1a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown/* 2a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * Copyright 2011 Daniel Drown 3a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * 4a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * Licensed under the Apache License, Version 2.0 (the "License"); 5a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * you may not use this file except in compliance with the License. 6a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * You may obtain a copy of the License at 7a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * 8a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * http://www.apache.org/licenses/LICENSE-2.0 9a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * 10a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * Unless required by applicable law or agreed to in writing, software 11a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * distributed under the License is distributed on an "AS IS" BASIS, 12a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * See the License for the specific language governing permissions and 14a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * limitations under the License. 15a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * 16a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * translate.c - CLAT functions / partial implementation of rfc6145 17a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown */ 18a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown#include <string.h> 19f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti#include <sys/uio.h> 20a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 21cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti#include "icmp.h" 22d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti#include "translate.h" 23a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown#include "checksum.h" 24a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown#include "clatd.h" 25a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown#include "config.h" 26a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown#include "logging.h" 27a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown#include "debug.h" 28a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 29ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti/* function: packet_checksum 30ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti * calculates the checksum over all the packet components starting from pos 31ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti * checksum - checksum of packet components before pos 32ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti * packet - packet to calculate the checksum of 33ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti * pos - position to start counting from 34ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti * returns - the completed 16-bit checksum, ready to write into a checksum header field 35ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti */ 36a4454bfda99803c287b78f8d1cd7bdc1b56065dbLorenzo Colittiuint16_t packet_checksum(uint32_t checksum, clat_packet packet, clat_packet_index pos) { 37ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti int i; 38ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti for (i = pos; i < CLAT_POS_MAX; i++) { 39ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti if (packet[i].iov_len > 0) { 40ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti checksum = ip_checksum_add(checksum, packet[i].iov_base, packet[i].iov_len); 41ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti } 42ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti } 43ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti return ip_checksum_finish(checksum); 44ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti} 45ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti 46ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti/* function: packet_length 47ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti * returns the total length of all the packet components after pos 48d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * packet - packet to calculate the length of 49cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti * pos - position to start counting after 50d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * returns: the total length of the packet components after pos 51d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti */ 52a4454bfda99803c287b78f8d1cd7bdc1b56065dbLorenzo Colittiuint16_t packet_length(clat_packet packet, clat_packet_index pos) { 53d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti size_t len = 0; 54d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti int i; 55ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti for (i = pos + 1; i < CLAT_POS_MAX; i++) { 56d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti len += packet[i].iov_len; 57d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti } 58d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti return len; 59d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti} 60d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti 61ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti/* function: is_in_plat_subnet 62ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti * returns true iff the given IPv6 address is in the plat subnet. 63ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti * addr - IPv6 address 64ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti */ 65ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colittiint is_in_plat_subnet(const struct in6_addr *addr6) { 66ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti // Assumes a /96 plat subnet. 67ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti return (addr6 != NULL) && (memcmp(addr6, &Global_Clatd_Config.plat_subnet, 12) == 0); 68ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti} 69ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti 70ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti/* function: ipv6_addr_to_ipv4_addr 71ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti * return the corresponding ipv4 address for the given ipv6 address 72ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti * addr6 - ipv6 address 73ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti * returns: the IPv4 address 74ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti */ 75ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colittiuint32_t ipv6_addr_to_ipv4_addr(const struct in6_addr *addr6) { 76ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti if (is_in_plat_subnet(addr6)) { 77ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti // Assumes a /96 plat subnet. 78ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti return addr6->s6_addr32[3]; 79cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti } else if (IN6_ARE_ADDR_EQUAL(addr6, &Global_Clatd_Config.ipv6_local_subnet)) { 80cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti // Special-case our own address. 81ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti return Global_Clatd_Config.ipv4_local_subnet.s_addr; 82cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti } else { 83cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti // Third party packet. Let the caller deal with it. 84cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti return INADDR_NONE; 85ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti } 86ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti} 87ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti 88ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti/* function: ipv4_addr_to_ipv6_addr 89ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti * return the corresponding ipv6 address for the given ipv4 address 90ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti * addr4 - ipv4 address 91ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti */ 92ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colittistruct in6_addr ipv4_addr_to_ipv6_addr(uint32_t addr4) { 93ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti struct in6_addr addr6; 94ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti // Both addresses are in network byte order (addr4 comes from a network packet, and the config 95ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti // file entry is read using inet_ntop). 96ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti if (addr4 == Global_Clatd_Config.ipv4_local_subnet.s_addr) { 97ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti return Global_Clatd_Config.ipv6_local_subnet; 98ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti } else { 99ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti // Assumes a /96 plat subnet. 100ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti addr6 = Global_Clatd_Config.plat_subnet; 101ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti addr6.s6_addr32[3] = addr4; 102ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti return addr6; 103ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti } 104ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti} 105ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti 106a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown/* function: fill_tun_header 107a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * fill in the header for the tun fd 108a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * tun_header - tunnel header, already allocated 109a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * proto - ethernet protocol id: ETH_P_IP(ipv4) or ETH_P_IPV6(ipv6) 110a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown */ 111a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drownvoid fill_tun_header(struct tun_pi *tun_header, uint16_t proto) { 112a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown tun_header->flags = 0; 113a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown tun_header->proto = htons(proto); 114a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown} 115a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 116a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown/* function: fill_ip_header 117d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * generate an ipv4 header from an ipv6 header 118d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * ip_targ - (ipv4) target packet header, source: original ipv4 addr, dest: local subnet addr 119a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * payload_len - length of other data inside packet 120a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * protocol - protocol number (tcp, udp, etc) 121d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * old_header - (ipv6) source packet header, source: nat64 prefix, dest: local subnet prefix 122a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown */ 123d90841824dc00f65a48a789396c7f428807432caLorenzo Colittivoid fill_ip_header(struct iphdr *ip, uint16_t payload_len, uint8_t protocol, 124d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti const struct ip6_hdr *old_header) { 125cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti int ttl_guess; 126d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti memset(ip, 0, sizeof(struct iphdr)); 127d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti 128d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti ip->ihl = 5; 129d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti ip->version = 4; 130d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti ip->tos = 0; 131d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti ip->tot_len = htons(sizeof(struct iphdr) + payload_len); 132d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti ip->id = 0; 133d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti ip->frag_off = htons(IP_DF); 134d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti ip->ttl = old_header->ip6_hlim; 135d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti ip->protocol = protocol; 136d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti ip->check = 0; 137d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti 138ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti ip->saddr = ipv6_addr_to_ipv4_addr(&old_header->ip6_src); 139ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti ip->daddr = ipv6_addr_to_ipv4_addr(&old_header->ip6_dst); 140cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti 141cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti // Third-party ICMPv6 message. This may have been originated by an native IPv6 address. 142cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti // In that case, the source IPv6 address can't be translated and we need to make up an IPv4 143cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti // source address. For now, use 255.0.0.<ttl>, which at least looks useful in traceroute. 1449477a464bd70849bcddcb8d11613cff117235cb0Lorenzo Colitti if ((uint32_t) ip->saddr == INADDR_NONE) { 145cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti ttl_guess = icmp_guess_ttl(old_header->ip6_hlim); 146cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti ip->saddr = htonl((0xff << 24) + ttl_guess); 147cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti } 148a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown} 149a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 150a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown/* function: fill_ip6_header 151d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * generate an ipv6 header from an ipv4 header 152d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * ip6 - (ipv6) target packet header, source: local subnet prefix, dest: nat64 prefix 153a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * payload_len - length of other data inside packet 154a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * protocol - protocol number (tcp, udp, etc) 155d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * old_header - (ipv4) source packet header, source: local subnet addr, dest: internet's ipv4 addr 156a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown */ 157d90841824dc00f65a48a789396c7f428807432caLorenzo Colittivoid fill_ip6_header(struct ip6_hdr *ip6, uint16_t payload_len, uint8_t protocol, 158d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti const struct iphdr *old_header) { 159a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown memset(ip6, 0, sizeof(struct ip6_hdr)); 160a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 161a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown ip6->ip6_vfc = 6 << 4; 162a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown ip6->ip6_plen = htons(payload_len); 163a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown ip6->ip6_nxt = protocol; 164a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown ip6->ip6_hlim = old_header->ttl; 165a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 166ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti ip6->ip6_src = ipv4_addr_to_ipv6_addr(old_header->saddr); 167ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti ip6->ip6_dst = ipv4_addr_to_ipv6_addr(old_header->daddr); 168a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown} 169a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 17057d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti/* function: maybe_fill_frag_header 17157d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti * fills a fragmentation header 17257d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti * generate an ipv6 fragment header from an ipv4 header 17357d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti * frag_hdr - target (ipv6) fragmentation header 17457d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti * ip6_targ - target (ipv6) header 17557d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti * old_header - (ipv4) source packet header 17657d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti * returns: the length of the fragmentation header if present, or zero if not present 17757d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti */ 17857d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colittisize_t maybe_fill_frag_header(struct ip6_frag *frag_hdr, struct ip6_hdr *ip6_targ, 17957d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti const struct iphdr *old_header) { 18057d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti uint16_t frag_flags = ntohs(old_header->frag_off); 18157d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti uint16_t frag_off = frag_flags & IP_OFFMASK; 18257d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti if (frag_off == 0 && (frag_flags & IP_MF) == 0) { 18357d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti // Not a fragment. 18457d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti return 0; 18557d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti } 18657d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti 18757d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti frag_hdr->ip6f_nxt = ip6_targ->ip6_nxt; 18857d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti frag_hdr->ip6f_reserved = 0; 18957d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti // In IPv4, the offset is the bottom 13 bits; in IPv6 it's the top 13 bits. 19057d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti frag_hdr->ip6f_offlg = htons(frag_off << 3); 19157d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti if (frag_flags & IP_MF) { 19257d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti frag_hdr->ip6f_offlg |= IP6F_MORE_FRAG; 19357d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti } 19457d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti frag_hdr->ip6f_ident = htonl(ntohs(old_header->id)); 19557d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti ip6_targ->ip6_nxt = IPPROTO_FRAGMENT; 19657d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti 19757d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti return sizeof(*frag_hdr); 19857d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti} 19957d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti 20057d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti/* function: parse_frag_header 20157d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti * return the length of the fragmentation header if present, or zero if not present 20257d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti * generate an ipv6 fragment header from an ipv4 header 20357d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti * frag_hdr - (ipv6) fragmentation header 20457d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti * ip_targ - target (ipv4) header 20557d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti * returns: the next header value 20657d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti */ 20757d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colittiuint8_t parse_frag_header(const struct ip6_frag *frag_hdr, struct iphdr *ip_targ) { 20857d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti uint16_t frag_off = (ntohs(frag_hdr->ip6f_offlg & IP6F_OFF_MASK) >> 3); 20957d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti if (frag_hdr->ip6f_offlg & IP6F_MORE_FRAG) { 21057d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti frag_off |= IP_MF; 21157d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti } 21257d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti ip_targ->frag_off = htons(frag_off); 21357d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti ip_targ->id = htons(ntohl(frag_hdr->ip6f_ident) & 0xffff); 21457d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti ip_targ->protocol = frag_hdr->ip6f_nxt; 21557d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti return frag_hdr->ip6f_nxt; 21657d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti} 217f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti 218a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown/* function: icmp_to_icmp6 219cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti * translate ipv4 icmp to ipv6 icmp 220d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * out - output packet 221a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * icmp - source packet icmp header 222d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * checksum - pseudo-header checksum 223a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * payload - icmp payload 224a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * payload_size - size of payload 225d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * returns: the highest position in the output clat_packet that's filled in 226a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown */ 227a4454bfda99803c287b78f8d1cd7bdc1b56065dbLorenzo Colittiint icmp_to_icmp6(clat_packet out, clat_packet_index pos, const struct icmphdr *icmp, 228a4454bfda99803c287b78f8d1cd7bdc1b56065dbLorenzo Colitti uint32_t checksum, const uint8_t *payload, size_t payload_size) { 229d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti struct icmp6_hdr *icmp6_targ = out[pos].iov_base; 230cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti uint8_t icmp6_type; 231cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti int clat_packet_len; 232a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 233d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti memset(icmp6_targ, 0, sizeof(struct icmp6_hdr)); 234cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti 235cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti icmp6_type = icmp_to_icmp6_type(icmp->type, icmp->code); 236cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti icmp6_targ->icmp6_type = icmp6_type; 237cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti icmp6_targ->icmp6_code = icmp_to_icmp6_code(icmp->type, icmp->code); 238a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 239d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti out[pos].iov_len = sizeof(struct icmp6_hdr); 240cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti 241cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti if (pos == CLAT_POS_TRANSPORTHDR && 242cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti is_icmp_error(icmp->type) && 243cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti icmp6_type != ICMP6_PARAM_PROB) { 244cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti // An ICMP error we understand, one level deep. 245cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti // Translate the nested packet (the one that caused the error). 246cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti clat_packet_len = ipv4_packet(out, pos + 1, payload, payload_size); 247cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti 248cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti // The pseudo-header checksum was calculated on the transport length of the original IPv4 249cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti // packet that we were asked to translate. This transport length is 20 bytes smaller than it 250cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti // needs to be, because the ICMP error contains an IPv4 header, which we will be translating to 2515a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti // an IPv6 header, which is 20 bytes longer. Fix it up here. 252cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti // We only need to do this for ICMP->ICMPv6, not ICMPv6->ICMP, because ICMP does not use the 253cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti // pseudo-header when calculating its checksum (as the IPv4 header has its own checksum). 2545a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti checksum = checksum + htons(20); 255cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti } else if (icmp6_type == ICMP6_ECHO_REQUEST || icmp6_type == ICMP6_ECHO_REPLY) { 256cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti // Ping packet. 257cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti icmp6_targ->icmp6_id = icmp->un.echo.id; 258cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti icmp6_targ->icmp6_seq = icmp->un.echo.sequence; 259fcac410fa15613873a07143ccd46470b869346a3Brian Carlstrom out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload; 260cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti out[CLAT_POS_PAYLOAD].iov_len = payload_size; 261cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti clat_packet_len = CLAT_POS_PAYLOAD + 1; 262cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti } else { 263cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti // Unknown type/code. The type/code conversion functions have already logged an error. 264cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti return 0; 265cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti } 266ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti 267ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti icmp6_targ->icmp6_cksum = 0; // Checksum field must be 0 when calculating checksum. 268ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti icmp6_targ->icmp6_cksum = packet_checksum(checksum, out, pos); 269a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 270cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti return clat_packet_len; 271a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown} 272a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 273a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown/* function: icmp6_to_icmp 274cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti * translate ipv6 icmp to ipv4 icmp 275d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * out - output packet 276a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * icmp6 - source packet icmp6 header 277a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * payload - icmp6 payload 278a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * payload_size - size of payload 279d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * returns: the highest position in the output clat_packet that's filled in 280a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown */ 281a4454bfda99803c287b78f8d1cd7bdc1b56065dbLorenzo Colittiint icmp6_to_icmp(clat_packet out, clat_packet_index pos, const struct icmp6_hdr *icmp6, 282fcac410fa15613873a07143ccd46470b869346a3Brian Carlstrom const uint8_t *payload, size_t payload_size) { 283d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti struct icmphdr *icmp_targ = out[pos].iov_base; 284cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti uint8_t icmp_type; 285cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti int clat_packet_len; 286a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 287d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti memset(icmp_targ, 0, sizeof(struct icmphdr)); 288a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 289cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti icmp_type = icmp6_to_icmp_type(icmp6->icmp6_type, icmp6->icmp6_code); 290cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti icmp_targ->type = icmp_type; 291cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti icmp_targ->code = icmp6_to_icmp_code(icmp6->icmp6_type, icmp6->icmp6_code); 292a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 293d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti out[pos].iov_len = sizeof(struct icmphdr); 294cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti 295cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti if (pos == CLAT_POS_TRANSPORTHDR && 296cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti is_icmp6_error(icmp6->icmp6_type) && 297cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti icmp_type != ICMP_PARAMETERPROB) { 298cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti // An ICMPv6 error we understand, one level deep. 299cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti // Translate the nested packet (the one that caused the error). 300cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti clat_packet_len = ipv6_packet(out, pos + 1, payload, payload_size); 301cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti } else if (icmp_type == ICMP_ECHO || icmp_type == ICMP_ECHOREPLY) { 302cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti // Ping packet. 303cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti icmp_targ->un.echo.id = icmp6->icmp6_id; 304cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti icmp_targ->un.echo.sequence = icmp6->icmp6_seq; 305fcac410fa15613873a07143ccd46470b869346a3Brian Carlstrom out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload; 306cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti out[CLAT_POS_PAYLOAD].iov_len = payload_size; 307cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti clat_packet_len = CLAT_POS_PAYLOAD + 1; 308cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti } else { 309cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti // Unknown type/code. The type/code conversion functions have already logged an error. 310cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti return 0; 311cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti } 312ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti 313ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti icmp_targ->checksum = 0; // Checksum field must be 0 when calculating checksum. 314ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti icmp_targ->checksum = packet_checksum(0, out, pos); 315a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 316cd70b354eb985678175904a937085bed6094af77Lorenzo Colitti return clat_packet_len; 317a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown} 318a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 319c9f4c89da6c76ebc59a0ec1047853a13ce5f5d96Lorenzo Colitti/* function: generic_packet 320c9f4c89da6c76ebc59a0ec1047853a13ce5f5d96Lorenzo Colitti * takes a generic IP packet and sets it up for translation 321c9f4c89da6c76ebc59a0ec1047853a13ce5f5d96Lorenzo Colitti * out - output packet 322c9f4c89da6c76ebc59a0ec1047853a13ce5f5d96Lorenzo Colitti * pos - position in the output packet of the transport header 323c9f4c89da6c76ebc59a0ec1047853a13ce5f5d96Lorenzo Colitti * payload - pointer to IP payload 324c9f4c89da6c76ebc59a0ec1047853a13ce5f5d96Lorenzo Colitti * len - size of ip payload 325c9f4c89da6c76ebc59a0ec1047853a13ce5f5d96Lorenzo Colitti * returns: the highest position in the output clat_packet that's filled in 326c9f4c89da6c76ebc59a0ec1047853a13ce5f5d96Lorenzo Colitti */ 327a4454bfda99803c287b78f8d1cd7bdc1b56065dbLorenzo Colittiint generic_packet(clat_packet out, clat_packet_index pos, const uint8_t *payload, size_t len) { 328c9f4c89da6c76ebc59a0ec1047853a13ce5f5d96Lorenzo Colitti out[pos].iov_len = 0; 329fcac410fa15613873a07143ccd46470b869346a3Brian Carlstrom out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload; 330c9f4c89da6c76ebc59a0ec1047853a13ce5f5d96Lorenzo Colitti out[CLAT_POS_PAYLOAD].iov_len = len; 331c9f4c89da6c76ebc59a0ec1047853a13ce5f5d96Lorenzo Colitti 332c9f4c89da6c76ebc59a0ec1047853a13ce5f5d96Lorenzo Colitti return CLAT_POS_PAYLOAD + 1; 333c9f4c89da6c76ebc59a0ec1047853a13ce5f5d96Lorenzo Colitti} 334c9f4c89da6c76ebc59a0ec1047853a13ce5f5d96Lorenzo Colitti 335d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti/* function: udp_packet 336d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * takes a udp packet and sets it up for translation 337d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * out - output packet 338d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * udp - pointer to udp header in packet 3395a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti * old_sum - pseudo-header checksum of old header 3405a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti * new_sum - pseudo-header checksum of new header 341d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * len - size of ip payload 342a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown */ 343a4454bfda99803c287b78f8d1cd7bdc1b56065dbLorenzo Colittiint udp_packet(clat_packet out, clat_packet_index pos, const struct udphdr *udp, 3445a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti uint32_t old_sum, uint32_t new_sum, size_t len) { 345fcac410fa15613873a07143ccd46470b869346a3Brian Carlstrom const uint8_t *payload; 346d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti size_t payload_size; 347a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 348d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti if(len < sizeof(struct udphdr)) { 349d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti logmsg_dbg(ANDROID_LOG_ERROR,"udp_packet/(too small)"); 350d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti return 0; 351d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti } 352a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 353fcac410fa15613873a07143ccd46470b869346a3Brian Carlstrom payload = (const uint8_t *) (udp + 1); 354d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti payload_size = len - sizeof(struct udphdr); 355a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 3565a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti return udp_translate(out, pos, udp, old_sum, new_sum, payload, payload_size); 357a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown} 358a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 359d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti/* function: tcp_packet 360d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * takes a tcp packet and sets it up for translation 361d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * out - output packet 362d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * tcp - pointer to tcp header in packet 363d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * checksum - pseudo-header checksum 364d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * len - size of ip payload 365d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * returns: the highest position in the output clat_packet that's filled in 366a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown */ 367a4454bfda99803c287b78f8d1cd7bdc1b56065dbLorenzo Colittiint tcp_packet(clat_packet out, clat_packet_index pos, const struct tcphdr *tcp, 3685a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti uint32_t old_sum, uint32_t new_sum, size_t len) { 369fcac410fa15613873a07143ccd46470b869346a3Brian Carlstrom const uint8_t *payload; 370d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti size_t payload_size, header_size; 371a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 372d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti if(len < sizeof(struct tcphdr)) { 373d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti logmsg_dbg(ANDROID_LOG_ERROR,"tcp_packet/(too small)"); 374d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti return 0; 375d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti } 376a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 377d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti if(tcp->doff < 5) { 378d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti logmsg_dbg(ANDROID_LOG_ERROR,"tcp_packet/tcp header length set to less than 5: %x", tcp->doff); 379d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti return 0; 380d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti } 381a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 382d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti if((size_t) tcp->doff*4 > len) { 383d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti logmsg_dbg(ANDROID_LOG_ERROR,"tcp_packet/tcp header length set too large: %x", tcp->doff); 384d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti return 0; 385d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti } 386a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 387d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti header_size = tcp->doff * 4; 388fcac410fa15613873a07143ccd46470b869346a3Brian Carlstrom payload = ((const uint8_t *) tcp) + header_size; 389d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti payload_size = len - header_size; 390a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 3915a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti return tcp_translate(out, pos, tcp, header_size, old_sum, new_sum, payload, payload_size); 392a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown} 393a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 394d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti/* function: udp_translate 395d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * common between ipv4/ipv6 - setup checksum and send udp packet 396d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * out - output packet 397d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * udp - udp header 3985a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti * old_sum - pseudo-header checksum of old header 3995a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti * new_sum - pseudo-header checksum of new header 400d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * payload - tcp payload 401a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * payload_size - size of payload 402d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * returns: the highest position in the output clat_packet that's filled in 403a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown */ 404a4454bfda99803c287b78f8d1cd7bdc1b56065dbLorenzo Colittiint udp_translate(clat_packet out, clat_packet_index pos, const struct udphdr *udp, 405a4454bfda99803c287b78f8d1cd7bdc1b56065dbLorenzo Colitti uint32_t old_sum, uint32_t new_sum, const uint8_t *payload, size_t payload_size) { 406d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti struct udphdr *udp_targ = out[pos].iov_base; 407a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 408d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti memcpy(udp_targ, udp, sizeof(struct udphdr)); 409a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 410d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti out[pos].iov_len = sizeof(struct udphdr); 411fcac410fa15613873a07143ccd46470b869346a3Brian Carlstrom out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload; 412ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti out[CLAT_POS_PAYLOAD].iov_len = payload_size; 413ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti 4145a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti if (udp_targ->check) { 4155a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti udp_targ->check = ip_checksum_adjust(udp->check, old_sum, new_sum); 4165a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti } else { 4175a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti // Zero checksums are special. RFC 768 says, "An all zero transmitted checksum value means that 4185a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti // the transmitter generated no checksum (for debugging or for higher level protocols that 4195a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti // don't care)." However, in IPv6 zero UDP checksums were only permitted by RFC 6935 (2013). So 4205a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti // for safety we recompute it. 4215a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti udp_targ->check = 0; // Checksum field must be 0 when calculating checksum. 4225a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti udp_targ->check = packet_checksum(new_sum, out, pos); 4235a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti } 4245a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti 4255a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti // RFC 768: "If the computed checksum is zero, it is transmitted as all ones (the equivalent 4265a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti // in one's complement arithmetic)." 4275a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti if (!udp_targ->check) { 4285a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti udp_targ->check = 0xffff; 4295a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti } 430a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 431ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti return CLAT_POS_PAYLOAD + 1; 432a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown} 433a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 434a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown/* function: tcp_translate 435a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * common between ipv4/ipv6 - setup checksum and send tcp packet 436d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * out - output packet 437d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * tcp - tcp header 438d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * header_size - size of tcp header including options 439d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * checksum - partial checksum covering ipv4/ipv6 header 440a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * payload - tcp payload 441a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown * payload_size - size of payload 442d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti * returns: the highest position in the output clat_packet that's filled in 443a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown */ 444a4454bfda99803c287b78f8d1cd7bdc1b56065dbLorenzo Colittiint tcp_translate(clat_packet out, clat_packet_index pos, const struct tcphdr *tcp, 445a4454bfda99803c287b78f8d1cd7bdc1b56065dbLorenzo Colitti size_t header_size, uint32_t old_sum, uint32_t new_sum, 446fcac410fa15613873a07143ccd46470b869346a3Brian Carlstrom const uint8_t *payload, size_t payload_size) { 447d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti struct tcphdr *tcp_targ = out[pos].iov_base; 448d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti out[pos].iov_len = header_size; 449d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti 450d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti if (header_size > MAX_TCP_HDR) { 451d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti // A TCP header cannot be more than MAX_TCP_HDR bytes long because it's a 4-bit field that 452d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti // counts in 4-byte words. So this can never happen unless there is a bug in the caller. 4535cc877d4fc20d66ca5a057a3dc445adb998409bdLorenzo Colitti logmsg(ANDROID_LOG_ERROR, "tcp_translate: header too long %d > %d, truncating", 454d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti header_size, MAX_TCP_HDR); 455d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti header_size = MAX_TCP_HDR; 456a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown } 457a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 458d90841824dc00f65a48a789396c7f428807432caLorenzo Colitti memcpy(tcp_targ, tcp, header_size); 459a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 460fcac410fa15613873a07143ccd46470b869346a3Brian Carlstrom out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload; 461ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti out[CLAT_POS_PAYLOAD].iov_len = payload_size; 462a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 4635a50c0283346a197cda7af19e68f611f14b8fe57Lorenzo Colitti tcp_targ->check = ip_checksum_adjust(tcp->check, old_sum, new_sum); 464a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown 465ee80ca65907d214e2483e315a1ba7f610184de03Lorenzo Colitti return CLAT_POS_PAYLOAD + 1; 466a45056e35c1af2a0f0a6eed258fd5fdf4846a79fDaniel Drown} 467f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti 46810e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colittivoid send_tun(int fd, clat_packet out, int iov_len) { 46910e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti writev(fd, out, iov_len); 47010e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti} 47110e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti 47210e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti// Weak symbol so we can override it in the unit test. 47310e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colittivoid send_rawv6(int fd, clat_packet out, int iov_len) __attribute__((weak)); 47410e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti 47510e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colittivoid send_rawv6(int fd, clat_packet out, int iov_len) { 47610e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti // A send on a raw socket requires a destination address to be specified even if the socket's 47710e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti // protocol is IPPROTO_RAW. This is the address that will be used in routing lookups; the 47810e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti // destination address in the packet header only affects what appears on the wire, not where the 47910e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti // packet is sent to. 48010e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti static struct sockaddr_in6 sin6 = { AF_INET6, 0, 0, { { { 0, 0, 0, 0 } } }, 0 }; 48110e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti static struct msghdr msg = { 48210e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti .msg_name = &sin6, 48310e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti .msg_namelen = sizeof(sin6), 48410e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti }; 48510e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti 48610e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti msg.msg_iov = out, 48710e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti msg.msg_iovlen = iov_len, 48810e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti sin6.sin6_addr = ((struct ip6_hdr *) out[CLAT_POS_IPHDR].iov_base)->ip6_dst; 48910e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti sendmsg(fd, &msg, 0); 49010e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti} 49110e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti 492f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti/* function: translate_packet 49391d0f1bc6dd24e54ed3caef9b08525b332ab0adfLorenzo Colitti * takes a packet, translates it, and writes it to fd 49491d0f1bc6dd24e54ed3caef9b08525b332ab0adfLorenzo Colitti * fd - fd to write translated packet to 49591d0f1bc6dd24e54ed3caef9b08525b332ab0adfLorenzo Colitti * to_ipv6 - true if translating to ipv6, false if translating to ipv4 496f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti * packet - packet 497f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti * packetsize - size of packet 498f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti */ 49991d0f1bc6dd24e54ed3caef9b08525b332ab0adfLorenzo Colittivoid translate_packet(int fd, int to_ipv6, const uint8_t *packet, size_t packetsize) { 500f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti int iov_len = 0; 501f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti 502f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti // Allocate buffers for all packet headers. 503f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti struct tun_pi tun_targ; 504f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti char iphdr[sizeof(struct ip6_hdr)]; 50557d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti char fraghdr[sizeof(struct ip6_frag)]; 506f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti char transporthdr[MAX_TCP_HDR]; 507f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti char icmp_iphdr[sizeof(struct ip6_hdr)]; 50857d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti char icmp_fraghdr[sizeof(struct ip6_frag)]; 509f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti char icmp_transporthdr[MAX_TCP_HDR]; 510f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti 511f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti // iovec of the packets we'll send. This gets passed down to the translation functions. 512f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti clat_packet out = { 51310e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti { &tun_targ, 0 }, // Tunnel header. 514f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti { iphdr, 0 }, // IP header. 51557d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti { fraghdr, 0 }, // Fragment header. 516f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti { transporthdr, 0 }, // Transport layer header. 517f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti { icmp_iphdr, 0 }, // ICMP error inner IP header. 51857d480d2b425ef20d8b6f84abd4e9e3209fa9422Lorenzo Colitti { icmp_fraghdr, 0 }, // ICMP error fragmentation header. 519f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti { icmp_transporthdr, 0 }, // ICMP error transport layer header. 520f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti { NULL, 0 }, // Payload. No buffer, it's a pointer to the original payload. 521f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti }; 522f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti 52391d0f1bc6dd24e54ed3caef9b08525b332ab0adfLorenzo Colitti if (to_ipv6) { 524f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti iov_len = ipv4_packet(out, CLAT_POS_IPHDR, packet, packetsize); 52510e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti if (iov_len > 0) { 52610e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti send_rawv6(fd, out, iov_len); 52710e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti } 528f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti } else { 52991d0f1bc6dd24e54ed3caef9b08525b332ab0adfLorenzo Colitti iov_len = ipv6_packet(out, CLAT_POS_IPHDR, packet, packetsize); 53010e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti if (iov_len > 0) { 53110e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti fill_tun_header(&tun_targ, ETH_P_IP); 53210e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti out[CLAT_POS_TUNHDR].iov_len = sizeof(tun_targ); 53310e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti send_tun(fd, out, iov_len); 53410e8827d636a72a7bcdfd52d15bad9342ae2a0a6Lorenzo Colitti } 535f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti } 536f9390605bacda7bbe8ea33aa0a39c1581ff6aea2Lorenzo Colitti} 537