip->daddr = ipv6_addr_to_ipv4_addr(&old_header->ip6_dst); |
| 200 | |
| 201 | // Third-party ICMPv6 message. This may have been originated by an native IPv6 address. |
| 202 | // In that case, the source IPv6 address can't be translated and we need to make up an IPv4 |
| 203 | // source address. For now, use 255.0.0.<ttl>, which at least looks useful in traceroute. |
| 204 | if ((uint32_t) ip->saddr == INADDR_NONE) { |
| 205 | ttl_guess = icmp_guess_ttl(old_header->ip6_hlim); |
| 206 | ip->saddr = htonl((0xff << 24) + ttl_guess); |
| 207 | } |
| 208 | } |
| 209 | |
| 210 | /* function: fill_ip6_header |
| 211 | * generate an ipv6 header from an ipv4 header |
| 212 | * ip6 - (ipv6) target packet header, source: local subnet prefix, dest: nat64 prefix |
| 213 | * payload_len - length of other data inside packet |
| 214 | * protocol - protocol number (tcp, udp, etc) |
| 215 | * old_header - (ipv4) source packet header, source: local subnet addr, dest: internet's ipv4 addr |
| 216 | */ |
| 217 | void fill_ip6_header(struct ip6_hdr *ip6, uint16_t payload_len, uint8_t protocol, |
| 218 | const struct iphdr *old_header) { |
| 219 | memset(ip6, 0, sizeof(struct ip6_hdr)); |
| 220 | |
| 221 | ip6->ip6_vfc = 6 << 4; |
| 222 | ip6->ip6_plen = htons(payload_len); |
| 223 | ip6->ip6_nxt = protocol; |
| 224 | ip6->ip6_hlim = old_header->ttl; |
| 225 | |
| 226 | ip6->ip6_src = ipv4_addr_to_ipv6_addr(old_header->saddr); |
| 227 | ip6->ip6_dst = ipv4_addr_to_ipv6_addr(old_header->daddr); |
| 228 | } |
| 229 | |
| 230 | /* function: maybe_fill_frag_header |
| 231 | * fills a fragmentation header |
| 232 | * generate an ipv6 fragment header from an ipv4 header |
| 233 | * frag_hdr - target (ipv6) fragmentation header |
| 234 | * ip6_targ - target (ipv6) header |
| 235 | * old_header - (ipv4) source packet header |
| 236 | * returns: the length of the fragmentation header if present, or zero if not present |
| 237 | */ |
| 238 | size_t maybe_fill_frag_header(struct ip6_frag *frag_hdr, struct ip6_hdr *ip6_targ, |
| 239 | const struct iphdr *old_header) { |
| 240 | uint16_t frag_flags = ntohs(old_header->frag_off); |
| 241 | uint16_t frag_off = frag_flags & IP_OFFMASK; |
| 242 | if (frag_off == 0 && (frag_flags & IP_MF) == 0) { |
| 243 | // Not a fragment. |
| 244 | return 0; |
| 245 | } |
| 246 | |
| 247 | frag_hdr->ip6f_nxt = ip6_targ->ip6_nxt; |
| 248 | frag_hdr->ip6f_reserved = 0; |
| 249 | // In IPv4, the offset is the bottom 13 bits; in IPv6 it's the top 13 bits. |
| 250 | frag_hdr->ip6f_offlg = htons(frag_off << 3); |
| 251 | if (frag_flags & IP_MF) { |
| 252 | frag_hdr->ip6f_offlg |= IP6F_MORE_FRAG; |
| 253 | } |
| 254 | frag_hdr->ip6f_ident = htonl(ntohs(old_header->id)); |
| 255 | ip6_targ->ip6_nxt = IPPROTO_FRAGMENT; |
| 256 | |
| 257 | return sizeof(*frag_hdr); |
| 258 | } |
| 259 | |
| 260 | /* function: parse_frag_header |
| 261 | * return the length of the fragmentation header if present, or zero if not present |
| 262 | * generate an ipv6 fragment header from an ipv4 header |
| 263 | * frag_hdr - (ipv6) fragmentation header |
| 264 | * ip_targ - target (ipv4) header |
| 265 | * returns: the next header value |
| 266 | */ |
| 267 | uint8_t parse_frag_header(const struct ip6_frag *frag_hdr, struct iphdr *ip_targ) { |
| 268 | uint16_t frag_off = (ntohs(frag_hdr->ip6f_offlg & IP6F_OFF_MASK) >> 3); |
| 269 | if (frag_hdr->ip6f_offlg & IP6F_MORE_FRAG) { |
| 270 | frag_off |= IP_MF; |
| 271 | } |
| 272 | ip_targ->frag_off = htons(frag_off); |
| 273 | ip_targ->id = htons(ntohl(frag_hdr->ip6f_ident) & 0xffff); |
| 274 | ip_targ->protocol = frag_hdr->ip6f_nxt; |
| 275 | return frag_hdr->ip6f_nxt; |
| 276 | } |
| 277 | |
| 278 | extern uint32_t ip_checksum_add(uint32_t current, const void *data, int len); |
| 279 | extern uint16_t ip_checksum_adjust(uint16_t checksum, uint32_t old_hdr_sum, uint32_t new_hdr_sum); |
| 280 | /* function: icmp_to_icmp6 |
| 281 | * translate ipv4 icmp to ipv6 icmp |
| 282 | * out - output packet |
| 283 | * icmp - source packet icmp header |
| 284 | * checksum - pseudo-header checksum |
| 285 | * payload - icmp payload |
| 286 | * payload_size - size of payload |
| 287 | * returns: the highest position in the output clat_packet that's filled in |
| 288 | */ |
| 289 | int icmp_to_icmp6(clat_packet out, clat_packet_index pos, const struct icmphdr *icmp, |
| 290 | uint32_t checksum, const uint8_t *payload, size_t payload_size) { |
| 291 | struct icmp6_hdr *icmp6_targ = out[pos].iov_base; |
| 292 | uint8_t icmp6_type; |
| 293 | int clat_packet_len; |
| 294 | |
| 295 | memset(icmp6_targ, 0, sizeof(struct icmp6_hdr)); |
| 296 | |
| 297 | icmp6_type = icmp_to_icmp6_type(icmp->type, icmp->code); |
| 298 | icmp6_targ->icmp6_type = icmp6_type; |
| 299 | icmp6_targ->icmp6_code = icmp_to_icmp6_code(icmp->type, icmp->code); |
| 300 | |
| 301 | out[pos].iov_len = sizeof(struct icmp6_hdr); |
| 302 | |
| 303 | if (pos == CLAT_POS_TRANSPORTHDR && |
| 304 | is_icmp_error(icmp->type) && |
| 305 | icmp6_type != ICMP6_PARAM_PROB) { |
| 306 | // An ICMP error we understand, one level deep. |
| 307 | // Translate the nested packet (the one that caused the error). |
| 308 | clat_packet_len = ipv4_packet(out, pos + 1, payload, payload_size, NULL); |
| 309 | |
| 310 | // The pseudo-header checksum was calculated on the transport length of the original IPv4 |
| 311 | // packet that we were asked to translate. This transport length is 20 bytes smaller than it |
| 312 | // needs to be, because the ICMP error contains an IPv4 header, which we will be translating to |
| 313 | // an IPv6 header, which is 20 bytes longer. Fix it up here. |
| 314 | // We only need to do this for ICMP->ICMPv6, not ICMPv6->ICMP, because ICMP does not use the |
| 315 | // pseudo-header when calculating its checksum (as the IPv4 header has its own checksum). |
| 316 | checksum = checksum + htons(20); |
| 317 | icmp6_targ->icmp6_cksum = 0; // Checksum field must be 0 when calculating checksum. |
| 318 | icmp6_targ->icmp6_cksum = packet_checksum(checksum, out, pos); |
| 319 | } else if (icmp6_type == ICMP6_ECHO_REQUEST || icmp6_type == ICMP6_ECHO_REPLY) { |
| 320 | // Ping packet. |
| 321 | icmp6_targ->icmp6_id = icmp->un.echo.id; |
| 322 | icmp6_targ->icmp6_seq = icmp->un.echo.sequence; |
| 323 | out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload; |
| 324 | out[CLAT_POS_PAYLOAD].iov_len = payload_size; |
| 325 | clat_packet_len = CLAT_POS_PAYLOAD + 1; |
| 326 | if(icmp6_type == ICMP6_ECHO_REQUEST){ |
| 327 | icmp6_targ->icmp6_cksum = ip_checksum_adjust(icmp->checksum, ICMP_ECHO, ip_checksum_add(checksum, &icmp6_type, 1)); |
| 328 | } else { |
| 329 | icmp6_targ->icmp6_cksum = ip_checksum_adjust(icmp->checksum, ICMP_ECHOREPLY, ip_checksum_add(checksum, &icmp6_type, 1)); |
| 330 | } |
| 331 | } else { |
| 332 | // Unknown type/code. The type/code conversion functions have already logged an error. |
| 333 | return 0; |
| 334 | } |
| 335 | |
| 336 | |
| 337 | return clat_packet_len; |
| 338 | } |
| 339 | |
| 340 | /* function: icmp6_to_icmp |
| 341 | * translate ipv6 icmp to ipv4 icmp |
| 342 | * out - output packet |
| 343 | * icmp6 - source packet icmp6 header |
| 344 | * payload - icmp6 payload |
| 345 | * payload_size - size of payload |
| 346 | * returns: the highest position in the output clat_packet that's filled in |
| 347 | */ |
| 348 | int icmp6_to_icmp(clat_packet out, clat_packet_index pos, const struct icmp6_hdr *icmp6, |
| 349 | uint32_t checksum, const uint8_t *payload, size_t payload_size) { |
| 350 | struct icmphdr *icmp_targ = out[pos].iov_base; |
| 351 | uint8_t icmp_type; |
| 352 | int clat_packet_len; |
| 353 | |
| 354 | memset(icmp_targ, 0, sizeof(struct icmphdr)); |
| 355 | |
| 356 | icmp_type = icmp6_to_icmp_type(icmp6->icmp6_type, icmp6->icmp6_code); |
| 357 | icmp_targ->type = icmp_type; |
| 358 | icmp_targ->code = icmp6_to_icmp_code(icmp6->icmp6_type, icmp6->icmp6_code); |
| 359 | |
| 360 | out[pos].iov_len = sizeof(struct icmphdr); |
| 361 | |
| 362 | if (pos == CLAT_POS_TRANSPORTHDR && |
| 363 | is_icmp6_error(icmp6->icmp6_type) && |
| 364 | icmp_type != ICMP_PARAMETERPROB) { |
| 365 | // An ICMPv6 error we understand, one level deep. |
| 366 | // Translate the nested packet (the one that caused the error). |
| 367 | clat_packet_len = ipv6_packet(out, pos + 1, payload, payload_size, NULL); |
| 368 | icmp_targ->checksum = 0; // Checksum field must be 0 when calculating checksum. |
| 369 | icmp_targ->checksum = packet_checksum(0, out, pos); |
| 370 | } else if (icmp_type == ICMP_ECHO || icmp_type == ICMP_ECHOREPLY) { |
| 371 | // Ping packet. |
| 372 | icmp_targ->un.echo.id = icmp6->icmp6_id; |
| 373 | icmp_targ->un.echo.sequence = icmp6->icmp6_seq; |
| 374 | out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload; |
| 375 | out[CLAT_POS_PAYLOAD].iov_len = payload_size; |
| 376 | clat_packet_len = CLAT_POS_PAYLOAD + 1; |
| 377 | if(icmp_type == ICMP_ECHO){ |
| 378 | uint8_t icmp6_type = ICMP6_ECHO_REQUEST; |
| 379 | icmp_targ->checksum = ip_checksum_adjust(icmp6->icmp6_cksum, ip_checksum_add(checksum, &icmp6_type, 1), ICMP_ECHO); |
| 380 | } else { |
| 381 | uint8_t icmp6_type = ICMP6_ECHO_REPLY; |
| 382 | icmp_targ->checksum = ip_checksum_adjust(icmp6->icmp6_cksum, ip_checksum_add(checksum, &icmp6_type, 1), ICMP_ECHOREPLY); |
| 383 | } |
| 384 | } else { |
| 385 | // Unknown type/code. The type/code conversion functions have already logged an error. |
| 386 | return 0; |
| 387 | } |
| 388 | |
| 389 | |
| 390 | return clat_packet_len; |
| 391 | } |
| 392 | |
| 393 | /* function: generic_packet |
| 394 | * takes a generic IP packet and sets it up for translation |
| 395 | * out - output packet |
| 396 | * pos - position in the output packet of the transport header |
| 397 | * payload - pointer to IP payload |
| 398 | * len - size of ip payload |
| 399 | * returns: the highest position in the output clat_packet that's filled in |
| 400 | */ |
| 401 | int generic_packet(clat_packet out, clat_packet_index pos, const uint8_t *payload, size_t len) { |
| 402 | out[pos].iov_len = 0; |
| 403 | out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload; |
| 404 | out[CLAT_POS_PAYLOAD].iov_len = len; |
| 405 | |
| 406 | return CLAT_POS_PAYLOAD + 1; |
| 407 | } |
| 408 | |
| 409 | /* function: udp_packet |
| 410 | * takes a udp packet and sets it up for translation |
| 411 | * out - output packet |
| 412 | * udp - pointer to udp header in packet |
| 413 | * old_sum - pseudo-header checksum of old header |
| 414 | * new_sum - pseudo-header checksum of new header |
| 415 | * len - size of ip payload |
| 416 | */ |
| 417 | int udp_packet(clat_packet out, clat_packet_index pos, const struct udphdr *udp, |
| 418 | uint32_t old_sum, uint32_t new_sum, size_t len) { |
| 419 | const uint8_t *payload; |
| 420 | size_t payload_size; |
| 421 | |
| 422 | if(len < sizeof(struct udphdr)) { |
| 423 | logmsg_dbg(ANDROID_LOG_ERROR,"udp_packet/(too small)"); |
| 424 | return 0; |
| 425 | } |
| 426 | |
| 427 | payload = (const uint8_t *) (udp + 1); |
| 428 | payload_size = len - sizeof(struct udphdr); |
| 429 | |
| 430 | return udp_translate(out, pos, udp, old_sum, new_sum, payload, payload_size); |
| 431 | } |
| 432 | |
| 433 | /* function: tcp_packet |
| 434 | * takes a tcp packet and sets it up for translation |
| 435 | * out - output packet |
| 436 | * tcp - pointer to tcp header in packet |
| 437 | * checksum - pseudo-header checksum |
| 438 | * len - size of ip payload |
| 439 | * returns: the highest position in the output clat_packet that's filled in |
| 440 | */ |
| 441 | int tcp_packet(clat_packet out, clat_packet_index pos, const struct tcphdr *tcp, |
| 442 | uint32_t old_sum, uint32_t new_sum, size_t len) { |
| 443 | const uint8_t *payload; |
| 444 | size_t payload_size, header_size; |
| 445 | |
| 446 | if(len < sizeof(struct tcphdr)) { |
| 447 | logmsg_dbg(ANDROID_LOG_ERROR,"tcp_packet/(too small)"); |
| 448 | return 0; |
| 449 | } |
| 450 | |
| 451 | if(tcp->doff < 5) { |
| 452 | logmsg_dbg(ANDROID_LOG_ERROR,"tcp_packet/tcp header length set to less than 5: %x", tcp->doff); |
| 453 | return 0; |
| 454 | } |
| 455 | |
| 456 | if((size_t) tcp->doff*4 > len) { |
| 457 | logmsg_dbg(ANDROID_LOG_ERROR,"tcp_packet/tcp header length set too large: %x", tcp->doff); |
| 458 | return 0; |
| 459 | } |
| 460 | |
| 461 | header_size = tcp->doff * 4; |
| 462 | payload = ((const uint8_t *) tcp) + header_size; |
| 463 | payload_size = len - header_size; |
| 464 | |
| 465 | return tcp_translate(out, pos, tcp, header_size, old_sum, new_sum, payload, payload_size); |
| 466 | } |
| 467 | |
| 468 | /* function: udp_translate |
| 469 | * common between ipv4/ipv6 - setup checksum and send udp packet |
| 470 | * out - output packet |
| 471 | * udp - udp header |
| 472 | * old_sum - pseudo-header checksum of old header |
| 473 | * new_sum - pseudo-header checksum of new header |
| 474 | * payload - tcp payload |
| 475 | * payload_size - size of payload |
| 476 | * returns: the highest position in the output clat_packet that's filled in |
| 477 | */ |
| 478 | int udp_translate(clat_packet out, clat_packet_index pos, const struct udphdr *udp, |
| 479 | uint32_t old_sum, uint32_t new_sum, const uint8_t *payload, size_t payload_size) { |
| 480 | struct udphdr *udp_targ = out[pos].iov_base; |
| 481 | |
| 482 | memcpy(udp_targ, udp, sizeof(struct udphdr)); |
| 483 | |
| 484 | out[pos].iov_len = sizeof(struct udphdr); |
| 485 | out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload; |
| 486 | out[CLAT_POS_PAYLOAD].iov_len = payload_size; |
| 487 | |
| 488 | if (udp_targ->check) { |
| 489 | udp_targ->check = ip_checksum_adjust(udp->check, old_sum, new_sum); |
| 490 | } else { |
| 491 | // Zero checksums are special. RFC 768 says, "An all zero transmitted checksum value means that |
| 492 | // the transmitter generated no checksum (for debugging or for higher level protocols that |
| 493 | // don't care)." However, in IPv6 zero UDP checksums were only permitted by RFC 6935 (2013). So |
| 494 | // for safety we recompute it. |
| 495 | udp_targ->check = 0; // Checksum field must be 0 when calculating checksum. |
| 496 | udp_targ->check = packet_checksum(new_sum, out, pos); |
| 497 | } |
| 498 | |
| 499 | // RFC 768: "If the computed checksum is zero, it is transmitted as all ones (the equivalent |
| 500 | // in one's complement arithmetic)." |
| 501 | if (!udp_targ->check) { |
| 502 | udp_targ->check = 0xffff; |
| 503 | } |
| 504 | |
| 505 | return CLAT_POS_PAYLOAD + 1; |
| 506 | } |
| 507 | |
| 508 | /* function: tcp_translate |
| 509 | * common between ipv4/ipv6 - setup checksum and send tcp packet |
| 510 | * out - output packet |
| 511 | * tcp - tcp header |
| 512 | * header_size - size of tcp header including options |
| 513 | * checksum - partial checksum covering ipv4/ipv6 header |
| 514 | * payload - tcp payload |
| 515 | * payload_size - size of payload |
| 516 | * returns: the highest position in the output clat_packet that's filled in |
| 517 | */ |
| 518 | int tcp_translate(clat_packet out, clat_packet_index pos, const struct tcphdr *tcp, |
| 519 | size_t header_size, uint32_t old_sum, uint32_t new_sum, |
| 520 | const uint8_t *payload, size_t payload_size) { |
| 521 | struct tcphdr *tcp_targ = out[pos].iov_base; |
| 522 | out[pos].iov_len = header_size; |
| 523 | |
| 524 | if (header_size > MAX_TCP_HDR) { |
| 525 | // A TCP header cannot be more than MAX_TCP_HDR bytes long because it's a 4-bit field that |
| 526 | // counts in 4-byte words. So this can never happen unless there is a bug in the caller. |
| 527 | logmsg(ANDROID_LOG_ERROR, "tcp_translate: header too long %d > %d, truncating", |
| 528 | header_size, MAX_TCP_HDR); |
| 529 | header_size = MAX_TCP_HDR; |
| 530 | } |
| 531 | |
| 532 | memcpy(tcp_targ, tcp, header_size); |
| 533 | |
| 534 | out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload; |
| 535 | out[CLAT_POS_PAYLOAD].iov_len = payload_size; |
| 536 | |
| 537 | tcp_targ->check = ip_checksum_adjust(tcp->check, old_sum, new_sum); |
| 538 | |
| 539 | return CLAT_POS_PAYLOAD + 1; |
| 540 | } |
| 541 | |
| 542 | // Weak symbol so we can override it in the unit test. |
| 543 | void send_rawv6(int fd, clat_packet out, int iov_len) __attribute__((weak)); |
| 544 | |
| 545 | void send_rawv6(int fd, clat_packet out, int iov_len) { |
| 546 | // A send on a raw socket requires a destination address to be specified even if the socket's |
| 547 | // protocol is IPPROTO_RAW. This is the address that will be used in routing lookups; the |
| 548 | // destination address in the packet header only affects what appears on the wire, not where the |
| 549 | // packet is sent to. |
| 550 | static struct sockaddr_in6 sin6 = { AF_INET6, 0, 0, { { { 0, 0, 0, 0 } } }, 0 }; |
| 551 | static struct msghdr msg = { |
| 552 | .msg_name = &sin6, |
| 553 | .msg_namelen = sizeof(sin6), |
| 554 | }; |
| 555 | |
| 556 | msg.msg_iov = out, |
| 557 | msg.msg_iovlen = iov_len, |
| 558 | sin6.sin6_addr = ((struct ip6_hdr *) out[CLAT_POS_IPHDR].iov_base)->ip6_dst; |
xf.li | 7ccf837 | 2024-03-07 00:08:02 -0800 | [diff] [blame] | 559 | if(sendmsg(fd, &msg, 0) == -1) |
| 560 | { |
| 561 | logmsg_dbg(ANDROID_LOG_ERROR,"send_rawv6 failed"); |
| 562 | } |
xf.li | f1aed28 | 2024-02-06 00:31:51 -0800 | [diff] [blame] | 563 | } |
| 564 | |
| 565 | /* function: translate_packet |
| 566 | * takes a packet, translates it, and writes it to fd |
| 567 | * fd - fd to write translated packet to |
| 568 | * to_ipv6 - true if translating to ipv6, false if translating to ipv4 |
| 569 | * packet - packet |
| 570 | * packetsize - size of packet |
| 571 | */ |
| 572 | void translate_packet(int fd, int to_ipv6, const uint8_t *packet, size_t packetsize) { |
| 573 | int iov_len = 0; |
| 574 | |
| 575 | // Allocate buffers for all packet headers. |
| 576 | struct clat_icmp_frag icmp_frag = {0}; |
| 577 | struct tun_pi tun_targ; |
| 578 | char iphdr[sizeof(struct ip6_hdr)]; |
| 579 | char fraghdr[sizeof(struct ip6_frag)]; |
| 580 | char transporthdr[MAX_TCP_HDR]; |
| 581 | char icmp_iphdr[sizeof(struct ip6_hdr)]; |
| 582 | char icmp_fraghdr[sizeof(struct ip6_frag)]; |
| 583 | char icmp_transporthdr[MAX_TCP_HDR]; |
| 584 | |
| 585 | // iovec of the packets we'll send. This gets passed down to the translation functions. |
| 586 | clat_packet out = { |
| 587 | { &tun_targ, 0 }, // Tunnel header. |
| 588 | { iphdr, 0 }, // IP header. |
| 589 | { fraghdr, 0 }, // Fragment header. |
| 590 | { transporthdr, 0 }, // Transport layer header. |
| 591 | { icmp_iphdr, 0 }, // ICMP error inner IP header. |
| 592 | { icmp_fraghdr, 0 }, // ICMP error fragmentation header. |
| 593 | { icmp_transporthdr, 0 }, // ICMP error transport layer header. |
| 594 | { NULL, 0 }, // Payload. No buffer, it's a pointer to the original payload. |
| 595 | }; |
| 596 | |
| 597 | if (to_ipv6) { |
| 598 | iov_len = ipv4_packet(out, CLAT_POS_IPHDR, packet, packetsize, &icmp_frag); |
| 599 | if (iov_len > 0) { |
| 600 | if(icmp_frag.flag == 1){ |
| 601 | clat_packet_copy(out, icmp_frag.data); |
| 602 | icmp_frag.iov_len = iov_len; |
| 603 | icmp_frag.time = time(NULL); |
| 604 | clat_icmp_frag_add(&icmp_frag); |
| 605 | return; |
| 606 | } else if(icmp_frag.flag == 2){ |
| 607 | unsigned short total_len = icmp_frag.ip_len; |
| 608 | struct icmp6_hdr *icmp6_targ; |
| 609 | clat_icmp_frag_find(&icmp_frag); |
| 610 | icmp6_targ = icmp_frag.data[CLAT_POS_TRANSPORTHDR].iov_base; |
| 611 | icmp6_targ->icmp6_cksum = htons(ip_checksum_adjust(htons(icmp6_targ->icmp6_cksum), icmp_frag.ip_len, total_len)); |
| 612 | send_rawv6(fd, icmp_frag.data, icmp_frag.iov_len); |
| 613 | clat_packet_free(icmp_frag.data); |
| 614 | } |
| 615 | send_rawv6(fd, out, iov_len); |
| 616 | } |
| 617 | } else { |
| 618 | iov_len = ipv6_packet(out, CLAT_POS_IPHDR, packet, packetsize, &icmp_frag); |
| 619 | if (iov_len > 0) { |
| 620 | fill_tun_header(&tun_targ, ETH_P_IP); |
| 621 | out[CLAT_POS_TUNHDR].iov_len = sizeof(tun_targ); |
| 622 | if(icmp_frag.flag == 1){ |
| 623 | clat_packet_copy(out, icmp_frag.data); |
| 624 | icmp_frag.iov_len = iov_len; |
| 625 | icmp_frag.time = time(NULL); |
| 626 | clat_icmp_frag_add(&icmp_frag); |
| 627 | return; |
| 628 | } else if(icmp_frag.flag == 2){ |
| 629 | unsigned short total_len = icmp_frag.ip_len; |
| 630 | struct icmphdr *icmp_targ; |
| 631 | clat_icmp_frag_find(&icmp_frag); |
| 632 | icmp_targ = icmp_frag.data[CLAT_POS_TRANSPORTHDR].iov_base; |
| 633 | icmp_targ->checksum = htons(ip_checksum_adjust(htons(icmp_targ->checksum), total_len , icmp_frag.ip_len)); |
| 634 | send_tun(fd, icmp_frag.data, icmp_frag.iov_len); |
| 635 | clat_packet_free(icmp_frag.data); |
| 636 | } |
| 637 | send_tun(fd, out, iov_len); |
| 638 | } |
| 639 | } |
| 640 | } |