1 /* 2 * Copyright (C) 2020 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 * 16 */ 17 18 #pragma once 19 20 #include <map> 21 #include <thread> 22 23 #include <netinet/ip.h> 24 25 #include <android-base/result.h> 26 #include <android-base/unique_fd.h> 27 #include <netdutils/Slice.h> 28 29 namespace android::net { 30 31 // Given a TUN interface fd, TunForwarder reads packets from the fd, changes their IP header 32 // according to a set of forwarding rules (which can be set by addForwardingRule), and sends 33 // new packets back to the fd. Only IPv4 and IPv6 packets with recognized source and destination 34 // addresses are accepted; other packets are silently ignored. 35 class TunForwarder { 36 public: 37 TunForwarder(base::unique_fd tunFd); 38 ~TunForwarder(); 39 40 bool addForwardingRule(const std::array<std::string, 2>& from, 41 const std::array<std::string, 2>& to); 42 bool startForwarding(); 43 bool stopForwarding(); 44 45 static base::unique_fd createTun(const std::string& ifname); 46 47 private: 48 // TODO: Considering using IPAddress for v4pair and v6pair. This might requires adding 49 // addr4() and addr6() as IPPrefix does. 50 struct v4pair { 51 static base::Result<v4pair> makePair(const std::array<std::string, 2>& addrs); 52 v4pair() = default; v4pairv4pair53 v4pair(int32_t srcAddr, int32_t dstAddr) { 54 src.s_addr = static_cast<in_addr_t>(srcAddr); 55 dst.s_addr = static_cast<in_addr_t>(dstAddr); 56 } 57 in_addr src; 58 in_addr dst; 59 bool operator==(const v4pair& o) const; 60 bool operator<(const v4pair& o) const; 61 }; 62 63 struct v6pair { 64 static base::Result<v6pair> makePair(const std::array<std::string, 2>& addrs); 65 v6pair() = default; v6pairv6pair66 v6pair(const in6_addr& srcAddr, const in6_addr& dstAddr) : src(srcAddr), dst(dstAddr) {} 67 in6_addr src; 68 in6_addr dst; 69 bool operator==(const v6pair& o) const; 70 bool operator<(const v6pair& o) const; 71 }; 72 73 void loop(); 74 void handlePacket(int fd) const; 75 76 // Send a signal to terminate the loop thread. 77 bool signalEventFd(); 78 79 // A series of functions to check the packet. Return error if the packet is neither UDP nor TCP. 80 base::Result<void> validatePacket(netdutils::Slice tunPacket) const; 81 base::Result<void> validateIpv4Packet(netdutils::Slice ipv4Packet) const; 82 base::Result<void> validateIpv6Packet(netdutils::Slice ipv6Packet) const; 83 base::Result<void> validateUdpPacket(netdutils::Slice udpPacket) const; 84 base::Result<void> validateTcpPacket(netdutils::Slice tcpPacket) const; 85 86 // The function assumes |tunPacket| is either UDP or TCP packet, changes the source/destination 87 // addresses, and updates the checksum. 88 base::Result<void> translatePacket(netdutils::Slice tunPacket) const; 89 base::Result<void> translateIpv4Packet(netdutils::Slice ipv4Packet) const; 90 base::Result<void> translateIpv6Packet(netdutils::Slice ipv6Packet) const; 91 void translateUdpPacket(netdutils::Slice udpPacket, uint32_t oldPseudoSum, 92 uint32_t newPseudoSum) const; 93 void translateTcpPacket(netdutils::Slice tcpPacket, uint32_t oldPseudoSum, 94 uint32_t newPseudoSum) const; 95 96 std::thread mForwarder; 97 base::unique_fd mTunFd; 98 base::unique_fd mEventFd; 99 std::map<v4pair, v4pair> mRulesIpv4; 100 std::map<v6pair, v6pair> mRulesIpv6; 101 102 static constexpr int kPollTimeoutMs = 5000; 103 }; 104 105 } // namespace android::net 106