1 /*
2 * Copyright 2011 Daniel Drown
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 * translate.c - CLAT functions / partial implementation of rfc6145
17 */
18 #include "translate.h"
19
20 #include <string.h>
21
22 #include "checksum.h"
23 #include "clatd.h"
24 #include "common.h"
25 #include "config.h"
26 #include "debug.h"
27 #include "icmp.h"
28 #include "logging.h"
29
30 /* function: packet_checksum
31 * calculates the checksum over all the packet components starting from pos
32 * checksum - checksum of packet components before pos
33 * packet - packet to calculate the checksum of
34 * pos - position to start counting from
35 * returns - the completed 16-bit checksum, ready to write into a checksum header field
36 */
packet_checksum(uint32_t checksum,clat_packet packet,clat_packet_index pos)37 uint16_t packet_checksum(uint32_t checksum, clat_packet packet, clat_packet_index pos) {
38 int i;
39 for (i = pos; i < CLAT_POS_MAX; i++) {
40 if (packet[i].iov_len > 0) {
41 checksum = ip_checksum_add(checksum, packet[i].iov_base, packet[i].iov_len);
42 }
43 }
44 return ip_checksum_finish(checksum);
45 }
46
47 /* function: packet_length
48 * returns the total length of all the packet components after pos
49 * packet - packet to calculate the length of
50 * pos - position to start counting after
51 * returns: the total length of the packet components after pos
52 */
packet_length(clat_packet packet,clat_packet_index pos)53 uint16_t packet_length(clat_packet packet, clat_packet_index pos) {
54 size_t len = 0;
55 int i;
56 for (i = pos + 1; i < CLAT_POS_MAX; i++) {
57 len += packet[i].iov_len;
58 }
59 return len;
60 }
61
62 /* function: is_in_plat_subnet
63 * returns true iff the given IPv6 address is in the plat subnet.
64 * addr - IPv6 address
65 */
is_in_plat_subnet(const struct in6_addr * addr6)66 int is_in_plat_subnet(const struct in6_addr *addr6) {
67 // Assumes a /96 plat subnet.
68 return (addr6 != NULL) && (memcmp(addr6, &Global_Clatd_Config.plat_subnet, 12) == 0);
69 }
70
71 /* function: ipv6_addr_to_ipv4_addr
72 * return the corresponding ipv4 address for the given ipv6 address
73 * addr6 - ipv6 address
74 * returns: the IPv4 address
75 */
ipv6_addr_to_ipv4_addr(const struct in6_addr * addr6)76 uint32_t ipv6_addr_to_ipv4_addr(const struct in6_addr *addr6) {
77 if (is_in_plat_subnet(addr6)) {
78 // Assumes a /96 plat subnet.
79 return addr6->s6_addr32[3];
80 } else if (IN6_ARE_ADDR_EQUAL(addr6, &Global_Clatd_Config.ipv6_local_subnet)) {
81 // Special-case our own address.
82 return Global_Clatd_Config.ipv4_local_subnet.s_addr;
83 } else {
84 // Third party packet. Let the caller deal with it.
85 return INADDR_NONE;
86 }
87 }
88
89 /* function: ipv4_addr_to_ipv6_addr
90 * return the corresponding ipv6 address for the given ipv4 address
91 * addr4 - ipv4 address
92 */
ipv4_addr_to_ipv6_addr(uint32_t addr4)93 struct in6_addr ipv4_addr_to_ipv6_addr(uint32_t addr4) {
94 struct in6_addr addr6;
95 // Both addresses are in network byte order (addr4 comes from a network packet, and the config
96 // file entry is read using inet_ntop).
97 if (addr4 == Global_Clatd_Config.ipv4_local_subnet.s_addr) {
98 return Global_Clatd_Config.ipv6_local_subnet;
99 } else {
100 // Assumes a /96 plat subnet.
101 addr6 = Global_Clatd_Config.plat_subnet;
102 addr6.s6_addr32[3] = addr4;
103 return addr6;
104 }
105 }
106
107 /* function: fill_tun_header
108 * fill in the header for the tun fd
109 * tun_header - tunnel header, already allocated
110 * proto - ethernet protocol id: ETH_P_IP(ipv4) or ETH_P_IPV6(ipv6)
111 */
fill_tun_header(struct tun_pi * tun_header,uint16_t proto)112 void fill_tun_header(struct tun_pi *tun_header, uint16_t proto) {
113 tun_header->flags = 0;
114 tun_header->proto = htons(proto);
115 }
116
117 /* function: fill_ip_header
118 * generate an ipv4 header from an ipv6 header
119 * ip_targ - (ipv4) target packet header, source: original ipv4 addr, dest: local subnet addr
120 * payload_len - length of other data inside packet
121 * protocol - protocol number (tcp, udp, etc)
122 * old_header - (ipv6) source packet header, source: nat64 prefix, dest: local subnet prefix
123 */
fill_ip_header(struct iphdr * ip,uint16_t payload_len,uint8_t protocol,const struct ip6_hdr * old_header)124 void fill_ip_header(struct iphdr *ip, uint16_t payload_len, uint8_t protocol,
125 const struct ip6_hdr *old_header) {
126 int ttl_guess;
127 memset(ip, 0, sizeof(struct iphdr));
128
129 ip->ihl = 5;
130 ip->version = 4;
131 ip->tos = 0;
132 ip->tot_len = htons(sizeof(struct iphdr) + payload_len);
133 ip->id = 0;
134 ip->frag_off = htons(IP_DF);
135 ip->ttl = old_header->ip6_hlim;
136 ip->protocol = protocol;
137 ip->check = 0;
138
139 ip->saddr = ipv6_addr_to_ipv4_addr(&old_header->ip6_src);
140 ip->daddr = ipv6_addr_to_ipv4_addr(&old_header->ip6_dst);
141
142 // Third-party ICMPv6 message. This may have been originated by an native IPv6 address.
143 // In that case, the source IPv6 address can't be translated and we need to make up an IPv4
144 // source address. For now, use 255.0.0.<ttl>, which at least looks useful in traceroute.
145 if ((uint32_t)ip->saddr == INADDR_NONE) {
146 ttl_guess = icmp_guess_ttl(old_header->ip6_hlim);
147 ip->saddr = htonl((0xff << 24) + ttl_guess);
148 }
149 }
150
151 /* function: fill_ip6_header
152 * generate an ipv6 header from an ipv4 header
153 * ip6 - (ipv6) target packet header, source: local subnet prefix, dest: nat64 prefix
154 * payload_len - length of other data inside packet
155 * protocol - protocol number (tcp, udp, etc)
156 * old_header - (ipv4) source packet header, source: local subnet addr, dest: internet's ipv4 addr
157 */
fill_ip6_header(struct ip6_hdr * ip6,uint16_t payload_len,uint8_t protocol,const struct iphdr * old_header)158 void fill_ip6_header(struct ip6_hdr *ip6, uint16_t payload_len, uint8_t protocol,
159 const struct iphdr *old_header) {
160 memset(ip6, 0, sizeof(struct ip6_hdr));
161
162 ip6->ip6_vfc = 6 << 4;
163 ip6->ip6_plen = htons(payload_len);
164 ip6->ip6_nxt = protocol;
165 ip6->ip6_hlim = old_header->ttl;
166
167 ip6->ip6_src = ipv4_addr_to_ipv6_addr(old_header->saddr);
168 ip6->ip6_dst = ipv4_addr_to_ipv6_addr(old_header->daddr);
169 }
170
171 /* function: maybe_fill_frag_header
172 * fills a fragmentation header
173 * generate an ipv6 fragment header from an ipv4 header
174 * frag_hdr - target (ipv6) fragmentation header
175 * ip6_targ - target (ipv6) header
176 * old_header - (ipv4) source packet header
177 * returns: the length of the fragmentation header if present, or zero if not present
178 */
maybe_fill_frag_header(struct ip6_frag * frag_hdr,struct ip6_hdr * ip6_targ,const struct iphdr * old_header)179 size_t maybe_fill_frag_header(struct ip6_frag *frag_hdr, struct ip6_hdr *ip6_targ,
180 const struct iphdr *old_header) {
181 uint16_t frag_flags = ntohs(old_header->frag_off);
182 uint16_t frag_off = frag_flags & IP_OFFMASK;
183 if (frag_off == 0 && (frag_flags & IP_MF) == 0) {
184 // Not a fragment.
185 return 0;
186 }
187
188 frag_hdr->ip6f_nxt = ip6_targ->ip6_nxt;
189 frag_hdr->ip6f_reserved = 0;
190 // In IPv4, the offset is the bottom 13 bits; in IPv6 it's the top 13 bits.
191 frag_hdr->ip6f_offlg = htons(frag_off << 3);
192 if (frag_flags & IP_MF) {
193 frag_hdr->ip6f_offlg |= IP6F_MORE_FRAG;
194 }
195 frag_hdr->ip6f_ident = htonl(ntohs(old_header->id));
196 ip6_targ->ip6_nxt = IPPROTO_FRAGMENT;
197
198 return sizeof(*frag_hdr);
199 }
200
201 /* function: parse_frag_header
202 * return the length of the fragmentation header if present, or zero if not present
203 * generate an ipv6 fragment header from an ipv4 header
204 * frag_hdr - (ipv6) fragmentation header
205 * ip_targ - target (ipv4) header
206 * returns: the next header value
207 */
parse_frag_header(const struct ip6_frag * frag_hdr,struct iphdr * ip_targ)208 uint8_t parse_frag_header(const struct ip6_frag *frag_hdr, struct iphdr *ip_targ) {
209 uint16_t frag_off = (ntohs(frag_hdr->ip6f_offlg & IP6F_OFF_MASK) >> 3);
210 if (frag_hdr->ip6f_offlg & IP6F_MORE_FRAG) {
211 frag_off |= IP_MF;
212 }
213 ip_targ->frag_off = htons(frag_off);
214 ip_targ->id = htons(ntohl(frag_hdr->ip6f_ident) & 0xffff);
215 ip_targ->protocol = frag_hdr->ip6f_nxt;
216 return frag_hdr->ip6f_nxt;
217 }
218
219 /* function: icmp_to_icmp6
220 * translate ipv4 icmp to ipv6 icmp
221 * out - output packet
222 * icmp - source packet icmp header
223 * checksum - pseudo-header checksum
224 * payload - icmp payload
225 * payload_size - size of payload
226 * returns: the highest position in the output clat_packet that's filled in
227 */
icmp_to_icmp6(clat_packet out,clat_packet_index pos,const struct icmphdr * icmp,uint32_t checksum,const uint8_t * payload,size_t payload_size)228 int icmp_to_icmp6(clat_packet out, clat_packet_index pos, const struct icmphdr *icmp,
229 uint32_t checksum, const uint8_t *payload, size_t payload_size) {
230 struct icmp6_hdr *icmp6_targ = out[pos].iov_base;
231 uint8_t icmp6_type;
232 int clat_packet_len;
233
234 memset(icmp6_targ, 0, sizeof(struct icmp6_hdr));
235
236 icmp6_type = icmp_to_icmp6_type(icmp->type, icmp->code);
237 icmp6_targ->icmp6_type = icmp6_type;
238 icmp6_targ->icmp6_code = icmp_to_icmp6_code(icmp->type, icmp->code);
239
240 out[pos].iov_len = sizeof(struct icmp6_hdr);
241
242 if (pos == CLAT_POS_TRANSPORTHDR && is_icmp_error(icmp->type) && icmp6_type != ICMP6_PARAM_PROB) {
243 // An ICMP error we understand, one level deep.
244 // Translate the nested packet (the one that caused the error).
245 clat_packet_len = ipv4_packet(out, pos + 1, payload, payload_size);
246
247 // The pseudo-header checksum was calculated on the transport length of the original IPv4
248 // packet that we were asked to translate. This transport length is 20 bytes smaller than it
249 // needs to be, because the ICMP error contains an IPv4 header, which we will be translating to
250 // an IPv6 header, which is 20 bytes longer. Fix it up here.
251 // We only need to do this for ICMP->ICMPv6, not ICMPv6->ICMP, because ICMP does not use the
252 // pseudo-header when calculating its checksum (as the IPv4 header has its own checksum).
253 checksum = checksum + htons(20);
254 } else if (icmp6_type == ICMP6_ECHO_REQUEST || icmp6_type == ICMP6_ECHO_REPLY) {
255 // Ping packet.
256 icmp6_targ->icmp6_id = icmp->un.echo.id;
257 icmp6_targ->icmp6_seq = icmp->un.echo.sequence;
258 out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *)payload;
259 out[CLAT_POS_PAYLOAD].iov_len = payload_size;
260 clat_packet_len = CLAT_POS_PAYLOAD + 1;
261 } else {
262 // Unknown type/code. The type/code conversion functions have already logged an error.
263 return 0;
264 }
265
266 icmp6_targ->icmp6_cksum = 0; // Checksum field must be 0 when calculating checksum.
267 icmp6_targ->icmp6_cksum = packet_checksum(checksum, out, pos);
268
269 return clat_packet_len;
270 }
271
272 /* function: icmp6_to_icmp
273 * translate ipv6 icmp to ipv4 icmp
274 * out - output packet
275 * icmp6 - source packet icmp6 header
276 * payload - icmp6 payload
277 * payload_size - size of payload
278 * returns: the highest position in the output clat_packet that's filled in
279 */
icmp6_to_icmp(clat_packet out,clat_packet_index pos,const struct icmp6_hdr * icmp6,const uint8_t * payload,size_t payload_size)280 int icmp6_to_icmp(clat_packet out, clat_packet_index pos, const struct icmp6_hdr *icmp6,
281 const uint8_t *payload, size_t payload_size) {
282 struct icmphdr *icmp_targ = out[pos].iov_base;
283 uint8_t icmp_type;
284 int clat_packet_len;
285
286 memset(icmp_targ, 0, sizeof(struct icmphdr));
287
288 icmp_type = icmp6_to_icmp_type(icmp6->icmp6_type, icmp6->icmp6_code);
289 icmp_targ->type = icmp_type;
290 icmp_targ->code = icmp6_to_icmp_code(icmp6->icmp6_type, icmp6->icmp6_code);
291
292 out[pos].iov_len = sizeof(struct icmphdr);
293
294 if (pos == CLAT_POS_TRANSPORTHDR && is_icmp6_error(icmp6->icmp6_type) &&
295 icmp_type != ICMP_PARAMETERPROB) {
296 // An ICMPv6 error we understand, one level deep.
297 // Translate the nested packet (the one that caused the error).
298 clat_packet_len = ipv6_packet(out, pos + 1, payload, payload_size);
299 } else if (icmp_type == ICMP_ECHO || icmp_type == ICMP_ECHOREPLY) {
300 // Ping packet.
301 icmp_targ->un.echo.id = icmp6->icmp6_id;
302 icmp_targ->un.echo.sequence = icmp6->icmp6_seq;
303 out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *)payload;
304 out[CLAT_POS_PAYLOAD].iov_len = payload_size;
305 clat_packet_len = CLAT_POS_PAYLOAD + 1;
306 } else {
307 // Unknown type/code. The type/code conversion functions have already logged an error.
308 return 0;
309 }
310
311 icmp_targ->checksum = 0; // Checksum field must be 0 when calculating checksum.
312 icmp_targ->checksum = packet_checksum(0, out, pos);
313
314 return clat_packet_len;
315 }
316
317 /* function: generic_packet
318 * takes a generic IP packet and sets it up for translation
319 * out - output packet
320 * pos - position in the output packet of the transport header
321 * payload - pointer to IP payload
322 * len - size of ip payload
323 * returns: the highest position in the output clat_packet that's filled in
324 */
generic_packet(clat_packet out,clat_packet_index pos,const uint8_t * payload,size_t len)325 int generic_packet(clat_packet out, clat_packet_index pos, const uint8_t *payload, size_t len) {
326 out[pos].iov_len = 0;
327 out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *)payload;
328 out[CLAT_POS_PAYLOAD].iov_len = len;
329
330 return CLAT_POS_PAYLOAD + 1;
331 }
332
333 /* function: udp_packet
334 * takes a udp packet and sets it up for translation
335 * out - output packet
336 * udp - pointer to udp header in packet
337 * old_sum - pseudo-header checksum of old header
338 * new_sum - pseudo-header checksum of new header
339 * len - size of ip payload
340 */
udp_packet(clat_packet out,clat_packet_index pos,const struct udphdr * udp,uint32_t old_sum,uint32_t new_sum,size_t len)341 int udp_packet(clat_packet out, clat_packet_index pos, const struct udphdr *udp, uint32_t old_sum,
342 uint32_t new_sum, size_t len) {
343 const uint8_t *payload;
344 size_t payload_size;
345
346 if (len < sizeof(struct udphdr)) {
347 logmsg_dbg(ANDROID_LOG_ERROR, "udp_packet/(too small)");
348 return 0;
349 }
350
351 payload = (const uint8_t *)(udp + 1);
352 payload_size = len - sizeof(struct udphdr);
353
354 return udp_translate(out, pos, udp, old_sum, new_sum, payload, payload_size);
355 }
356
357 /* function: tcp_packet
358 * takes a tcp packet and sets it up for translation
359 * out - output packet
360 * tcp - pointer to tcp header in packet
361 * checksum - pseudo-header checksum
362 * len - size of ip payload
363 * returns: the highest position in the output clat_packet that's filled in
364 */
tcp_packet(clat_packet out,clat_packet_index pos,const struct tcphdr * tcp,uint32_t old_sum,uint32_t new_sum,size_t len)365 int tcp_packet(clat_packet out, clat_packet_index pos, const struct tcphdr *tcp, uint32_t old_sum,
366 uint32_t new_sum, size_t len) {
367 const uint8_t *payload;
368 size_t payload_size, header_size;
369
370 if (len < sizeof(struct tcphdr)) {
371 logmsg_dbg(ANDROID_LOG_ERROR, "tcp_packet/(too small)");
372 return 0;
373 }
374
375 if (tcp->doff < 5) {
376 logmsg_dbg(ANDROID_LOG_ERROR, "tcp_packet/tcp header length set to less than 5: %x", tcp->doff);
377 return 0;
378 }
379
380 if ((size_t)tcp->doff * 4 > len) {
381 logmsg_dbg(ANDROID_LOG_ERROR, "tcp_packet/tcp header length set too large: %x", tcp->doff);
382 return 0;
383 }
384
385 header_size = tcp->doff * 4;
386 payload = ((const uint8_t *)tcp) + header_size;
387 payload_size = len - header_size;
388
389 return tcp_translate(out, pos, tcp, header_size, old_sum, new_sum, payload, payload_size);
390 }
391
392 /* function: udp_translate
393 * common between ipv4/ipv6 - setup checksum and send udp packet
394 * out - output packet
395 * udp - udp header
396 * old_sum - pseudo-header checksum of old header
397 * new_sum - pseudo-header checksum of new header
398 * payload - tcp payload
399 * payload_size - size of payload
400 * returns: the highest position in the output clat_packet that's filled in
401 */
udp_translate(clat_packet out,clat_packet_index pos,const struct udphdr * udp,uint32_t old_sum,uint32_t new_sum,const uint8_t * payload,size_t payload_size)402 int udp_translate(clat_packet out, clat_packet_index pos, const struct udphdr *udp,
403 uint32_t old_sum, uint32_t new_sum, const uint8_t *payload, size_t payload_size) {
404 struct udphdr *udp_targ = out[pos].iov_base;
405
406 memcpy(udp_targ, udp, sizeof(struct udphdr));
407
408 out[pos].iov_len = sizeof(struct udphdr);
409 out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *)payload;
410 out[CLAT_POS_PAYLOAD].iov_len = payload_size;
411
412 if (udp_targ->check) {
413 udp_targ->check = ip_checksum_adjust(udp->check, old_sum, new_sum);
414 } else {
415 // Zero checksums are special. RFC 768 says, "An all zero transmitted checksum value means that
416 // the transmitter generated no checksum (for debugging or for higher level protocols that
417 // don't care)." However, in IPv6 zero UDP checksums were only permitted by RFC 6935 (2013). So
418 // for safety we recompute it.
419 udp_targ->check = 0; // Checksum field must be 0 when calculating checksum.
420 udp_targ->check = packet_checksum(new_sum, out, pos);
421 }
422
423 // RFC 768: "If the computed checksum is zero, it is transmitted as all ones (the equivalent
424 // in one's complement arithmetic)."
425 if (!udp_targ->check) {
426 udp_targ->check = 0xffff;
427 }
428
429 return CLAT_POS_PAYLOAD + 1;
430 }
431
432 /* function: tcp_translate
433 * common between ipv4/ipv6 - setup checksum and send tcp packet
434 * out - output packet
435 * tcp - tcp header
436 * header_size - size of tcp header including options
437 * checksum - partial checksum covering ipv4/ipv6 header
438 * payload - tcp payload
439 * payload_size - size of payload
440 * returns: the highest position in the output clat_packet that's filled in
441 */
tcp_translate(clat_packet out,clat_packet_index pos,const struct tcphdr * tcp,size_t header_size,uint32_t old_sum,uint32_t new_sum,const uint8_t * payload,size_t payload_size)442 int tcp_translate(clat_packet out, clat_packet_index pos, const struct tcphdr *tcp,
443 size_t header_size, uint32_t old_sum, uint32_t new_sum, const uint8_t *payload,
444 size_t payload_size) {
445 struct tcphdr *tcp_targ = out[pos].iov_base;
446 out[pos].iov_len = header_size;
447
448 if (header_size > MAX_TCP_HDR) {
449 // A TCP header cannot be more than MAX_TCP_HDR bytes long because it's a 4-bit field that
450 // counts in 4-byte words. So this can never happen unless there is a bug in the caller.
451 logmsg(ANDROID_LOG_ERROR, "tcp_translate: header too long %d > %d, truncating", header_size,
452 MAX_TCP_HDR);
453 header_size = MAX_TCP_HDR;
454 }
455
456 memcpy(tcp_targ, tcp, header_size);
457
458 out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *)payload;
459 out[CLAT_POS_PAYLOAD].iov_len = payload_size;
460
461 tcp_targ->check = ip_checksum_adjust(tcp->check, old_sum, new_sum);
462
463 return CLAT_POS_PAYLOAD + 1;
464 }
465
466 // Weak symbol so we can override it in the unit test.
467 void send_rawv6(int fd, clat_packet out, int iov_len) __attribute__((weak));
468
send_rawv6(int fd,clat_packet out,int iov_len)469 void send_rawv6(int fd, clat_packet out, int iov_len) {
470 // A send on a raw socket requires a destination address to be specified even if the socket's
471 // protocol is IPPROTO_RAW. This is the address that will be used in routing lookups; the
472 // destination address in the packet header only affects what appears on the wire, not where the
473 // packet is sent to.
474 static struct sockaddr_in6 sin6 = { AF_INET6, 0, 0, { { { 0, 0, 0, 0 } } }, 0 };
475 static struct msghdr msg = {
476 .msg_name = &sin6,
477 .msg_namelen = sizeof(sin6),
478 };
479
480 msg.msg_iov = out, msg.msg_iovlen = iov_len,
481 sin6.sin6_addr = ((struct ip6_hdr *)out[CLAT_POS_IPHDR].iov_base)->ip6_dst;
482 sendmsg(fd, &msg, 0);
483 }
484
485 /* function: translate_packet
486 * takes a packet, translates it, and writes it to fd
487 * fd - fd to write translated packet to
488 * to_ipv6 - true if translating to ipv6, false if translating to ipv4
489 * packet - packet
490 * packetsize - size of packet
491 */
translate_packet(int fd,int to_ipv6,const uint8_t * packet,size_t packetsize)492 void translate_packet(int fd, int to_ipv6, const uint8_t *packet, size_t packetsize) {
493 int iov_len = 0;
494
495 // Allocate buffers for all packet headers.
496 struct tun_pi tun_targ;
497 char iphdr[sizeof(struct ip6_hdr)];
498 char fraghdr[sizeof(struct ip6_frag)];
499 char transporthdr[MAX_TCP_HDR];
500 char icmp_iphdr[sizeof(struct ip6_hdr)];
501 char icmp_fraghdr[sizeof(struct ip6_frag)];
502 char icmp_transporthdr[MAX_TCP_HDR];
503
504 // iovec of the packets we'll send. This gets passed down to the translation functions.
505 clat_packet out = {
506 { &tun_targ, 0 }, // Tunnel header.
507 { iphdr, 0 }, // IP header.
508 { fraghdr, 0 }, // Fragment header.
509 { transporthdr, 0 }, // Transport layer header.
510 { icmp_iphdr, 0 }, // ICMP error inner IP header.
511 { icmp_fraghdr, 0 }, // ICMP error fragmentation header.
512 { icmp_transporthdr, 0 }, // ICMP error transport layer header.
513 { NULL, 0 }, // Payload. No buffer, it's a pointer to the original payload.
514 };
515
516 if (to_ipv6) {
517 iov_len = ipv4_packet(out, CLAT_POS_IPHDR, packet, packetsize);
518 if (iov_len > 0) {
519 send_rawv6(fd, out, iov_len);
520 }
521 } else {
522 iov_len = ipv6_packet(out, CLAT_POS_IPHDR, packet, packetsize);
523 if (iov_len > 0) {
524 fill_tun_header(&tun_targ, ETH_P_IP);
525 out[CLAT_POS_TUNHDR].iov_len = sizeof(tun_targ);
526 writev(fd, out, iov_len);
527 }
528 }
529 }
530