1 /*
2 * Copyright 2011 Daniel Drown
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 * ipv6.c - takes ipv6 packets, finds their headers, and then calls translation functions on them
17 */
18 #include <string.h>
19
20 #include <arpa/inet.h>
21
22 #include "netutils/checksum.h"
23
24 #include "config.h"
25 #include "debug.h"
26 #include "dump.h"
27 #include "logging.h"
28 #include "translate.h"
29
30 /* function: icmp6_packet
31 * takes an icmp6 packet and sets it up for translation
32 * out - output packet
33 * icmp6 - pointer to icmp6 header in packet
34 * checksum - pseudo-header checksum (unused)
35 * len - size of ip payload
36 * returns: the highest position in the output clat_packet that's filled in
37 */
icmp6_packet(clat_packet out,clat_packet_index pos,const struct icmp6_hdr * icmp6,size_t len)38 int icmp6_packet(clat_packet out, clat_packet_index pos, const struct icmp6_hdr *icmp6,
39 size_t len) {
40 const uint8_t *payload;
41 size_t payload_size;
42
43 if (len < sizeof(struct icmp6_hdr)) {
44 logmsg_dbg(ANDROID_LOG_ERROR, "icmp6_packet/(too small)");
45 return 0;
46 }
47
48 payload = (const uint8_t *)(icmp6 + 1);
49 payload_size = len - sizeof(struct icmp6_hdr);
50
51 return icmp6_to_icmp(out, pos, icmp6, payload, payload_size);
52 }
53
54 /* function: log_bad_address
55 * logs a bad address to android's log buffer if debugging is turned on
56 * fmt - printf-style format, use %s to place the address
57 * badaddr - the bad address in question
58 */
59 #if CLAT_DEBUG
log_bad_address(const char * fmt,const struct in6_addr * src,const struct in6_addr * dst)60 void log_bad_address(const char *fmt, const struct in6_addr *src, const struct in6_addr *dst) {
61 char srcstr[INET6_ADDRSTRLEN];
62 char dststr[INET6_ADDRSTRLEN];
63
64 inet_ntop(AF_INET6, src, srcstr, sizeof(srcstr));
65 inet_ntop(AF_INET6, dst, dststr, sizeof(dststr));
66 logmsg_dbg(ANDROID_LOG_ERROR, fmt, srcstr, dststr);
67 }
68 #else
69 #define log_bad_address(fmt, src, dst)
70 #endif
71
72 /* function: ipv6_packet
73 * takes an ipv6 packet and hands it off to the layer 4 protocol function
74 * out - output packet
75 * packet - packet data
76 * len - size of packet
77 * returns: the highest position in the output clat_packet that's filled in
78 */
ipv6_packet(clat_packet out,clat_packet_index pos,const uint8_t * packet,size_t len)79 int ipv6_packet(clat_packet out, clat_packet_index pos, const uint8_t *packet, size_t len) {
80 const struct ip6_hdr *ip6 = (struct ip6_hdr *)packet;
81 struct iphdr *ip_targ = (struct iphdr *)out[pos].iov_base;
82 struct ip6_frag *frag_hdr = NULL;
83 uint8_t protocol;
84 const uint8_t *next_header;
85 size_t len_left;
86 uint32_t old_sum, new_sum;
87 int iov_len;
88
89 if (len < sizeof(struct ip6_hdr)) {
90 logmsg_dbg(ANDROID_LOG_ERROR, "ipv6_packet/too short for an ip6 header: %d", len);
91 return 0;
92 }
93
94 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
95 log_bad_address("ipv6_packet/multicast %s->%s", &ip6->ip6_src, &ip6->ip6_dst);
96 return 0; // silently ignore
97 }
98
99 // If the packet is not from the plat subnet to the local subnet, or vice versa, drop it, unless
100 // it's an ICMP packet (which can come from anywhere). We do not send IPv6 packets from the plat
101 // subnet to the local subnet, but these can appear as inner packets in ICMP errors, so we need
102 // to translate them. We accept third-party ICMPv6 errors, even though their source addresses
103 // cannot be translated, so that things like unreachables and traceroute will work. fill_ip_header
104 // takes care of faking a source address for them.
105 if (!(is_in_plat_subnet(&ip6->ip6_src) &&
106 IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &Global_Clatd_Config.ipv6_local_subnet)) &&
107 !(is_in_plat_subnet(&ip6->ip6_dst) &&
108 IN6_ARE_ADDR_EQUAL(&ip6->ip6_src, &Global_Clatd_Config.ipv6_local_subnet)) &&
109 ip6->ip6_nxt != IPPROTO_ICMPV6) {
110 log_bad_address("ipv6_packet/wrong source address: %s->%s", &ip6->ip6_src, &ip6->ip6_dst);
111 return 0;
112 }
113
114 next_header = packet + sizeof(struct ip6_hdr);
115 len_left = len - sizeof(struct ip6_hdr);
116
117 protocol = ip6->ip6_nxt;
118
119 /* Fill in the IPv4 header. We need to do this before we translate the packet because TCP and
120 * UDP include parts of the IP header in the checksum. Set the length to zero because we don't
121 * know it yet.
122 */
123 fill_ip_header(ip_targ, 0, protocol, ip6);
124 out[pos].iov_len = sizeof(struct iphdr);
125
126 // If there's a Fragment header, parse it and decide what the next header is.
127 // Do this before calculating the pseudo-header checksum because it updates the next header value.
128 if (protocol == IPPROTO_FRAGMENT) {
129 frag_hdr = (struct ip6_frag *)next_header;
130 if (len_left < sizeof(*frag_hdr)) {
131 logmsg_dbg(ANDROID_LOG_ERROR, "ipv6_packet/too short for fragment header: %d", len);
132 return 0;
133 }
134
135 next_header += sizeof(*frag_hdr);
136 len_left -= sizeof(*frag_hdr);
137
138 protocol = parse_frag_header(frag_hdr, ip_targ);
139 }
140
141 // ICMP and ICMPv6 have different protocol numbers.
142 if (protocol == IPPROTO_ICMPV6) {
143 protocol = IPPROTO_ICMP;
144 ip_targ->protocol = IPPROTO_ICMP;
145 }
146
147 /* Calculate the pseudo-header checksum.
148 * Technically, the length that is used in the pseudo-header checksum is the transport layer
149 * length, which is not the same as len_left in the case of fragmented packets. But since
150 * translation does not change the transport layer length, the checksum is unaffected.
151 */
152 old_sum = ipv6_pseudo_header_checksum(ip6, len_left, protocol);
153 new_sum = ipv4_pseudo_header_checksum(ip_targ, len_left);
154
155 // Does not support IPv6 extension headers except Fragment.
156 if (frag_hdr && (frag_hdr->ip6f_offlg & IP6F_OFF_MASK)) {
157 iov_len = generic_packet(out, pos + 2, next_header, len_left);
158 } else if (protocol == IPPROTO_ICMP) {
159 iov_len = icmp6_packet(out, pos + 2, (const struct icmp6_hdr *)next_header, len_left);
160 } else if (protocol == IPPROTO_TCP) {
161 iov_len =
162 tcp_packet(out, pos + 2, (const struct tcphdr *)next_header, old_sum, new_sum, len_left);
163 } else if (protocol == IPPROTO_UDP) {
164 iov_len =
165 udp_packet(out, pos + 2, (const struct udphdr *)next_header, old_sum, new_sum, len_left);
166 } else if (protocol == IPPROTO_GRE) {
167 iov_len = generic_packet(out, pos + 2, next_header, len_left);
168 } else {
169 #if CLAT_DEBUG
170 logmsg(ANDROID_LOG_ERROR, "ipv6_packet/unknown next header type: %x", ip6->ip6_nxt);
171 logcat_hexdump("ipv6/nxthdr", packet, len);
172 #endif
173 return 0;
174 }
175
176 // Set the length and calculate the checksum.
177 ip_targ->tot_len = htons(ntohs(ip_targ->tot_len) + packet_length(out, pos));
178 ip_targ->check = ip_checksum(ip_targ, sizeof(struct iphdr));
179 return iov_len;
180 }
181