1 /*
2 * Copyright 2011 Daniel Drown
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 * translate.c - CLAT functions / partial implementation of rfc6145
17 */
18 #include <string.h>
19 #include <sys/uio.h>
20
21 #include "icmp.h"
22 #include "translate.h"
23 #include "checksum.h"
24 #include "clatd.h"
25 #include "config.h"
26 #include "logging.h"
27 #include "debug.h"
28
29 /* function: packet_checksum
30 * calculates the checksum over all the packet components starting from pos
31 * checksum - checksum of packet components before pos
32 * packet - packet to calculate the checksum of
33 * pos - position to start counting from
34 * returns - the completed 16-bit checksum, ready to write into a checksum header field
35 */
packet_checksum(uint32_t checksum,clat_packet packet,int pos)36 uint16_t packet_checksum(uint32_t checksum, clat_packet packet, int pos) {
37 int i;
38 for (i = pos; i < CLAT_POS_MAX; i++) {
39 if (packet[i].iov_len > 0) {
40 checksum = ip_checksum_add(checksum, packet[i].iov_base, packet[i].iov_len);
41 }
42 }
43 return ip_checksum_finish(checksum);
44 }
45
46 /* function: packet_length
47 * returns the total length of all the packet components after pos
48 * packet - packet to calculate the length of
49 * pos - position to start counting after
50 * returns: the total length of the packet components after pos
51 */
packet_length(clat_packet packet,int pos)52 uint16_t packet_length(clat_packet packet, int pos) {
53 size_t len = 0;
54 int i;
55 for (i = pos + 1; i < CLAT_POS_MAX; i++) {
56 len += packet[i].iov_len;
57 }
58 return len;
59 }
60
61 /* function: is_in_plat_subnet
62 * returns true iff the given IPv6 address is in the plat subnet.
63 * addr - IPv6 address
64 */
is_in_plat_subnet(const struct in6_addr * addr6)65 int is_in_plat_subnet(const struct in6_addr *addr6) {
66 // Assumes a /96 plat subnet.
67 return (addr6 != NULL) && (memcmp(addr6, &Global_Clatd_Config.plat_subnet, 12) == 0);
68 }
69
70 /* function: ipv6_addr_to_ipv4_addr
71 * return the corresponding ipv4 address for the given ipv6 address
72 * addr6 - ipv6 address
73 * returns: the IPv4 address
74 */
ipv6_addr_to_ipv4_addr(const struct in6_addr * addr6)75 uint32_t ipv6_addr_to_ipv4_addr(const struct in6_addr *addr6) {
76 if (is_in_plat_subnet(addr6)) {
77 // Assumes a /96 plat subnet.
78 return addr6->s6_addr32[3];
79 } else if (IN6_ARE_ADDR_EQUAL(addr6, &Global_Clatd_Config.ipv6_local_subnet)) {
80 // Special-case our own address.
81 return Global_Clatd_Config.ipv4_local_subnet.s_addr;
82 } else {
83 // Third party packet. Let the caller deal with it.
84 return INADDR_NONE;
85 }
86 }
87
88 /* function: ipv4_addr_to_ipv6_addr
89 * return the corresponding ipv6 address for the given ipv4 address
90 * addr4 - ipv4 address
91 */
ipv4_addr_to_ipv6_addr(uint32_t addr4)92 struct in6_addr ipv4_addr_to_ipv6_addr(uint32_t addr4) {
93 struct in6_addr addr6;
94 // Both addresses are in network byte order (addr4 comes from a network packet, and the config
95 // file entry is read using inet_ntop).
96 if (addr4 == Global_Clatd_Config.ipv4_local_subnet.s_addr) {
97 return Global_Clatd_Config.ipv6_local_subnet;
98 } else {
99 // Assumes a /96 plat subnet.
100 addr6 = Global_Clatd_Config.plat_subnet;
101 addr6.s6_addr32[3] = addr4;
102 return addr6;
103 }
104 }
105
106 /* function: fill_tun_header
107 * fill in the header for the tun fd
108 * tun_header - tunnel header, already allocated
109 * proto - ethernet protocol id: ETH_P_IP(ipv4) or ETH_P_IPV6(ipv6)
110 */
fill_tun_header(struct tun_pi * tun_header,uint16_t proto)111 void fill_tun_header(struct tun_pi *tun_header, uint16_t proto) {
112 tun_header->flags = 0;
113 tun_header->proto = htons(proto);
114 }
115
116 /* function: fill_ip_header
117 * generate an ipv4 header from an ipv6 header
118 * ip_targ - (ipv4) target packet header, source: original ipv4 addr, dest: local subnet addr
119 * payload_len - length of other data inside packet
120 * protocol - protocol number (tcp, udp, etc)
121 * old_header - (ipv6) source packet header, source: nat64 prefix, dest: local subnet prefix
122 */
fill_ip_header(struct iphdr * ip,uint16_t payload_len,uint8_t protocol,const struct ip6_hdr * old_header)123 void fill_ip_header(struct iphdr *ip, uint16_t payload_len, uint8_t protocol,
124 const struct ip6_hdr *old_header) {
125 int ttl_guess;
126 memset(ip, 0, sizeof(struct iphdr));
127
128 ip->ihl = 5;
129 ip->version = 4;
130 ip->tos = 0;
131 ip->tot_len = htons(sizeof(struct iphdr) + payload_len);
132 ip->id = 0;
133 ip->frag_off = htons(IP_DF);
134 ip->ttl = old_header->ip6_hlim;
135 ip->protocol = protocol;
136 ip->check = 0;
137
138 ip->saddr = ipv6_addr_to_ipv4_addr(&old_header->ip6_src);
139 ip->daddr = ipv6_addr_to_ipv4_addr(&old_header->ip6_dst);
140
141 // Third-party ICMPv6 message. This may have been originated by an native IPv6 address.
142 // In that case, the source IPv6 address can't be translated and we need to make up an IPv4
143 // source address. For now, use 255.0.0.<ttl>, which at least looks useful in traceroute.
144 if ((uint32_t) ip->saddr == INADDR_NONE) {
145 ttl_guess = icmp_guess_ttl(old_header->ip6_hlim);
146 ip->saddr = htonl((0xff << 24) + ttl_guess);
147 }
148 }
149
150 /* function: fill_ip6_header
151 * generate an ipv6 header from an ipv4 header
152 * ip6 - (ipv6) target packet header, source: local subnet prefix, dest: nat64 prefix
153 * payload_len - length of other data inside packet
154 * protocol - protocol number (tcp, udp, etc)
155 * old_header - (ipv4) source packet header, source: local subnet addr, dest: internet's ipv4 addr
156 */
fill_ip6_header(struct ip6_hdr * ip6,uint16_t payload_len,uint8_t protocol,const struct iphdr * old_header)157 void fill_ip6_header(struct ip6_hdr *ip6, uint16_t payload_len, uint8_t protocol,
158 const struct iphdr *old_header) {
159 memset(ip6, 0, sizeof(struct ip6_hdr));
160
161 ip6->ip6_vfc = 6 << 4;
162 ip6->ip6_plen = htons(payload_len);
163 ip6->ip6_nxt = protocol;
164 ip6->ip6_hlim = old_header->ttl;
165
166 ip6->ip6_src = ipv4_addr_to_ipv6_addr(old_header->saddr);
167 ip6->ip6_dst = ipv4_addr_to_ipv6_addr(old_header->daddr);
168 }
169
170 /* function: maybe_fill_frag_header
171 * fills a fragmentation header
172 * generate an ipv6 fragment header from an ipv4 header
173 * frag_hdr - target (ipv6) fragmentation header
174 * ip6_targ - target (ipv6) header
175 * old_header - (ipv4) source packet header
176 * returns: the length of the fragmentation header if present, or zero if not present
177 */
maybe_fill_frag_header(struct ip6_frag * frag_hdr,struct ip6_hdr * ip6_targ,const struct iphdr * old_header)178 size_t maybe_fill_frag_header(struct ip6_frag *frag_hdr, struct ip6_hdr *ip6_targ,
179 const struct iphdr *old_header) {
180 uint16_t frag_flags = ntohs(old_header->frag_off);
181 uint16_t frag_off = frag_flags & IP_OFFMASK;
182 if (frag_off == 0 && (frag_flags & IP_MF) == 0) {
183 // Not a fragment.
184 return 0;
185 }
186
187 frag_hdr->ip6f_nxt = ip6_targ->ip6_nxt;
188 frag_hdr->ip6f_reserved = 0;
189 // In IPv4, the offset is the bottom 13 bits; in IPv6 it's the top 13 bits.
190 frag_hdr->ip6f_offlg = htons(frag_off << 3);
191 if (frag_flags & IP_MF) {
192 frag_hdr->ip6f_offlg |= IP6F_MORE_FRAG;
193 }
194 frag_hdr->ip6f_ident = htonl(ntohs(old_header->id));
195 ip6_targ->ip6_nxt = IPPROTO_FRAGMENT;
196
197 return sizeof(*frag_hdr);
198 }
199
200 /* function: parse_frag_header
201 * return the length of the fragmentation header if present, or zero if not present
202 * generate an ipv6 fragment header from an ipv4 header
203 * frag_hdr - (ipv6) fragmentation header
204 * ip_targ - target (ipv4) header
205 * returns: the next header value
206 */
parse_frag_header(const struct ip6_frag * frag_hdr,struct iphdr * ip_targ)207 uint8_t parse_frag_header(const struct ip6_frag *frag_hdr, struct iphdr *ip_targ) {
208 uint16_t frag_off = (ntohs(frag_hdr->ip6f_offlg & IP6F_OFF_MASK) >> 3);
209 if (frag_hdr->ip6f_offlg & IP6F_MORE_FRAG) {
210 frag_off |= IP_MF;
211 }
212 ip_targ->frag_off = htons(frag_off);
213 ip_targ->id = htons(ntohl(frag_hdr->ip6f_ident) & 0xffff);
214 ip_targ->protocol = frag_hdr->ip6f_nxt;
215 return frag_hdr->ip6f_nxt;
216 }
217
218 /* function: icmp_to_icmp6
219 * translate ipv4 icmp to ipv6 icmp
220 * out - output packet
221 * icmp - source packet icmp header
222 * checksum - pseudo-header checksum
223 * payload - icmp payload
224 * payload_size - size of payload
225 * returns: the highest position in the output clat_packet that's filled in
226 */
icmp_to_icmp6(clat_packet out,int pos,const struct icmphdr * icmp,uint32_t checksum,const char * payload,size_t payload_size)227 int icmp_to_icmp6(clat_packet out, int pos, const struct icmphdr *icmp, uint32_t checksum,
228 const char *payload, size_t payload_size) {
229 struct icmp6_hdr *icmp6_targ = out[pos].iov_base;
230 uint8_t icmp6_type;
231 int clat_packet_len;
232
233 memset(icmp6_targ, 0, sizeof(struct icmp6_hdr));
234
235 icmp6_type = icmp_to_icmp6_type(icmp->type, icmp->code);
236 icmp6_targ->icmp6_type = icmp6_type;
237 icmp6_targ->icmp6_code = icmp_to_icmp6_code(icmp->type, icmp->code);
238
239 out[pos].iov_len = sizeof(struct icmp6_hdr);
240
241 if (pos == CLAT_POS_TRANSPORTHDR &&
242 is_icmp_error(icmp->type) &&
243 icmp6_type != ICMP6_PARAM_PROB) {
244 // An ICMP error we understand, one level deep.
245 // Translate the nested packet (the one that caused the error).
246 clat_packet_len = ipv4_packet(out, pos + 1, payload, payload_size);
247
248 // The pseudo-header checksum was calculated on the transport length of the original IPv4
249 // packet that we were asked to translate. This transport length is 20 bytes smaller than it
250 // needs to be, because the ICMP error contains an IPv4 header, which we will be translating to
251 // an IPv6 header, which is 20 bytes longer. Fix it up here.
252 // We only need to do this for ICMP->ICMPv6, not ICMPv6->ICMP, because ICMP does not use the
253 // pseudo-header when calculating its checksum (as the IPv4 header has its own checksum).
254 checksum = checksum + htons(20);
255 } else if (icmp6_type == ICMP6_ECHO_REQUEST || icmp6_type == ICMP6_ECHO_REPLY) {
256 // Ping packet.
257 icmp6_targ->icmp6_id = icmp->un.echo.id;
258 icmp6_targ->icmp6_seq = icmp->un.echo.sequence;
259 out[CLAT_POS_PAYLOAD].iov_base = (char *) payload;
260 out[CLAT_POS_PAYLOAD].iov_len = payload_size;
261 clat_packet_len = CLAT_POS_PAYLOAD + 1;
262 } else {
263 // Unknown type/code. The type/code conversion functions have already logged an error.
264 return 0;
265 }
266
267 icmp6_targ->icmp6_cksum = 0; // Checksum field must be 0 when calculating checksum.
268 icmp6_targ->icmp6_cksum = packet_checksum(checksum, out, pos);
269
270 return clat_packet_len;
271 }
272
273 /* function: icmp6_to_icmp
274 * translate ipv6 icmp to ipv4 icmp
275 * out - output packet
276 * icmp6 - source packet icmp6 header
277 * payload - icmp6 payload
278 * payload_size - size of payload
279 * returns: the highest position in the output clat_packet that's filled in
280 */
icmp6_to_icmp(clat_packet out,int pos,const struct icmp6_hdr * icmp6,const char * payload,size_t payload_size)281 int icmp6_to_icmp(clat_packet out, int pos, const struct icmp6_hdr *icmp6,
282 const char *payload, size_t payload_size) {
283 struct icmphdr *icmp_targ = out[pos].iov_base;
284 uint8_t icmp_type;
285 int clat_packet_len;
286
287 memset(icmp_targ, 0, sizeof(struct icmphdr));
288
289 icmp_type = icmp6_to_icmp_type(icmp6->icmp6_type, icmp6->icmp6_code);
290 icmp_targ->type = icmp_type;
291 icmp_targ->code = icmp6_to_icmp_code(icmp6->icmp6_type, icmp6->icmp6_code);
292
293 out[pos].iov_len = sizeof(struct icmphdr);
294
295 if (pos == CLAT_POS_TRANSPORTHDR &&
296 is_icmp6_error(icmp6->icmp6_type) &&
297 icmp_type != ICMP_PARAMETERPROB) {
298 // An ICMPv6 error we understand, one level deep.
299 // Translate the nested packet (the one that caused the error).
300 clat_packet_len = ipv6_packet(out, pos + 1, payload, payload_size);
301 } else if (icmp_type == ICMP_ECHO || icmp_type == ICMP_ECHOREPLY) {
302 // Ping packet.
303 icmp_targ->un.echo.id = icmp6->icmp6_id;
304 icmp_targ->un.echo.sequence = icmp6->icmp6_seq;
305 out[CLAT_POS_PAYLOAD].iov_base = (char *) payload;
306 out[CLAT_POS_PAYLOAD].iov_len = payload_size;
307 clat_packet_len = CLAT_POS_PAYLOAD + 1;
308 } else {
309 // Unknown type/code. The type/code conversion functions have already logged an error.
310 return 0;
311 }
312
313 icmp_targ->checksum = 0; // Checksum field must be 0 when calculating checksum.
314 icmp_targ->checksum = packet_checksum(0, out, pos);
315
316 return clat_packet_len;
317 }
318
319 /* function: generic_packet
320 * takes a generic IP packet and sets it up for translation
321 * out - output packet
322 * pos - position in the output packet of the transport header
323 * payload - pointer to IP payload
324 * len - size of ip payload
325 * returns: the highest position in the output clat_packet that's filled in
326 */
generic_packet(clat_packet out,int pos,const char * payload,size_t len)327 int generic_packet(clat_packet out, int pos, const char *payload, size_t len) {
328 out[pos].iov_len = 0;
329 out[CLAT_POS_PAYLOAD].iov_base = (char *) payload;
330 out[CLAT_POS_PAYLOAD].iov_len = len;
331
332 return CLAT_POS_PAYLOAD + 1;
333 }
334
335 /* function: udp_packet
336 * takes a udp packet and sets it up for translation
337 * out - output packet
338 * udp - pointer to udp header in packet
339 * old_sum - pseudo-header checksum of old header
340 * new_sum - pseudo-header checksum of new header
341 * len - size of ip payload
342 */
udp_packet(clat_packet out,int pos,const struct udphdr * udp,uint32_t old_sum,uint32_t new_sum,size_t len)343 int udp_packet(clat_packet out, int pos, const struct udphdr *udp,
344 uint32_t old_sum, uint32_t new_sum, size_t len) {
345 const char *payload;
346 size_t payload_size;
347
348 if(len < sizeof(struct udphdr)) {
349 logmsg_dbg(ANDROID_LOG_ERROR,"udp_packet/(too small)");
350 return 0;
351 }
352
353 payload = (const char *) (udp + 1);
354 payload_size = len - sizeof(struct udphdr);
355
356 return udp_translate(out, pos, udp, old_sum, new_sum, payload, payload_size);
357 }
358
359 /* function: tcp_packet
360 * takes a tcp packet and sets it up for translation
361 * out - output packet
362 * tcp - pointer to tcp header in packet
363 * checksum - pseudo-header checksum
364 * len - size of ip payload
365 * returns: the highest position in the output clat_packet that's filled in
366 */
tcp_packet(clat_packet out,int pos,const struct tcphdr * tcp,uint32_t old_sum,uint32_t new_sum,size_t len)367 int tcp_packet(clat_packet out, int pos, const struct tcphdr *tcp,
368 uint32_t old_sum, uint32_t new_sum, size_t len) {
369 const char *payload;
370 size_t payload_size, header_size;
371
372 if(len < sizeof(struct tcphdr)) {
373 logmsg_dbg(ANDROID_LOG_ERROR,"tcp_packet/(too small)");
374 return 0;
375 }
376
377 if(tcp->doff < 5) {
378 logmsg_dbg(ANDROID_LOG_ERROR,"tcp_packet/tcp header length set to less than 5: %x", tcp->doff);
379 return 0;
380 }
381
382 if((size_t) tcp->doff*4 > len) {
383 logmsg_dbg(ANDROID_LOG_ERROR,"tcp_packet/tcp header length set too large: %x", tcp->doff);
384 return 0;
385 }
386
387 header_size = tcp->doff * 4;
388 payload = ((const char *) tcp) + header_size;
389 payload_size = len - header_size;
390
391 return tcp_translate(out, pos, tcp, header_size, old_sum, new_sum, payload, payload_size);
392 }
393
394 /* function: udp_translate
395 * common between ipv4/ipv6 - setup checksum and send udp packet
396 * out - output packet
397 * udp - udp header
398 * old_sum - pseudo-header checksum of old header
399 * new_sum - pseudo-header checksum of new header
400 * payload - tcp payload
401 * payload_size - size of payload
402 * returns: the highest position in the output clat_packet that's filled in
403 */
udp_translate(clat_packet out,int pos,const struct udphdr * udp,uint32_t old_sum,uint32_t new_sum,const char * payload,size_t payload_size)404 int udp_translate(clat_packet out, int pos, const struct udphdr *udp, uint32_t old_sum,
405 uint32_t new_sum, const char *payload, size_t payload_size) {
406 struct udphdr *udp_targ = out[pos].iov_base;
407
408 memcpy(udp_targ, udp, sizeof(struct udphdr));
409
410 out[pos].iov_len = sizeof(struct udphdr);
411 out[CLAT_POS_PAYLOAD].iov_base = (char *) payload;
412 out[CLAT_POS_PAYLOAD].iov_len = payload_size;
413
414 if (udp_targ->check) {
415 udp_targ->check = ip_checksum_adjust(udp->check, old_sum, new_sum);
416 } else {
417 // Zero checksums are special. RFC 768 says, "An all zero transmitted checksum value means that
418 // the transmitter generated no checksum (for debugging or for higher level protocols that
419 // don't care)." However, in IPv6 zero UDP checksums were only permitted by RFC 6935 (2013). So
420 // for safety we recompute it.
421 udp_targ->check = 0; // Checksum field must be 0 when calculating checksum.
422 udp_targ->check = packet_checksum(new_sum, out, pos);
423 }
424
425 // RFC 768: "If the computed checksum is zero, it is transmitted as all ones (the equivalent
426 // in one's complement arithmetic)."
427 if (!udp_targ->check) {
428 udp_targ->check = 0xffff;
429 }
430
431 return CLAT_POS_PAYLOAD + 1;
432 }
433
434 /* function: tcp_translate
435 * common between ipv4/ipv6 - setup checksum and send tcp packet
436 * out - output packet
437 * tcp - tcp header
438 * header_size - size of tcp header including options
439 * checksum - partial checksum covering ipv4/ipv6 header
440 * payload - tcp payload
441 * payload_size - size of payload
442 * returns: the highest position in the output clat_packet that's filled in
443 */
tcp_translate(clat_packet out,int pos,const struct tcphdr * tcp,size_t header_size,uint32_t old_sum,uint32_t new_sum,const char * payload,size_t payload_size)444 int tcp_translate(clat_packet out, int pos, const struct tcphdr *tcp, size_t header_size,
445 uint32_t old_sum, uint32_t new_sum, const char *payload, size_t payload_size) {
446 struct tcphdr *tcp_targ = out[pos].iov_base;
447 out[pos].iov_len = header_size;
448
449 if (header_size > MAX_TCP_HDR) {
450 // A TCP header cannot be more than MAX_TCP_HDR bytes long because it's a 4-bit field that
451 // counts in 4-byte words. So this can never happen unless there is a bug in the caller.
452 logmsg(ANDROID_LOG_ERROR, "tcp_translate: header too long %d > %d, truncating",
453 header_size, MAX_TCP_HDR);
454 header_size = MAX_TCP_HDR;
455 }
456
457 memcpy(tcp_targ, tcp, header_size);
458
459 out[CLAT_POS_PAYLOAD].iov_base = (char *)payload;
460 out[CLAT_POS_PAYLOAD].iov_len = payload_size;
461
462 tcp_targ->check = ip_checksum_adjust(tcp->check, old_sum, new_sum);
463
464 return CLAT_POS_PAYLOAD + 1;
465 }
466
467 /* function: translate_packet
468 * takes a tun header and a packet and sends it down the stack
469 * tunnel - tun device data
470 * tun_header - tun header
471 * packet - packet
472 * packetsize - size of packet
473 */
translate_packet(const struct tun_data * tunnel,struct tun_pi * tun_header,const char * packet,size_t packetsize)474 void translate_packet(const struct tun_data *tunnel, struct tun_pi *tun_header, const char *packet,
475 size_t packetsize) {
476 int fd;
477 int iov_len = 0;
478
479 // Allocate buffers for all packet headers.
480 struct tun_pi tun_targ;
481 char iphdr[sizeof(struct ip6_hdr)];
482 char fraghdr[sizeof(struct ip6_frag)];
483 char transporthdr[MAX_TCP_HDR];
484 char icmp_iphdr[sizeof(struct ip6_hdr)];
485 char icmp_fraghdr[sizeof(struct ip6_frag)];
486 char icmp_transporthdr[MAX_TCP_HDR];
487
488 // iovec of the packets we'll send. This gets passed down to the translation functions.
489 clat_packet out = {
490 { &tun_targ, sizeof(tun_targ) }, // Tunnel header.
491 { iphdr, 0 }, // IP header.
492 { fraghdr, 0 }, // Fragment header.
493 { transporthdr, 0 }, // Transport layer header.
494 { icmp_iphdr, 0 }, // ICMP error inner IP header.
495 { icmp_fraghdr, 0 }, // ICMP error fragmentation header.
496 { icmp_transporthdr, 0 }, // ICMP error transport layer header.
497 { NULL, 0 }, // Payload. No buffer, it's a pointer to the original payload.
498 };
499
500 if(tun_header->flags != 0) {
501 logmsg(ANDROID_LOG_WARN, "translate_packet: unexpected flags = %d", tun_header->flags);
502 }
503
504 if(ntohs(tun_header->proto) == ETH_P_IP) {
505 fd = tunnel->fd6;
506 fill_tun_header(&tun_targ, ETH_P_IPV6);
507 iov_len = ipv4_packet(out, CLAT_POS_IPHDR, packet, packetsize);
508 } else if(ntohs(tun_header->proto) == ETH_P_IPV6) {
509 fd = tunnel->fd4;
510 fill_tun_header(&tun_targ, ETH_P_IP);
511 iov_len = ipv6_packet(out, CLAT_POS_IPHDR, packet, packetsize);
512 } else {
513 logmsg(ANDROID_LOG_WARN, "translate_packet: unknown packet type = %x",tun_header->proto);
514 }
515
516 if (iov_len > 0) {
517 writev(fd, out, iov_len);
518 }
519 }
520