+++ /dev/null
-LOCAL_PATH:= $(call my-dir)
-include $(CLEAR_VARS)
-
-LOCAL_SRC_FILES:=clatd.c dump.c checksum.c translate.c icmp.c ipv4.c ipv6.c config.c dns64.c logging.c getaddr.c netlink_callbacks.c netlink_msg.c setif.c mtu.c tun.c ring.c
-
-LOCAL_CFLAGS := -Wall -Werror -Wunused-parameter
-LOCAL_C_INCLUDES := external/libnl/include bionic/libc/dns/include
-LOCAL_STATIC_LIBRARIES := libnl
-LOCAL_SHARED_LIBRARIES := libcutils liblog libnetutils
-
-# The clat daemon.
-LOCAL_MODULE := clatd
-
-include $(BUILD_EXECUTABLE)
-
-
-# The configuration file.
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := clatd.conf
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_PATH := $(TARGET_OUT)/etc
-LOCAL_SRC_FILES := $(LOCAL_MODULE)
-
-include $(BUILD_PREBUILT)
-
-
-# Unit tests.
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := clatd_test
-LOCAL_CFLAGS := -Wall -Werror -Wunused-parameter
-LOCAL_SRC_FILES := clatd_test.cpp checksum.c translate.c icmp.c ipv4.c ipv6.c logging.c config.c tun.c
-LOCAL_MODULE_TAGS := eng tests
-LOCAL_SHARED_LIBRARIES := liblog
-
-include $(BUILD_NATIVE_TEST)
-
-# Microbenchmark.
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := clatd_microbenchmark
-LOCAL_CFLAGS := -Wall -Werror -Wunused-parameter
-LOCAL_SRC_FILES := clatd_microbenchmark.c checksum.c tun.c
-LOCAL_MODULE_TAGS := eng tests
-
-include $(BUILD_NATIVE_TEST)
+++ /dev/null
-known problems/assumptions:
- - does not handle protocols other than ICMP, UDP, TCP and GRE
- - assumes the handset has its own (routed) /64 ipv6 subnet
- - assumes the /128 ipv6 subnet it generates can use the nat64 gateway
- - assumes the nat64 gateway has the ipv4 address in the last 32 bits of the ipv6 address (that it uses a /96 plat subnet)
+++ /dev/null
- Apache License
- Version 2.0, January 2004
- http://www.apache.org/licenses/
-
- TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
- 1. Definitions.
-
- "License" shall mean the terms and conditions for use, reproduction,
- and distribution as defined by Sections 1 through 9 of this document.
-
- "Licensor" shall mean the copyright owner or entity authorized by
- the copyright owner that is granting the License.
-
- "Legal Entity" shall mean the union of the acting entity and all
- other entities that control, are controlled by, or are under common
- control with that entity. For the purposes of this definition,
- "control" means (i) the power, direct or indirect, to cause the
- direction or management of such entity, whether by contract or
- otherwise, or (ii) ownership of fifty percent (50%) or more of the
- outstanding shares, or (iii) beneficial ownership of such entity.
-
- "You" (or "Your") shall mean an individual or Legal Entity
- exercising permissions granted by this License.
-
- "Source" form shall mean the preferred form for making modifications,
- including but not limited to software source code, documentation
- source, and configuration files.
-
- "Object" form shall mean any form resulting from mechanical
- transformation or translation of a Source form, including but
- not limited to compiled object code, generated documentation,
- and conversions to other media types.
-
- "Work" shall mean the work of authorship, whether in Source or
- Object form, made available under the License, as indicated by a
- copyright notice that is included in or attached to the work
- (an example is provided in the Appendix below).
-
- "Derivative Works" shall mean any work, whether in Source or Object
- form, that is based on (or derived from) the Work and for which the
- editorial revisions, annotations, elaborations, or other modifications
- represent, as a whole, an original work of authorship. For the purposes
- of this License, Derivative Works shall not include works that remain
- separable from, or merely link (or bind by name) to the interfaces of,
- the Work and Derivative Works thereof.
-
- "Contribution" shall mean any work of authorship, including
- the original version of the Work and any modifications or additions
- to that Work or Derivative Works thereof, that is intentionally
- submitted to Licensor for inclusion in the Work by the copyright owner
- or by an individual or Legal Entity authorized to submit on behalf of
- the copyright owner. For the purposes of this definition, "submitted"
- means any form of electronic, verbal, or written communication sent
- to the Licensor or its representatives, including but not limited to
- communication on electronic mailing lists, source code control systems,
- and issue tracking systems that are managed by, or on behalf of, the
- Licensor for the purpose of discussing and improving the Work, but
- excluding communication that is conspicuously marked or otherwise
- designated in writing by the copyright owner as "Not a Contribution."
-
- "Contributor" shall mean Licensor and any individual or Legal Entity
- on behalf of whom a Contribution has been received by Licensor and
- subsequently incorporated within the Work.
-
- 2. Grant of Copyright License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- copyright license to reproduce, prepare Derivative Works of,
- publicly display, publicly perform, sublicense, and distribute the
- Work and such Derivative Works in Source or Object form.
-
- 3. Grant of Patent License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- (except as stated in this section) patent license to make, have made,
- use, offer to sell, sell, import, and otherwise transfer the Work,
- where such license applies only to those patent claims licensable
- by such Contributor that are necessarily infringed by their
- Contribution(s) alone or by combination of their Contribution(s)
- with the Work to which such Contribution(s) was submitted. If You
- institute patent litigation against any entity (including a
- cross-claim or counterclaim in a lawsuit) alleging that the Work
- or a Contribution incorporated within the Work constitutes direct
- or contributory patent infringement, then any patent licenses
- granted to You under this License for that Work shall terminate
- as of the date such litigation is filed.
-
- 4. Redistribution. You may reproduce and distribute copies of the
- Work or Derivative Works thereof in any medium, with or without
- modifications, and in Source or Object form, provided that You
- meet the following conditions:
-
- (a) You must give any other recipients of the Work or
- Derivative Works a copy of this License; and
-
- (b) You must cause any modified files to carry prominent notices
- stating that You changed the files; and
-
- (c) You must retain, in the Source form of any Derivative Works
- that You distribute, all copyright, patent, trademark, and
- attribution notices from the Source form of the Work,
- excluding those notices that do not pertain to any part of
- the Derivative Works; and
-
- (d) If the Work includes a "NOTICE" text file as part of its
- distribution, then any Derivative Works that You distribute must
- include a readable copy of the attribution notices contained
- within such NOTICE file, excluding those notices that do not
- pertain to any part of the Derivative Works, in at least one
- of the following places: within a NOTICE text file distributed
- as part of the Derivative Works; within the Source form or
- documentation, if provided along with the Derivative Works; or,
- within a display generated by the Derivative Works, if and
- wherever such third-party notices normally appear. The contents
- of the NOTICE file are for informational purposes only and
- do not modify the License. You may add Your own attribution
- notices within Derivative Works that You distribute, alongside
- or as an addendum to the NOTICE text from the Work, provided
- that such additional attribution notices cannot be construed
- as modifying the License.
-
- You may add Your own copyright statement to Your modifications and
- may provide additional or different license terms and conditions
- for use, reproduction, or distribution of Your modifications, or
- for any such Derivative Works as a whole, provided Your use,
- reproduction, and distribution of the Work otherwise complies with
- the conditions stated in this License.
-
- 5. Submission of Contributions. Unless You explicitly state otherwise,
- any Contribution intentionally submitted for inclusion in the Work
- by You to the Licensor shall be under the terms and conditions of
- this License, without any additional terms or conditions.
- Notwithstanding the above, nothing herein shall supersede or modify
- the terms of any separate license agreement you may have executed
- with Licensor regarding such Contributions.
-
- 6. Trademarks. This License does not grant permission to use the trade
- names, trademarks, service marks, or product names of the Licensor,
- except as required for reasonable and customary use in describing the
- origin of the Work and reproducing the content of the NOTICE file.
-
- 7. Disclaimer of Warranty. Unless required by applicable law or
- agreed to in writing, Licensor provides the Work (and each
- Contributor provides its Contributions) on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- implied, including, without limitation, any warranties or conditions
- of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
- PARTICULAR PURPOSE. You are solely responsible for determining the
- appropriateness of using or redistributing the Work and assume any
- risks associated with Your exercise of permissions under this License.
-
- 8. Limitation of Liability. In no event and under no legal theory,
- whether in tort (including negligence), contract, or otherwise,
- unless required by applicable law (such as deliberate and grossly
- negligent acts) or agreed to in writing, shall any Contributor be
- liable to You for damages, including any direct, indirect, special,
- incidental, or consequential damages of any character arising as a
- result of this License or out of the use or inability to use the
- Work (including but not limited to damages for loss of goodwill,
- work stoppage, computer failure or malfunction, or any and all
- other commercial damages or losses), even if such Contributor
- has been advised of the possibility of such damages.
-
- 9. Accepting Warranty or Additional Liability. While redistributing
- the Work or Derivative Works thereof, You may choose to offer,
- and charge a fee for, acceptance of support, warranty, indemnity,
- or other liability obligations and/or rights consistent with this
- License. However, in accepting such obligations, You may act only
- on Your own behalf and on Your sole responsibility, not on behalf
- of any other Contributor, and only if You agree to indemnify,
- defend, and hold each Contributor harmless for any liability
- incurred by, or claims asserted against, such Contributor by reason
- of your accepting any such warranty or additional liability.
-
- END OF TERMS AND CONDITIONS
-
- APPENDIX: How to apply the Apache License to your work.
-
- To apply the Apache License to your work, attach the following
- boilerplate notice, with the fields enclosed by brackets "[]"
- replaced with your own identifying information. (Don't include
- the brackets!) The text should be enclosed in the appropriate
- comment syntax for the file format. We also recommend that a
- file or class name and description of purpose be included on the
- same "printed page" as the copyright notice for easier
- identification within third-party archives.
-
- Copyright [yyyy] [name of copyright owner]
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
+++ /dev/null
- Copyright (c) 2010-2012, Daniel Drown
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
-
- Apache License
- Version 2.0, January 2004
- http://www.apache.org/licenses/
-
- TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
- 1. Definitions.
-
- "License" shall mean the terms and conditions for use, reproduction,
- and distribution as defined by Sections 1 through 9 of this document.
-
- "Licensor" shall mean the copyright owner or entity authorized by
- the copyright owner that is granting the License.
-
- "Legal Entity" shall mean the union of the acting entity and all
- other entities that control, are controlled by, or are under common
- control with that entity. For the purposes of this definition,
- "control" means (i) the power, direct or indirect, to cause the
- direction or management of such entity, whether by contract or
- otherwise, or (ii) ownership of fifty percent (50%) or more of the
- outstanding shares, or (iii) beneficial ownership of such entity.
-
- "You" (or "Your") shall mean an individual or Legal Entity
- exercising permissions granted by this License.
-
- "Source" form shall mean the preferred form for making modifications,
- including but not limited to software source code, documentation
- source, and configuration files.
-
- "Object" form shall mean any form resulting from mechanical
- transformation or translation of a Source form, including but
- not limited to compiled object code, generated documentation,
- and conversions to other media types.
-
- "Work" shall mean the work of authorship, whether in Source or
- Object form, made available under the License, as indicated by a
- copyright notice that is included in or attached to the work
- (an example is provided in the Appendix below).
-
- "Derivative Works" shall mean any work, whether in Source or Object
- form, that is based on (or derived from) the Work and for which the
- editorial revisions, annotations, elaborations, or other modifications
- represent, as a whole, an original work of authorship. For the purposes
- of this License, Derivative Works shall not include works that remain
- separable from, or merely link (or bind by name) to the interfaces of,
- the Work and Derivative Works thereof.
-
- "Contribution" shall mean any work of authorship, including
- the original version of the Work and any modifications or additions
- to that Work or Derivative Works thereof, that is intentionally
- submitted to Licensor for inclusion in the Work by the copyright owner
- or by an individual or Legal Entity authorized to submit on behalf of
- the copyright owner. For the purposes of this definition, "submitted"
- means any form of electronic, verbal, or written communication sent
- to the Licensor or its representatives, including but not limited to
- communication on electronic mailing lists, source code control systems,
- and issue tracking systems that are managed by, or on behalf of, the
- Licensor for the purpose of discussing and improving the Work, but
- excluding communication that is conspicuously marked or otherwise
- designated in writing by the copyright owner as "Not a Contribution."
-
- "Contributor" shall mean Licensor and any individual or Legal Entity
- on behalf of whom a Contribution has been received by Licensor and
- subsequently incorporated within the Work.
-
- 2. Grant of Copyright License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- copyright license to reproduce, prepare Derivative Works of,
- publicly display, publicly perform, sublicense, and distribute the
- Work and such Derivative Works in Source or Object form.
-
- 3. Grant of Patent License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- (except as stated in this section) patent license to make, have made,
- use, offer to sell, sell, import, and otherwise transfer the Work,
- where such license applies only to those patent claims licensable
- by such Contributor that are necessarily infringed by their
- Contribution(s) alone or by combination of their Contribution(s)
- with the Work to which such Contribution(s) was submitted. If You
- institute patent litigation against any entity (including a
- cross-claim or counterclaim in a lawsuit) alleging that the Work
- or a Contribution incorporated within the Work constitutes direct
- or contributory patent infringement, then any patent licenses
- granted to You under this License for that Work shall terminate
- as of the date such litigation is filed.
-
- 4. Redistribution. You may reproduce and distribute copies of the
- Work or Derivative Works thereof in any medium, with or without
- modifications, and in Source or Object form, provided that You
- meet the following conditions:
-
- (a) You must give any other recipients of the Work or
- Derivative Works a copy of this License; and
-
- (b) You must cause any modified files to carry prominent notices
- stating that You changed the files; and
-
- (c) You must retain, in the Source form of any Derivative Works
- that You distribute, all copyright, patent, trademark, and
- attribution notices from the Source form of the Work,
- excluding those notices that do not pertain to any part of
- the Derivative Works; and
-
- (d) If the Work includes a "NOTICE" text file as part of its
- distribution, then any Derivative Works that You distribute must
- include a readable copy of the attribution notices contained
- within such NOTICE file, excluding those notices that do not
- pertain to any part of the Derivative Works, in at least one
- of the following places: within a NOTICE text file distributed
- as part of the Derivative Works; within the Source form or
- documentation, if provided along with the Derivative Works; or,
- within a display generated by the Derivative Works, if and
- wherever such third-party notices normally appear. The contents
- of the NOTICE file are for informational purposes only and
- do not modify the License. You may add Your own attribution
- notices within Derivative Works that You distribute, alongside
- or as an addendum to the NOTICE text from the Work, provided
- that such additional attribution notices cannot be construed
- as modifying the License.
-
- You may add Your own copyright statement to Your modifications and
- may provide additional or different license terms and conditions
- for use, reproduction, or distribution of Your modifications, or
- for any such Derivative Works as a whole, provided Your use,
- reproduction, and distribution of the Work otherwise complies with
- the conditions stated in this License.
-
- 5. Submission of Contributions. Unless You explicitly state otherwise,
- any Contribution intentionally submitted for inclusion in the Work
- by You to the Licensor shall be under the terms and conditions of
- this License, without any additional terms or conditions.
- Notwithstanding the above, nothing herein shall supersede or modify
- the terms of any separate license agreement you may have executed
- with Licensor regarding such Contributions.
-
- 6. Trademarks. This License does not grant permission to use the trade
- names, trademarks, service marks, or product names of the Licensor,
- except as required for reasonable and customary use in describing the
- origin of the Work and reproducing the content of the NOTICE file.
-
- 7. Disclaimer of Warranty. Unless required by applicable law or
- agreed to in writing, Licensor provides the Work (and each
- Contributor provides its Contributions) on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- implied, including, without limitation, any warranties or conditions
- of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
- PARTICULAR PURPOSE. You are solely responsible for determining the
- appropriateness of using or redistributing the Work and assume any
- risks associated with Your exercise of permissions under this License.
-
- 8. Limitation of Liability. In no event and under no legal theory,
- whether in tort (including negligence), contract, or otherwise,
- unless required by applicable law (such as deliberate and grossly
- negligent acts) or agreed to in writing, shall any Contributor be
- liable to You for damages, including any direct, indirect, special,
- incidental, or consequential damages of any character arising as a
- result of this License or out of the use or inability to use the
- Work (including but not limited to damages for loss of goodwill,
- work stoppage, computer failure or malfunction, or any and all
- other commercial damages or losses), even if such Contributor
- has been advised of the possibility of such damages.
-
- 9. Accepting Warranty or Additional Liability. While redistributing
- the Work or Derivative Works thereof, You may choose to offer,
- and charge a fee for, acceptance of support, warranty, indemnity,
- or other liability obligations and/or rights consistent with this
- License. However, in accepting such obligations, You may act only
- on Your own behalf and on Your sole responsibility, not on behalf
- of any other Contributor, and only if You agree to indemnify,
- defend, and hold each Contributor harmless for any liability
- incurred by, or claims asserted against, such Contributor by reason
- of your accepting any such warranty or additional liability.
-
- END OF TERMS AND CONDITIONS
-
+++ /dev/null
-/*
- * Copyright 2011 Daniel Drown
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * checksum.c - ipv4/ipv6 checksum calculation
- */
-#include <netinet/in.h>
-#include <netinet/ip.h>
-#include <netinet/ip_icmp.h>
-#include <netinet/udp.h>
-#include <netinet/tcp.h>
-#include <netinet/ip6.h>
-#include <netinet/icmp6.h>
-
-#include "checksum.h"
-
-/* function: ip_checksum_add
- * adds data to a checksum
- * current - the current checksum (or 0 to start a new checksum)
- * data - the data to add to the checksum
- * len - length of data
- */
-uint32_t ip_checksum_add(uint32_t current, const void *data, int len) {
- uint32_t checksum = current;
- int left = len;
- const uint16_t *data_16 = data;
-
- while(left > 1) {
- checksum += *data_16;
- data_16++;
- left -= 2;
- }
- if(left) {
- checksum += *(uint8_t *)data_16;
- }
-
- return checksum;
-}
-
-/* function: ip_checksum_fold
- * folds a 32-bit partial checksum into 16 bits
- * temp_sum - sum from ip_checksum_add
- * returns: the folded checksum in network byte order
- */
-uint16_t ip_checksum_fold(uint32_t temp_sum) {
- while(temp_sum > 0xffff)
- temp_sum = (temp_sum >> 16) + (temp_sum & 0xFFFF);
-
- return temp_sum;
-}
-
-/* function: ip_checksum_finish
- * folds and closes the checksum
- * temp_sum - sum from ip_checksum_add
- * returns: a header checksum value in network byte order
- */
-uint16_t ip_checksum_finish(uint32_t temp_sum) {
- return ~ip_checksum_fold(temp_sum);
-}
-
-/* function: ip_checksum
- * combined ip_checksum_add and ip_checksum_finish
- * data - data to checksum
- * len - length of data
- */
-uint16_t ip_checksum(const void *data, int len) {
- uint32_t temp_sum;
-
- temp_sum = ip_checksum_add(0,data,len);
- return ip_checksum_finish(temp_sum);
-}
-
-/* function: ipv6_pseudo_header_checksum
- * calculate the pseudo header checksum for use in tcp/udp/icmp headers
- * ip6 - the ipv6 header
- * len - the transport length (transport header + payload)
- * protocol - the transport layer protocol, can be different from ip6->ip6_nxt for fragments
- */
-uint32_t ipv6_pseudo_header_checksum(const struct ip6_hdr *ip6, uint16_t len, uint8_t protocol) {
- uint32_t checksum_len, checksum_next;
- checksum_len = htonl((uint32_t) len);
- checksum_next = htonl(protocol);
-
- uint32_t current = 0;
- current = ip_checksum_add(current, &(ip6->ip6_src), sizeof(struct in6_addr));
- current = ip_checksum_add(current, &(ip6->ip6_dst), sizeof(struct in6_addr));
- current = ip_checksum_add(current, &checksum_len, sizeof(checksum_len));
- current = ip_checksum_add(current, &checksum_next, sizeof(checksum_next));
-
- return current;
-}
-
-/* function: ipv4_pseudo_header_checksum
- * calculate the pseudo header checksum for use in tcp/udp headers
- * ip - the ipv4 header
- * len - the transport length (transport header + payload)
- */
-uint32_t ipv4_pseudo_header_checksum(const struct iphdr *ip, uint16_t len) {
- uint16_t temp_protocol, temp_length;
-
- temp_protocol = htons(ip->protocol);
- temp_length = htons(len);
-
- uint32_t current = 0;
- current = ip_checksum_add(current, &(ip->saddr), sizeof(uint32_t));
- current = ip_checksum_add(current, &(ip->daddr), sizeof(uint32_t));
- current = ip_checksum_add(current, &temp_protocol, sizeof(uint16_t));
- current = ip_checksum_add(current, &temp_length, sizeof(uint16_t));
-
- return current;
-}
-
-/* function: ip_checksum_adjust
- * calculates a new checksum given a previous checksum and the old and new pseudo-header checksums
- * checksum - the header checksum in the original packet in network byte order
- * old_hdr_sum - the pseudo-header checksum of the original packet
- * new_hdr_sum - the pseudo-header checksum of the translated packet
- * returns: the new header checksum in network byte order
- */
-uint16_t ip_checksum_adjust(uint16_t checksum, uint32_t old_hdr_sum, uint32_t new_hdr_sum) {
- // Algorithm suggested in RFC 1624.
- // http://tools.ietf.org/html/rfc1624#section-3
- checksum = ~checksum;
- uint16_t folded_sum = ip_checksum_fold(checksum + new_hdr_sum);
- uint16_t folded_old = ip_checksum_fold(old_hdr_sum);
- if (folded_sum > folded_old) {
- return ~(folded_sum - folded_old);
- } else {
- return ~(folded_sum - folded_old - 1); // end-around borrow
- }
-}
+++ /dev/null
-/*
- * Copyright 2011 Daniel Drown
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * checksum.h - checksum functions
- */
-#ifndef __CHECKSUM_H__
-#define __CHECKSUM_H__
-
-#include <stdint.h>
-#include <netinet/ip.h>
-#include <netinet/ip6.h>
-
-uint32_t ip_checksum_add(uint32_t current, const void *data, int len);
-uint16_t ip_checksum_finish(uint32_t temp_sum);
-uint16_t ip_checksum(const void *data, int len);
-
-uint32_t ipv6_pseudo_header_checksum(const struct ip6_hdr *ip6, uint16_t len, uint8_t protocol);
-uint32_t ipv4_pseudo_header_checksum(const struct iphdr *ip, uint16_t len);
-
-uint16_t ip_checksum_adjust(uint16_t checksum, uint32_t old_hdr_sum, uint32_t new_hdr_sum);
-
-#endif /* __CHECKSUM_H__ */
+++ /dev/null
-/*
- * Copyright 2012 Daniel Drown
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * clatd.c - tun interface setup and main event loop
- */
-#include <poll.h>
-#include <signal.h>
-#include <time.h>
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/ioctl.h>
-#include <sys/prctl.h>
-#include <sys/stat.h>
-#include <string.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <arpa/inet.h>
-#include <fcntl.h>
-
-#include <sys/capability.h>
-#include <sys/uio.h>
-#include <linux/filter.h>
-#include <linux/if.h>
-#include <linux/if_tun.h>
-#include <linux/if_ether.h>
-#include <linux/if_packet.h>
-#include <net/if.h>
-
-#include <private/android_filesystem_config.h>
-
-#include "translate.h"
-#include "clatd.h"
-#include "config.h"
-#include "logging.h"
-#include "resolv_netid.h"
-#include "setif.h"
-#include "mtu.h"
-#include "getaddr.h"
-#include "dump.h"
-#include "tun.h"
-#include "ring.h"
-
-#define DEVICEPREFIX "v4-"
-
-/* 40 bytes IPv6 header - 20 bytes IPv4 header + 8 bytes fragment header */
-#define MTU_DELTA 28
-
-volatile sig_atomic_t running = 1;
-
-/* function: stop_loop
- * signal handler: stop the event loop
- */
-void stop_loop() {
- running = 0;
-}
-
-/* function: configure_packet_socket
- * Binds the packet socket and attaches the receive filter to it.
- * sock - the socket to configure
- */
-int configure_packet_socket(int sock) {
- struct sockaddr_ll sll = {
- .sll_family = AF_PACKET,
- .sll_protocol = htons(ETH_P_IPV6),
- .sll_ifindex = if_nametoindex((char *) &Global_Clatd_Config.default_pdp_interface),
- .sll_pkttype = PACKET_OTHERHOST, // The 464xlat IPv6 address is not assigned to the kernel.
- };
- if (bind(sock, (struct sockaddr *) &sll, sizeof(sll))) {
- logmsg(ANDROID_LOG_FATAL, "binding packet socket: %s", strerror(errno));
- return 0;
- }
-
- uint32_t *ipv6 = Global_Clatd_Config.ipv6_local_subnet.s6_addr32;
- struct sock_filter filter_code[] = {
- // Load the first four bytes of the IPv6 destination address (starts 24 bytes in).
- // Compare it against the first four bytes of our IPv6 address, in host byte order (BPF loads
- // are always in host byte order). If it matches, continue with next instruction (JMP 0). If it
- // doesn't match, jump ahead to statement that returns 0 (ignore packet). Repeat for the other
- // three words of the IPv6 address, and if they all match, return PACKETLEN (accept packet).
- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, 24),
- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, htonl(ipv6[0]), 0, 7),
- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, 28),
- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, htonl(ipv6[1]), 0, 5),
- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, 32),
- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, htonl(ipv6[2]), 0, 3),
- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, 36),
- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, htonl(ipv6[3]), 0, 1),
- BPF_STMT(BPF_RET | BPF_K, PACKETLEN),
- BPF_STMT(BPF_RET | BPF_K, 0)
- };
- struct sock_fprog filter = {
- sizeof(filter_code) / sizeof(filter_code[0]),
- filter_code
- };
-
- if (setsockopt(sock, SOL_SOCKET, SO_ATTACH_FILTER, &filter, sizeof(filter))) {
- logmsg(ANDROID_LOG_FATAL, "attach packet filter failed: %s", strerror(errno));
- return 0;
- }
-
- return 1;
-}
-
-/* function: configure_tun_ip
- * configures the ipv4 and ipv6 addresses on the tunnel interface
- * tunnel - tun device data
- */
-void configure_tun_ip(const struct tun_data *tunnel) {
- int status;
-
- // Pick an IPv4 address to use by finding a free address in the configured prefix. Technically,
- // there is a race here - if another clatd calls config_select_ipv4_address after we do, but
- // before we call add_address, it can end up having the same IP address as we do. But the time
- // window in which this can happen is extremely small, and even if we end up with a duplicate
- // address, the only damage is that IPv4 TCP connections won't be reset until both interfaces go
- // down.
- in_addr_t localaddr = config_select_ipv4_address(&Global_Clatd_Config.ipv4_local_subnet,
- Global_Clatd_Config.ipv4_local_prefixlen);
- if (localaddr == INADDR_NONE) {
- logmsg(ANDROID_LOG_FATAL,"No free IPv4 address in %s/%d",
- inet_ntoa(Global_Clatd_Config.ipv4_local_subnet),
- Global_Clatd_Config.ipv4_local_prefixlen);
- exit(1);
- }
- Global_Clatd_Config.ipv4_local_subnet.s_addr = localaddr;
-
- // Configure the interface before bringing it up. As soon as we bring the interface up, the
- // framework will be notified and will assume the interface's configuration has been finalized.
- status = add_address(tunnel->device4, AF_INET, &Global_Clatd_Config.ipv4_local_subnet,
- 32, &Global_Clatd_Config.ipv4_local_subnet);
- if(status < 0) {
- logmsg(ANDROID_LOG_FATAL,"configure_tun_ip/if_address(4) failed: %s",strerror(-status));
- exit(1);
- }
-
- char addrstr[INET_ADDRSTRLEN];
- inet_ntop(AF_INET, &Global_Clatd_Config.ipv4_local_subnet, addrstr, sizeof(addrstr));
- logmsg(ANDROID_LOG_INFO, "Using IPv4 address %s on %s", addrstr, tunnel->device4);
-
- if((status = if_up(tunnel->device4, Global_Clatd_Config.ipv4mtu)) < 0) {
- logmsg(ANDROID_LOG_FATAL,"configure_tun_ip/if_up(4) failed: %s",strerror(-status));
- exit(1);
- }
-}
-
-/* function: drop_root
- * drops root privs but keeps the needed capability
- */
-void drop_root() {
- gid_t groups[] = { AID_INET, AID_VPN };
- if(setgroups(sizeof(groups)/sizeof(groups[0]), groups) < 0) {
- logmsg(ANDROID_LOG_FATAL,"drop_root/setgroups failed: %s",strerror(errno));
- exit(1);
- }
-
- prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
-
- if(setgid(AID_CLAT) < 0) {
- logmsg(ANDROID_LOG_FATAL,"drop_root/setgid failed: %s",strerror(errno));
- exit(1);
- }
- if(setuid(AID_CLAT) < 0) {
- logmsg(ANDROID_LOG_FATAL,"drop_root/setuid failed: %s",strerror(errno));
- exit(1);
- }
-
- struct __user_cap_header_struct header;
- struct __user_cap_data_struct cap;
- memset(&header, 0, sizeof(header));
- memset(&cap, 0, sizeof(cap));
-
- header.version = _LINUX_CAPABILITY_VERSION;
- header.pid = 0; // 0 = change myself
- cap.effective = cap.permitted = (1 << CAP_NET_ADMIN);
-
- if(capset(&header, &cap) < 0) {
- logmsg(ANDROID_LOG_FATAL,"drop_root/capset failed: %s",strerror(errno));
- exit(1);
- }
-}
-
-/* function: open_sockets
- * opens a packet socket to receive IPv6 packets and a raw socket to send them
- * tunnel - tun device data
- * mark - the socket mark to use for the sending raw socket
- */
-void open_sockets(struct tun_data *tunnel, uint32_t mark) {
- int rawsock = socket(AF_INET6, SOCK_RAW | SOCK_NONBLOCK, IPPROTO_RAW);
- if (rawsock < 0) {
- logmsg(ANDROID_LOG_FATAL, "raw socket failed: %s", strerror(errno));
- exit(1);
- }
-
- int off = 0;
- if (setsockopt(rawsock, SOL_IPV6, IPV6_CHECKSUM, &off, sizeof(off)) < 0) {
- logmsg(ANDROID_LOG_WARN, "could not disable checksum on raw socket: %s", strerror(errno));
- }
- if (mark != MARK_UNSET && setsockopt(rawsock, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) < 0) {
- logmsg(ANDROID_LOG_ERROR, "could not set mark on raw socket: %s", strerror(errno));
- }
-
- tunnel->write_fd6 = rawsock;
-
- tunnel->read_fd6 = ring_create(tunnel);
- if (tunnel->read_fd6 < 0) {
- exit(1);
- }
-}
-
-/* function: update_clat_ipv6_address
- * picks the clat IPv6 address and configures packet translation to use it.
- * tunnel - tun device data
- * interface - uplink interface name
- * returns: 1 on success, 0 on failure
- */
-int update_clat_ipv6_address(const struct tun_data *tunnel, const char *interface) {
- union anyip *interface_ip;
- char addrstr[INET6_ADDRSTRLEN];
-
- // TODO: check that the prefix length is /64.
- interface_ip = getinterface_ip(interface, AF_INET6);
- if (!interface_ip) {
- logmsg(ANDROID_LOG_ERROR, "Unable to find an IPv6 address on interface %s", interface);
- return 0;
- }
-
- // If our prefix hasn't changed, do nothing. (If this is the first time we configure an IPv6
- // address, Global_Clatd_Config.ipv6_local_subnet will be ::, which won't match our new prefix.)
- if (ipv6_prefix_equal(&interface_ip->ip6, &Global_Clatd_Config.ipv6_local_subnet)) {
- free(interface_ip);
- return 1;
- }
-
- // Generate an interface ID.
- config_generate_local_ipv6_subnet(&interface_ip->ip6);
- inet_ntop(AF_INET6, &interface_ip->ip6, addrstr, sizeof(addrstr));
-
- if (IN6_IS_ADDR_UNSPECIFIED(&Global_Clatd_Config.ipv6_local_subnet)) {
- // Startup.
- logmsg(ANDROID_LOG_INFO, "Using IPv6 address %s on %s", addrstr, interface);
- } else {
- // Prefix change.
- char from_addr[INET6_ADDRSTRLEN];
- inet_ntop(AF_INET6, &Global_Clatd_Config.ipv6_local_subnet, from_addr, sizeof(from_addr));
- logmsg(ANDROID_LOG_INFO, "clat IPv6 address changed from %s to %s", from_addr, addrstr);
- del_anycast_address(tunnel->write_fd6, &Global_Clatd_Config.ipv6_local_subnet);
- }
-
- // Start translating packets to the new prefix.
- Global_Clatd_Config.ipv6_local_subnet = interface_ip->ip6;
- add_anycast_address(tunnel->write_fd6, &Global_Clatd_Config.ipv6_local_subnet, interface);
- free(interface_ip);
-
- // Update our packet socket filter to reflect the new 464xlat IP address.
- if (!configure_packet_socket(tunnel->read_fd6)) {
- // Things aren't going to work. Bail out and hope we have better luck next time.
- // We don't log an error here because configure_packet_socket has already done so.
- exit(1);
- }
-
- return 1;
-}
-
-/* function: configure_interface
- * reads the configuration and applies it to the interface
- * uplink_interface - network interface to use to reach the ipv6 internet
- * plat_prefix - PLAT prefix to use
- * tunnel - tun device data
- * net_id - NetID to use, NETID_UNSET indicates use of default network
- */
-void configure_interface(const char *uplink_interface, const char *plat_prefix, struct tun_data *tunnel, unsigned net_id) {
- int error;
-
- if(!read_config("/system/etc/clatd.conf", uplink_interface, plat_prefix, net_id)) {
- logmsg(ANDROID_LOG_FATAL,"read_config failed");
- exit(1);
- }
-
- if(Global_Clatd_Config.mtu > MAXMTU) {
- logmsg(ANDROID_LOG_WARN,"Max MTU is %d, requested %d", MAXMTU, Global_Clatd_Config.mtu);
- Global_Clatd_Config.mtu = MAXMTU;
- }
- if(Global_Clatd_Config.mtu <= 0) {
- Global_Clatd_Config.mtu = getifmtu(Global_Clatd_Config.default_pdp_interface);
- logmsg(ANDROID_LOG_WARN,"ifmtu=%d",Global_Clatd_Config.mtu);
- }
- if(Global_Clatd_Config.mtu < 1280) {
- logmsg(ANDROID_LOG_WARN,"mtu too small = %d", Global_Clatd_Config.mtu);
- Global_Clatd_Config.mtu = 1280;
- }
-
- if(Global_Clatd_Config.ipv4mtu <= 0 ||
- Global_Clatd_Config.ipv4mtu > Global_Clatd_Config.mtu - MTU_DELTA) {
- Global_Clatd_Config.ipv4mtu = Global_Clatd_Config.mtu - MTU_DELTA;
- logmsg(ANDROID_LOG_WARN,"ipv4mtu now set to = %d",Global_Clatd_Config.ipv4mtu);
- }
-
- error = tun_alloc(tunnel->device4, tunnel->fd4);
- if(error < 0) {
- logmsg(ANDROID_LOG_FATAL,"tun_alloc/4 failed: %s",strerror(errno));
- exit(1);
- }
-
- error = set_nonblocking(tunnel->fd4);
- if (error < 0) {
- logmsg(ANDROID_LOG_FATAL, "set_nonblocking failed: %s", strerror(errno));
- exit(1);
- }
-
- configure_tun_ip(tunnel);
-}
-
-/* function: read_packet
- * reads a packet from the tunnel fd and translates it
- * read_fd - file descriptor to read original packet from
- * write_fd - file descriptor to write translated packet to
- * to_ipv6 - whether the packet is to be translated to ipv6 or ipv4
- */
-void read_packet(int read_fd, int write_fd, int to_ipv6) {
- ssize_t readlen;
- uint8_t buf[PACKETLEN], *packet;
-
- readlen = read(read_fd, buf, PACKETLEN);
-
- if(readlen < 0) {
- if (errno != EAGAIN) {
- logmsg(ANDROID_LOG_WARN,"read_packet/read error: %s", strerror(errno));
- }
- return;
- } else if(readlen == 0) {
- logmsg(ANDROID_LOG_WARN,"read_packet/tun interface removed");
- running = 0;
- return;
- }
-
- struct tun_pi *tun_header = (struct tun_pi *) buf;
- if (readlen < (ssize_t) sizeof(*tun_header)) {
- logmsg(ANDROID_LOG_WARN,"read_packet/short read: got %ld bytes", readlen);
- return;
- }
-
- uint16_t proto = ntohs(tun_header->proto);
- if (proto != ETH_P_IP) {
- logmsg(ANDROID_LOG_WARN, "%s: unknown packet type = 0x%x", __func__, proto);
- return;
- }
-
- if(tun_header->flags != 0) {
- logmsg(ANDROID_LOG_WARN, "%s: unexpected flags = %d", __func__, tun_header->flags);
- }
-
- packet = (uint8_t *) (tun_header + 1);
- readlen -= sizeof(*tun_header);
- translate_packet(write_fd, to_ipv6, packet, readlen);
-}
-
-/* function: event_loop
- * reads packets from the tun network interface and passes them down the stack
- * tunnel - tun device data
- */
-void event_loop(struct tun_data *tunnel) {
- time_t last_interface_poll;
- struct pollfd wait_fd[] = {
- { tunnel->read_fd6, POLLIN, 0 },
- { tunnel->fd4, POLLIN, 0 },
- };
-
- // start the poll timer
- last_interface_poll = time(NULL);
-
- while(running) {
- if(poll(wait_fd, 2, NO_TRAFFIC_INTERFACE_POLL_FREQUENCY*1000) == -1) {
- if(errno != EINTR) {
- logmsg(ANDROID_LOG_WARN,"event_loop/poll returned an error: %s",strerror(errno));
- }
- } else {
- // Call read_packet if the socket has data to be read, but also if an
- // error is waiting. If we don't call read() after getting POLLERR, a
- // subsequent poll() will return immediately with POLLERR again,
- // causing this code to spin in a loop. Calling read() will clear the
- // socket error flag instead.
- if (wait_fd[0].revents) {
- ring_read(&tunnel->ring, tunnel->fd4, 0 /* to_ipv6 */);
- }
- if (wait_fd[1].revents) {
- read_packet(tunnel->fd4, tunnel->write_fd6, 1 /* to_ipv6 */);
- }
- }
-
- time_t now = time(NULL);
- if(last_interface_poll < (now - INTERFACE_POLL_FREQUENCY)) {
- update_clat_ipv6_address(tunnel, Global_Clatd_Config.default_pdp_interface);
- last_interface_poll = now;
- }
- }
-}
-
-/* function: print_help
- * in case the user is running this on the command line
- */
-void print_help() {
- printf("android-clat arguments:\n");
- printf("-i [uplink interface]\n");
- printf("-p [plat prefix]\n");
- printf("-n [NetId]\n");
- printf("-m [socket mark]\n");
-}
-
-/* function: parse_unsigned
- * parses a string as a decimal/hex/octal unsigned integer
- * str - the string to parse
- * out - the unsigned integer to write to, gets clobbered on failure
- */
-int parse_unsigned(const char *str, unsigned *out) {
- char *end_ptr;
- *out = strtoul(str, &end_ptr, 0);
- return *str && !*end_ptr;
-}
-
-/* function: main
- * allocate and setup the tun device, then run the event loop
- */
-int main(int argc, char **argv) {
- struct tun_data tunnel;
- int opt;
- char *uplink_interface = NULL, *plat_prefix = NULL, *net_id_str = NULL, *mark_str = NULL;
- unsigned net_id = NETID_UNSET;
- uint32_t mark = MARK_UNSET;
- unsigned len;
-
- while((opt = getopt(argc, argv, "i:p:n:m:h")) != -1) {
- switch(opt) {
- case 'i':
- uplink_interface = optarg;
- break;
- case 'p':
- plat_prefix = optarg;
- break;
- case 'n':
- net_id_str = optarg;
- break;
- case 'm':
- mark_str = optarg;
- break;
- case 'h':
- print_help();
- exit(0);
- default:
- logmsg(ANDROID_LOG_FATAL, "Unknown option -%c. Exiting.", (char) optopt);
- exit(1);
- }
- }
-
- if(uplink_interface == NULL) {
- logmsg(ANDROID_LOG_FATAL, "clatd called without an interface");
- exit(1);
- }
-
- if (net_id_str != NULL && !parse_unsigned(net_id_str, &net_id)) {
- logmsg(ANDROID_LOG_FATAL, "invalid NetID %s", net_id_str);
- exit(1);
- }
-
- if (mark_str != NULL && !parse_unsigned(mark_str, &mark)) {
- logmsg(ANDROID_LOG_FATAL, "invalid mark %s", mark_str);
- exit(1);
- }
-
- len = snprintf(tunnel.device4, sizeof(tunnel.device4), "%s%s", DEVICEPREFIX, uplink_interface);
- if (len >= sizeof(tunnel.device4)) {
- logmsg(ANDROID_LOG_FATAL, "interface name too long '%s'", tunnel.device4);
- exit(1);
- }
-
- logmsg(ANDROID_LOG_INFO, "Starting clat version %s on %s netid=%s mark=%s",
- CLATD_VERSION, uplink_interface,
- net_id_str ? net_id_str : "(none)",
- mark_str ? mark_str : "(none)");
-
- // open our raw sockets before dropping privs
- open_sockets(&tunnel, mark);
-
- // run under a regular user
- drop_root();
-
- // we can create tun devices as non-root because we're in the VPN group.
- tunnel.fd4 = tun_open();
- if(tunnel.fd4 < 0) {
- logmsg(ANDROID_LOG_FATAL, "tun_open4 failed: %s", strerror(errno));
- exit(1);
- }
-
- // When run from netd, the environment variable ANDROID_DNS_MODE is set to
- // "local", but that only works for the netd process itself.
- unsetenv("ANDROID_DNS_MODE");
-
- configure_interface(uplink_interface, plat_prefix, &tunnel, net_id);
-
- update_clat_ipv6_address(&tunnel, uplink_interface);
-
- // Loop until someone sends us a signal or brings down the tun interface.
- if(signal(SIGTERM, stop_loop) == SIG_ERR) {
- logmsg(ANDROID_LOG_FATAL, "sigterm handler failed: %s", strerror(errno));
- exit(1);
- }
-
- event_loop(&tunnel);
-
- logmsg(ANDROID_LOG_INFO,"Shutting down clat on %s", uplink_interface);
- del_anycast_address(tunnel.write_fd6, &Global_Clatd_Config.ipv6_local_subnet);
-
- return 0;
-}
+++ /dev/null
-# Host IID to use as the source of CLAT traffic.
-# This is a /128 taken out of the /64 on the parent interface.
-# A host IID of :: means to generate a checksum-neutral, random IID.
-ipv6_host_id ::
-
-# IPv4 address configuration to use when selecting a host address. The first
-# clat daemon started will use the address specified by ipv4_local_subnet. If
-# more than one daemon is run at the same time, subsequent daemons will use
-# other addresses in the prefix of length ipv4_local prefixlen that contains
-# ipv4_local_subnet. The default is to use the IANA-assigned range 192.0.0.0/29,
-# which allows up to 8 clat daemons (.4, .5, .6, .7, .0, .1, .2, .3).
-ipv4_local_subnet 192.0.0.4
-ipv4_local_prefixlen 29
-
-# get the plat_subnet from dns lookups (requires DNS64)
-plat_from_dns64 yes
-# hostname to use to lookup plat subnet. must contain only A records
-plat_from_dns64_hostname ipv4only.arpa
-
-# plat subnet to send ipv4 traffic to. This is a /96 subnet.
-# This setting only makes sense with: plat_from_dns64 no
-#plat_subnet 2001:db8:1:2:3:4::
+++ /dev/null
-/*
- * Copyright 2011 Daniel Drown
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * clatd.h - main system definitions
- */
-#ifndef __CLATD_H__
-#define __CLATD_H__
-
-#include <sys/uio.h>
-
-#define MAXMTU 1500
-#define PACKETLEN (MAXMTU+sizeof(struct tun_pi))
-#define CLATD_VERSION "1.4"
-
-#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
-
-// how frequently (in seconds) to poll for an address change while traffic is passing
-#define INTERFACE_POLL_FREQUENCY 30
-
-// how frequently (in seconds) to poll for an address change while there is no traffic
-#define NO_TRAFFIC_INTERFACE_POLL_FREQUENCY 90
-
-// A clat_packet is an array of iovec structures representing a packet that we are translating.
-// The CLAT_POS_XXX constants represent the array indices within the clat_packet that contain
-// specific parts of the packet. The packet_* functions operate on all the packet segments past a
-// given position.
-typedef enum {
- CLAT_POS_TUNHDR, CLAT_POS_IPHDR, CLAT_POS_FRAGHDR, CLAT_POS_TRANSPORTHDR,
- CLAT_POS_ICMPERR_IPHDR, CLAT_POS_ICMPERR_FRAGHDR, CLAT_POS_ICMPERR_TRANSPORTHDR,
- CLAT_POS_PAYLOAD, CLAT_POS_MAX
-} clat_packet_index;
-typedef struct iovec clat_packet[CLAT_POS_MAX];
-
-#endif /* __CLATD_H__ */
+++ /dev/null
-/*
- * Copyright 2014 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * clatd_microbenchmark.c - micro-benchmark for clatd tun send path
- *
- * Run with:
- *
- * adb push {$ANDROID_PRODUCT_OUT,}/data/nativetest/clatd_microbenchmark/clatd_microbenchmark
- * adb shell /data/nativetest/clatd_microbenchmark/clatd_microbenchmark
- *
- */
-#include <errno.h>
-#include <fcntl.h>
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <unistd.h>
-#include <sys/ioctl.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sys/uio.h>
-#include <netinet/in.h>
-#include <netinet/ip.h>
-#include <netinet/ip6.h>
-#include <netinet/udp.h>
-#include <arpa/inet.h>
-#include <linux/if.h>
-#include <linux/if_tun.h>
-
-#include "checksum.h"
-#include "tun.h"
-
-#define DEVICENAME "clat4"
-
-#define PORT 51339
-#define PAYLOADSIZE (1280 - sizeof(struct iphdr) - sizeof(struct udphdr))
-#define NUMPACKETS 1000000
-#define SEC_TO_NANOSEC (1000 * 1000 * 1000)
-
-void init_sockaddr_in(struct sockaddr_in *sin, const char *addr) {
- sin->sin_family = AF_INET;
- sin->sin_port = 0;
- sin->sin_addr.s_addr = inet_addr(addr);
-}
-
-void die(const char *str) {
- perror(str);
- exit(1);
-}
-
-int setup_tun() {
- int fd = tun_open();
- if (fd == -1) die("tun_open");
-
- char dev[IFNAMSIZ] = DEVICENAME;
- int ret = tun_alloc(dev, fd);
- if (ret == -1) die("tun_alloc");
- struct ifreq ifr = {
- .ifr_name = DEVICENAME,
- };
-
- int s = socket(AF_INET, SOCK_DGRAM, 0);
- init_sockaddr_in((struct sockaddr_in *) &ifr.ifr_addr, "192.0.0.4");
- if (ioctl(s, SIOCSIFADDR, &ifr) < 0) die("SIOCSIFADDR");
- init_sockaddr_in((struct sockaddr_in *) &ifr.ifr_addr, "255.255.255.248");
- if (ioctl(s, SIOCSIFNETMASK, &ifr) < 0) die("SIOCSIFNETMASK");
- if (ioctl(s, SIOCGIFFLAGS, &ifr) < 0) die("SIOCGIFFLAGS");
- ifr.ifr_flags |= (IFF_UP | IFF_RUNNING);
- if (ioctl(s, SIOCSIFFLAGS, &ifr) < 0) die("SIOCSIFFLAGS");
- return fd;
-}
-
-int send_packet(int fd, uint8_t payload[], int len, uint32_t payload_checksum) {
- struct tun_pi tun = { 0, htons(ETH_P_IP) };
- struct udphdr udp = {
- .source = htons(1234),
- .dest = htons(PORT),
- .len = htons(len + sizeof(udp)),
- .check = 0,
- };
- struct iphdr ip = {
- .version = 4,
- .ihl = 5,
- .tot_len = htons(len + sizeof(ip) + sizeof(udp)),
- .frag_off = htons(IP_DF),
- .ttl = 55,
- .protocol = IPPROTO_UDP,
- .saddr = htonl(0xc0000006), // 192.0.0.6
- .daddr = htonl(0xc0000004), // 192.0.0.4
- };
- clat_packet out = {
- { &tun, sizeof(tun) }, // tun header
- { &ip, sizeof(ip) }, // IP header
- { NULL, 0 }, // Fragment header
- { &udp, sizeof(udp) }, // Transport header
- { NULL, 0 }, // ICMP error IP header
- { NULL, 0 }, // ICMP error fragment header
- { NULL, 0 }, // ICMP error transport header
- { payload, len }, // Payload
- };
-
- ip.check = ip_checksum(&ip, sizeof(ip));
-
- uint32_t sum;
- sum = ipv4_pseudo_header_checksum(&ip, ntohs(udp.len));
- sum = ip_checksum_add(sum, &udp, sizeof(udp));
- sum += payload_checksum;
- udp.check = ip_checksum_finish(sum);
-
- return send_tun(fd, out, sizeof(out) / sizeof(out[0]));
-}
-
-double timedelta(const struct timespec tv1, const struct timespec tv2) {
- struct timespec end = tv2;
- if (end.tv_nsec < tv1.tv_nsec) {
- end.tv_sec -= 1;
- end.tv_nsec += SEC_TO_NANOSEC;
- }
- double seconds = (end.tv_sec - tv1.tv_sec);
- seconds += (((double) (end.tv_nsec - tv1.tv_nsec)) / SEC_TO_NANOSEC);
- return seconds;
-}
-
-void benchmark(const char *name, int fd, int s, int num, int do_read,
- uint8_t payload[], int len, uint32_t payload_sum) {
- int i;
- char buf[4096];
- struct timespec tv1, tv2;
- int write_err = 0, read_err = 0;
- clock_gettime(CLOCK_MONOTONIC, &tv1);
- for (i = 0; i < num; i++) {
- if (send_packet(fd, payload, len, payload_sum) == -1) write_err++;
- if (do_read && recvfrom(s, buf, sizeof(buf), 0, NULL, NULL) == -1) {
- read_err++;
- if (errno == ETIMEDOUT) {
- printf("Timed out after %d packets!\n", i);
- break;
- }
- }
- }
- clock_gettime(CLOCK_MONOTONIC, &tv2);
- double seconds = timedelta(tv1, tv2);
- int pps = (int) (i / seconds);
- double mbps = (i * PAYLOADSIZE / 1000000 * 8 / seconds);
- printf("%s: %d packets in %.2fs (%d pps, %.2f Mbps), ", name, i, seconds, pps, mbps);
- printf("read err %d (%.2f%%), write err %d (%.2f%%)\n",
- read_err, (float) read_err / i * 100,
- write_err, (float) write_err / i * 100);
-}
-
-int open_socket() {
- int sock = socket(AF_INET, SOCK_DGRAM | SOCK_NONBLOCK, IPPROTO_UDP);
-
- int on = 1;
- if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1) die("SO_REUSEADDR");
-
- struct timeval tv = { 1, 0 };
- if (setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) == -1) die("SO_RCVTIMEO");
-
- struct sockaddr_in addr = {
- .sin_family = AF_INET,
- .sin_port = ntohs(PORT),
- .sin_addr = { INADDR_ANY }
- };
- if (bind(sock, (struct sockaddr *) &addr, sizeof(addr)) == -1) die ("bind");
-
- return sock;
-}
-
-int main() {
- int fd = setup_tun();
- int sock = open_socket();
-
- int i;
- uint8_t payload[PAYLOADSIZE];
- for (i = 0; i < (int) sizeof(payload); i++) {
- payload[i] = (uint8_t) i;
- }
- uint32_t payload_sum = ip_checksum_add(0, payload, sizeof(payload));
-
- // Check things are working.
- char buf[4096];
- if (send_packet(fd, payload, sizeof(payload), payload_sum) == -1) die("send_packet");
- if (recvfrom(sock, buf, sizeof(buf), 0, NULL, NULL) == -1) die("recvfrom");
-
- benchmark("Blocking", fd, sock, NUMPACKETS, 1, payload, sizeof(payload), payload_sum);
- close(fd);
-
- fd = setup_tun();
- set_nonblocking(fd);
- benchmark("No read", fd, sock, NUMPACKETS, 0, payload, sizeof(payload), payload_sum);
- close(fd);
-
- fd = setup_tun();
- set_nonblocking(fd);
- benchmark("Nonblocking", fd, sock, NUMPACKETS, 1, payload, sizeof(payload), payload_sum);
- close(fd);
-
- return 0;
-}
+++ /dev/null
-/*
- * Copyright 2014 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * clatd_test.cpp - unit tests for clatd
- */
-
-#include <iostream>
-
-#include <stdio.h>
-#include <arpa/inet.h>
-#include <netinet/in6.h>
-#include <sys/uio.h>
-
-#include <gtest/gtest.h>
-
-extern "C" {
-#include "checksum.h"
-#include "translate.h"
-#include "config.h"
-#include "clatd.h"
-}
-
-// For convenience.
-#define ARRAYSIZE(x) sizeof((x)) / sizeof((x)[0])
-
-// Default translation parameters.
-static const char kIPv4LocalAddr[] = "192.0.0.4";
-static const char kIPv6LocalAddr[] = "2001:db8:0:b11::464";
-static const char kIPv6PlatSubnet[] = "64:ff9b::";
-
-// Test packet portions. Defined as macros because it's easy to concatenate them to make packets.
-#define IPV4_HEADER(p, c1, c2) \
- 0x45, 0x00, 0, 41, /* Version=4, IHL=5, ToS=0x80, len=41 */ \
- 0x00, 0x00, 0x40, 0x00, /* ID=0x0000, flags=IP_DF, offset=0 */ \
- 55, (p), (c1), (c2), /* TTL=55, protocol=p, checksum=c1,c2 */ \
- 192, 0, 0, 4, /* Src=192.0.0.4 */ \
- 8, 8, 8, 8, /* Dst=8.8.8.8 */
-#define IPV4_UDP_HEADER IPV4_HEADER(IPPROTO_UDP, 0x73, 0xb0)
-#define IPV4_ICMP_HEADER IPV4_HEADER(IPPROTO_ICMP, 0x73, 0xc0)
-
-#define IPV6_HEADER(p) \
- 0x60, 0x00, 0, 0, /* Version=6, tclass=0x00, flowlabel=0 */ \
- 0, 21, (p), 55, /* plen=11, nxthdr=p, hlim=55 */ \
- 0x20, 0x01, 0x0d, 0xb8, /* Src=2001:db8:0:b11::464 */ \
- 0x00, 0x00, 0x0b, 0x11, \
- 0x00, 0x00, 0x00, 0x00, \
- 0x00, 0x00, 0x04, 0x64, \
- 0x00, 0x64, 0xff, 0x9b, /* Dst=64:ff9b::8.8.8.8 */ \
- 0x00, 0x00, 0x00, 0x00, \
- 0x00, 0x00, 0x00, 0x00, \
- 0x08, 0x08, 0x08, 0x08,
-#define IPV6_UDP_HEADER IPV6_HEADER(IPPROTO_UDP)
-#define IPV6_ICMPV6_HEADER IPV6_HEADER(IPPROTO_ICMPV6)
-
-#define UDP_LEN 21
-#define UDP_HEADER \
- 0xc8, 0x8b, 0, 53, /* Port 51339->53 */ \
- 0x00, UDP_LEN, 0, 0, /* Length 21, checksum empty for now */
-
-#define PAYLOAD 'H', 'e', 'l', 'l', 'o', ' ', 0x4e, 0xb8, 0x96, 0xe7, 0x95, 0x8c, 0x00
-
-#define IPV4_PING \
- 0x08, 0x00, 0x88, 0xd0, /* Type 8, code 0, checksum 0x88d0 */ \
- 0xd0, 0x0d, 0x00, 0x03, /* ID=0xd00d, seq=3 */
-
-#define IPV6_PING \
- 0x80, 0x00, 0xc3, 0x42, /* Type 128, code 0, checksum 0xc342 */ \
- 0xd0, 0x0d, 0x00, 0x03, /* ID=0xd00d, seq=3 */
-
-// Macros to return pseudo-headers from packets.
-#define IPV4_PSEUDOHEADER(ip, tlen) \
- ip[12], ip[13], ip[14], ip[15], /* Source address */ \
- ip[16], ip[17], ip[18], ip[19], /* Destination address */ \
- 0, ip[9], /* 0, protocol */ \
- ((tlen) >> 16) & 0xff, (tlen) & 0xff, /* Transport length */
-
-#define IPV6_PSEUDOHEADER(ip6, protocol, tlen) \
- ip6[8], ip6[9], ip6[10], ip6[11], /* Source address */ \
- ip6[12], ip6[13], ip6[14], ip6[15], \
- ip6[16], ip6[17], ip6[18], ip6[19], \
- ip6[20], ip6[21], ip6[22], ip6[23], \
- ip6[24], ip6[25], ip6[26], ip6[27], /* Destination address */ \
- ip6[28], ip6[29], ip6[30], ip6[31], \
- ip6[32], ip6[33], ip6[34], ip6[35], \
- ip6[36], ip6[37], ip6[38], ip6[39], \
- ((tlen) >> 24) & 0xff, /* Transport length */ \
- ((tlen) >> 16) & 0xff, \
- ((tlen) >> 8) & 0xff, \
- (tlen) & 0xff, \
- 0, 0, 0, (protocol),
-
-// A fragmented DNS request.
-static const uint8_t kIPv4Frag1[] = {
- 0x45, 0x00, 0x00, 0x24, 0xfe, 0x47, 0x20, 0x00, 0x40, 0x11,
- 0x8c, 0x6d, 0xc0, 0x00, 0x00, 0x04, 0x08, 0x08, 0x08, 0x08,
- 0x14, 0x5d, 0x00, 0x35, 0x00, 0x29, 0x68, 0xbb, 0x50, 0x47,
- 0x01, 0x00, 0x00, 0x01, 0x00, 0x00
-};
-static const uint8_t kIPv4Frag2[] = {
- 0x45, 0x00, 0x00, 0x24, 0xfe, 0x47, 0x20, 0x02, 0x40, 0x11,
- 0x8c, 0x6b, 0xc0, 0x00, 0x00, 0x04, 0x08, 0x08, 0x08, 0x08,
- 0x00, 0x00, 0x00, 0x00, 0x04, 0x69, 0x70, 0x76, 0x34, 0x06,
- 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65
-};
-static const uint8_t kIPv4Frag3[] = {
- 0x45, 0x00, 0x00, 0x1d, 0xfe, 0x47, 0x00, 0x04, 0x40, 0x11,
- 0xac, 0x70, 0xc0, 0x00, 0x00, 0x04, 0x08, 0x08, 0x08, 0x08,
- 0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x01, 0x00, 0x01
-};
-static const uint8_t *kIPv4Fragments[] = { kIPv4Frag1, kIPv4Frag2, kIPv4Frag3 };
-static const size_t kIPv4FragLengths[] = { sizeof(kIPv4Frag1), sizeof(kIPv4Frag2),
- sizeof(kIPv4Frag3) };
-
-static const uint8_t kIPv6Frag1[] = {
- 0x60, 0x00, 0x00, 0x00, 0x00, 0x18, 0x2c, 0x40, 0x20, 0x01,
- 0x0d, 0xb8, 0x00, 0x00, 0x0b, 0x11, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x04, 0x64, 0x00, 0x64, 0xff, 0x9b, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x08, 0x08, 0x08,
- 0x11, 0x00, 0x00, 0x01, 0x00, 0x00, 0xfe, 0x47, 0x14, 0x5d,
- 0x00, 0x35, 0x00, 0x29, 0xeb, 0x91, 0x50, 0x47, 0x01, 0x00,
- 0x00, 0x01, 0x00, 0x00
-};
-
-static const uint8_t kIPv6Frag2[] = {
- 0x60, 0x00, 0x00, 0x00, 0x00, 0x18, 0x2c, 0x40, 0x20, 0x01,
- 0x0d, 0xb8, 0x00, 0x00, 0x0b, 0x11, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x04, 0x64, 0x00, 0x64, 0xff, 0x9b, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x08, 0x08, 0x08,
- 0x11, 0x00, 0x00, 0x11, 0x00, 0x00, 0xfe, 0x47, 0x00, 0x00,
- 0x00, 0x00, 0x04, 0x69, 0x70, 0x76, 0x34, 0x06, 0x67, 0x6f,
- 0x6f, 0x67, 0x6c, 0x65
-};
-
-static const uint8_t kIPv6Frag3[] = {
- 0x60, 0x00, 0x00, 0x00, 0x00, 0x11, 0x2c, 0x40, 0x20, 0x01,
- 0x0d, 0xb8, 0x00, 0x00, 0x0b, 0x11, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x04, 0x64, 0x00, 0x64, 0xff, 0x9b, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x08, 0x08, 0x08,
- 0x11, 0x00, 0x00, 0x20, 0x00, 0x00, 0xfe, 0x47, 0x03, 0x63,
- 0x6f, 0x6d, 0x00, 0x00, 0x01, 0x00, 0x01
-};
-static const uint8_t *kIPv6Fragments[] = { kIPv6Frag1, kIPv6Frag2, kIPv6Frag3 };
-static const size_t kIPv6FragLengths[] = { sizeof(kIPv6Frag1), sizeof(kIPv6Frag2),
- sizeof(kIPv6Frag3) };
-
-static const uint8_t kReassembledIPv4[] = {
- 0x45, 0x00, 0x00, 0x3d, 0xfe, 0x47, 0x00, 0x00, 0x40, 0x11,
- 0xac, 0x54, 0xc0, 0x00, 0x00, 0x04, 0x08, 0x08, 0x08, 0x08,
- 0x14, 0x5d, 0x00, 0x35, 0x00, 0x29, 0x68, 0xbb, 0x50, 0x47,
- 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x04, 0x69, 0x70, 0x76, 0x34, 0x06, 0x67, 0x6f, 0x6f, 0x67,
- 0x6c, 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x01, 0x00,
- 0x01
-};
-
-// Expected checksums.
-static const uint32_t kUdpPartialChecksum = 0xd5c8;
-static const uint32_t kPayloadPartialChecksum = 0x31e9c;
-static const uint16_t kUdpV4Checksum = 0xd0c7;
-static const uint16_t kUdpV6Checksum = 0xa74a;
-
-uint8_t ip_version(const uint8_t *packet) {
- uint8_t version = packet[0] >> 4;
- return version;
-}
-
-int is_ipv4_fragment(struct iphdr *ip) {
- // A packet is a fragment if its fragment offset is nonzero or if the MF flag is set.
- return ntohs(ip->frag_off) & (IP_OFFMASK | IP_MF);
-}
-
-int is_ipv6_fragment(struct ip6_hdr *ip6, size_t len) {
- if (ip6->ip6_nxt != IPPROTO_FRAGMENT) {
- return 0;
- }
- struct ip6_frag *frag = (struct ip6_frag *) (ip6 + 1);
- return len >= sizeof(*ip6) + sizeof(*frag) &&
- (frag->ip6f_offlg & (IP6F_OFF_MASK | IP6F_MORE_FRAG));
-}
-
-int ipv4_fragment_offset(struct iphdr *ip) {
- return ntohs(ip->frag_off) & IP_OFFMASK;
-}
-
-int ipv6_fragment_offset(struct ip6_frag *frag) {
- return ntohs((frag->ip6f_offlg & IP6F_OFF_MASK) >> 3);
-}
-
-void check_packet(const uint8_t *packet, size_t len, const char *msg) {
- void *payload;
- size_t payload_length = 0;
- uint32_t pseudo_checksum = 0;
- uint8_t protocol = 0;
- int version = ip_version(packet);
- switch (version) {
- case 4: {
- struct iphdr *ip = (struct iphdr *) packet;
- ASSERT_GE(len, sizeof(*ip)) << msg << ": IPv4 packet shorter than IPv4 header\n";
- EXPECT_EQ(5, ip->ihl) << msg << ": Unsupported IP header length\n";
- EXPECT_EQ(len, ntohs(ip->tot_len)) << msg << ": Incorrect IPv4 length\n";
- EXPECT_EQ(0, ip_checksum(ip, sizeof(*ip))) << msg << ": Incorrect IP checksum\n";
- protocol = ip->protocol;
- payload = ip + 1;
- if (!is_ipv4_fragment(ip)) {
- payload_length = len - sizeof(*ip);
- pseudo_checksum = ipv4_pseudo_header_checksum(ip, payload_length);
- }
- ASSERT_TRUE(protocol == IPPROTO_TCP || protocol == IPPROTO_UDP || protocol == IPPROTO_ICMP)
- << msg << ": Unsupported IPv4 protocol " << protocol << "\n";
- break;
- }
- case 6: {
- struct ip6_hdr *ip6 = (struct ip6_hdr *) packet;
- ASSERT_GE(len, sizeof(*ip6)) << msg << ": IPv6 packet shorter than IPv6 header\n";
- EXPECT_EQ(len - sizeof(*ip6), htons(ip6->ip6_plen)) << msg << ": Incorrect IPv6 length\n";
-
- if (ip6->ip6_nxt == IPPROTO_FRAGMENT) {
- struct ip6_frag *frag = (struct ip6_frag *) (ip6 + 1);
- ASSERT_GE(len, sizeof(*ip6) + sizeof(*frag))
- << msg << ": IPv6 fragment: short fragment header\n";
- protocol = frag->ip6f_nxt;
- payload = frag + 1;
- // Even though the packet has a Fragment header, it might not be a fragment.
- if (!is_ipv6_fragment(ip6, len)) {
- payload_length = len - sizeof(*ip6) - sizeof(*frag);
- }
- } else {
- // Since there are no extension headers except Fragment, this must be the payload.
- protocol = ip6->ip6_nxt;
- payload = ip6 + 1;
- payload_length = len - sizeof(*ip6);
- }
- ASSERT_TRUE(protocol == IPPROTO_TCP || protocol == IPPROTO_UDP || protocol == IPPROTO_ICMPV6)
- << msg << ": Unsupported IPv6 next header " << protocol;
- if (payload_length) {
- pseudo_checksum = ipv6_pseudo_header_checksum(ip6, payload_length, protocol);
- }
- break;
- }
- default:
- FAIL() << msg << ": Unsupported IP version " << version << "\n";
- return;
- }
-
- // If we understand the payload, verify the checksum.
- if (payload_length) {
- uint16_t checksum;
- switch(protocol) {
- case IPPROTO_UDP:
- case IPPROTO_TCP:
- case IPPROTO_ICMPV6:
- checksum = ip_checksum_finish(ip_checksum_add(pseudo_checksum, payload, payload_length));
- break;
- case IPPROTO_ICMP:
- checksum = ip_checksum(payload, payload_length);
- break;
- default:
- checksum = 0; // Don't check.
- break;
- }
- EXPECT_EQ(0, checksum) << msg << ": Incorrect transport checksum\n";
- }
-
- if (protocol == IPPROTO_UDP) {
- struct udphdr *udp = (struct udphdr *) payload;
- EXPECT_NE(0, udp->check) << msg << ": UDP checksum 0 should be 0xffff";
- // If this is not a fragment, check the UDP length field.
- if (payload_length) {
- EXPECT_EQ(payload_length, ntohs(udp->len)) << msg << ": Incorrect UDP length\n";
- }
- }
-}
-
-void reassemble_packet(const uint8_t **fragments, const size_t lengths[], int numpackets,
- uint8_t *reassembled, size_t *reassembled_len, const char *msg) {
- struct iphdr *ip = NULL;
- struct ip6_hdr *ip6 = NULL;
- size_t total_length, pos = 0;
- uint8_t protocol = 0;
- uint8_t version = ip_version(fragments[0]);
-
- for (int i = 0; i < numpackets; i++) {
- const uint8_t *packet = fragments[i];
- int len = lengths[i];
- int headersize, payload_offset;
-
- ASSERT_EQ(ip_version(packet), version) << msg << ": Inconsistent fragment versions\n";
- check_packet(packet, len, "Fragment sanity check");
-
- switch (version) {
- case 4: {
- struct iphdr *ip_orig = (struct iphdr *) packet;
- headersize = sizeof(*ip_orig);
- ASSERT_TRUE(is_ipv4_fragment(ip_orig))
- << msg << ": IPv4 fragment #" << i + 1 << " not a fragment\n";
- ASSERT_EQ(pos, ipv4_fragment_offset(ip_orig) * 8 + ((i != 0) ? sizeof(*ip): 0))
- << msg << ": IPv4 fragment #" << i + 1 << ": inconsistent offset\n";
-
- headersize = sizeof(*ip_orig);
- payload_offset = headersize;
- if (pos == 0) {
- ip = (struct iphdr *) reassembled;
- }
- break;
- }
- case 6: {
- struct ip6_hdr *ip6_orig = (struct ip6_hdr *) packet;
- struct ip6_frag *frag = (struct ip6_frag *) (ip6_orig + 1);
- ASSERT_TRUE(is_ipv6_fragment(ip6_orig, len))
- << msg << ": IPv6 fragment #" << i + 1 << " not a fragment\n";
- ASSERT_EQ(pos, ipv6_fragment_offset(frag) * 8 + ((i != 0) ? sizeof(*ip6): 0))
- << msg << ": IPv6 fragment #" << i + 1 << ": inconsistent offset\n";
-
- headersize = sizeof(*ip6_orig);
- payload_offset = sizeof(*ip6_orig) + sizeof(*frag);
- if (pos == 0) {
- ip6 = (struct ip6_hdr *) reassembled;
- protocol = frag->ip6f_nxt;
- }
- break;
- }
- default:
- FAIL() << msg << ": Invalid IP version << " << version;
- }
-
- // If this is the first fragment, copy the header.
- if (pos == 0) {
- ASSERT_LT(headersize, (int) *reassembled_len) << msg << ": Reassembly buffer too small\n";
- memcpy(reassembled, packet, headersize);
- total_length = headersize;
- pos += headersize;
- }
-
- // Copy the payload.
- int payload_length = len - payload_offset;
- total_length += payload_length;
- ASSERT_LT(total_length, *reassembled_len) << msg << ": Reassembly buffer too small\n";
- memcpy(reassembled + pos, packet + payload_offset, payload_length);
- pos += payload_length;
- }
-
-
- // Fix up the reassembled headers to reflect fragmentation and length (and IPv4 checksum).
- ASSERT_EQ(total_length, pos) << msg << ": Reassembled packet length incorrect\n";
- if (ip) {
- ip->frag_off &= ~htons(IP_MF);
- ip->tot_len = htons(total_length);
- ip->check = 0;
- ip->check = ip_checksum(ip, sizeof(*ip));
- ASSERT_FALSE(is_ipv4_fragment(ip)) << msg << ": reassembled IPv4 packet is a fragment!\n";
- }
- if (ip6) {
- ip6->ip6_nxt = protocol;
- ip6->ip6_plen = htons(total_length - sizeof(*ip6));
- ASSERT_FALSE(is_ipv6_fragment(ip6, ip6->ip6_plen))
- << msg << ": reassembled IPv6 packet is a fragment!\n";
- }
-
- *reassembled_len = total_length;
-}
-
-void check_data_matches(const void *expected, const void *actual, size_t len, const char *msg) {
- if (memcmp(expected, actual, len)) {
- // Hex dump, 20 bytes per line, one space between bytes (1 byte = 3 chars), indented by 4.
- int hexdump_len = len * 3 + (len / 20 + 1) * 5;
- char expected_hexdump[hexdump_len], actual_hexdump[hexdump_len];
- unsigned pos = 0;
- for (unsigned i = 0; i < len; i++) {
- if (i % 20 == 0) {
- sprintf(expected_hexdump + pos, "\n ");
- sprintf(actual_hexdump + pos, "\n ");
- pos += 4;
- }
- sprintf(expected_hexdump + pos, " %02x", ((uint8_t *) expected)[i]);
- sprintf(actual_hexdump + pos, " %02x", ((uint8_t *) actual)[i]);
- pos += 3;
- }
- FAIL() << msg << ": Data doesn't match"
- << "\n Expected:" << (char *) expected_hexdump
- << "\n Actual:" << (char *) actual_hexdump << "\n";
- }
-}
-
-void fix_udp_checksum(uint8_t* packet) {
- uint32_t pseudo_checksum;
- uint8_t version = ip_version(packet);
- struct udphdr *udp;
- switch (version) {
- case 4: {
- struct iphdr *ip = (struct iphdr *) packet;
- udp = (struct udphdr *) (ip + 1);
- pseudo_checksum = ipv4_pseudo_header_checksum(ip, ntohs(udp->len));
- break;
- }
- case 6: {
- struct ip6_hdr *ip6 = (struct ip6_hdr *) packet;
- udp = (struct udphdr *) (ip6 + 1);
- pseudo_checksum = ipv6_pseudo_header_checksum(ip6, ntohs(udp->len), IPPROTO_UDP);
- break;
- }
- default:
- FAIL() << "unsupported IP version" << version << "\n";
- return;
- }
-
- udp->check = 0;
- udp->check = ip_checksum_finish(ip_checksum_add(pseudo_checksum, udp, ntohs(udp->len)));
-}
-
-// Testing stub for send_rawv6. The real version uses sendmsg() with a
-// destination IPv6 address, and attempting to call that on our test socketpair
-// fd results in EINVAL.
-extern "C" void send_rawv6(int fd, clat_packet out, int iov_len) {
- writev(fd, out, iov_len);
-}
-
-void do_translate_packet(const uint8_t *original, size_t original_len, uint8_t *out, size_t *outlen,
- const char *msg) {
- int fds[2];
- if (socketpair(AF_UNIX, SOCK_DGRAM | SOCK_NONBLOCK, 0, fds)) {
- abort();
- }
-
- char foo[512];
- snprintf(foo, sizeof(foo), "%s: Invalid original packet", msg);
- check_packet(original, original_len, foo);
-
- int read_fd, write_fd;
- uint16_t expected_proto;
- int version = ip_version(original);
- switch (version) {
- case 4:
- expected_proto = htons(ETH_P_IPV6);
- read_fd = fds[1];
- write_fd = fds[0];
- break;
- case 6:
- expected_proto = htons(ETH_P_IP);
- read_fd = fds[0];
- write_fd = fds[1];
- break;
- default:
- FAIL() << msg << ": Unsupported IP version " << version << "\n";
- break;
- }
-
- translate_packet(write_fd, (version == 4), original, original_len);
-
- snprintf(foo, sizeof(foo), "%s: Invalid translated packet", msg);
- if (version == 6) {
- // Translating to IPv4. Expect a tun header.
- struct tun_pi new_tun_header;
- struct iovec iov[] = {
- { &new_tun_header, sizeof(new_tun_header) },
- { out, *outlen }
- };
- int len = readv(read_fd, iov, 2);
- if (len > (int) sizeof(new_tun_header)) {
- ASSERT_LT((size_t) len, *outlen) << msg << ": Translated packet buffer too small\n";
- EXPECT_EQ(expected_proto, new_tun_header.proto) << msg << "Unexpected tun proto\n";
- *outlen = len - sizeof(new_tun_header);
- check_packet(out, *outlen, msg);
- } else {
- FAIL() << msg << ": Packet was not translated: len=" << len;
- *outlen = 0;
- }
- } else {
- // Translating to IPv6. Expect raw packet.
- *outlen = read(read_fd, out, *outlen);
- check_packet(out, *outlen, msg);
- }
-}
-
-void check_translated_packet(const uint8_t *original, size_t original_len,
- const uint8_t *expected, size_t expected_len, const char *msg) {
- uint8_t translated[MAXMTU];
- size_t translated_len = sizeof(translated);
- do_translate_packet(original, original_len, translated, &translated_len, msg);
- EXPECT_EQ(expected_len, translated_len) << msg << ": Translated packet length incorrect\n";
- check_data_matches(expected, translated, translated_len, msg);
-}
-
-void check_fragment_translation(const uint8_t *original[], const size_t original_lengths[],
- const uint8_t *expected[], const size_t expected_lengths[],
- int numfragments, const char *msg) {
- for (int i = 0; i < numfragments; i++) {
- // Check that each of the fragments translates as expected.
- char frag_msg[512];
- snprintf(frag_msg, sizeof(frag_msg), "%s: fragment #%d", msg, i + 1);
- check_translated_packet(original[i], original_lengths[i],
- expected[i], expected_lengths[i], frag_msg);
- }
-
- // Sanity check that reassembling the original and translated fragments produces valid packets.
- uint8_t reassembled[MAXMTU];
- size_t reassembled_len = sizeof(reassembled);
- reassemble_packet(original, original_lengths, numfragments, reassembled, &reassembled_len, msg);
- check_packet(reassembled, reassembled_len, msg);
-
- uint8_t translated[MAXMTU];
- size_t translated_len = sizeof(translated);
- do_translate_packet(reassembled, reassembled_len, translated, &translated_len, msg);
- check_packet(translated, translated_len, msg);
-}
-
-int get_transport_checksum(const uint8_t *packet) {
- struct iphdr *ip;
- struct ip6_hdr *ip6;
- uint8_t protocol;
- const void *payload;
-
- int version = ip_version(packet);
- switch (version) {
- case 4:
- ip = (struct iphdr *) packet;
- if (is_ipv4_fragment(ip)) {
- return -1;
- }
- protocol = ip->protocol;
- payload = ip + 1;
- break;
- case 6:
- ip6 = (struct ip6_hdr *) packet;
- protocol = ip6->ip6_nxt;
- payload = ip6 + 1;
- break;
- default:
- return -1;
- }
-
- switch (protocol) {
- case IPPROTO_UDP:
- return ((struct udphdr *) payload)->check;
-
- case IPPROTO_TCP:
- return ((struct tcphdr *) payload)->check;
-
- case IPPROTO_FRAGMENT:
- default:
- return -1;
- }
-}
-
-struct clat_config Global_Clatd_Config;
-
-class ClatdTest : public ::testing::Test {
- protected:
- virtual void SetUp() {
- inet_pton(AF_INET, kIPv4LocalAddr, &Global_Clatd_Config.ipv4_local_subnet);
- inet_pton(AF_INET6, kIPv6PlatSubnet, &Global_Clatd_Config.plat_subnet);
- inet_pton(AF_INET6, kIPv6LocalAddr, &Global_Clatd_Config.ipv6_local_subnet);
- Global_Clatd_Config.ipv6_host_id = in6addr_any;
- Global_Clatd_Config.use_dynamic_iid = 1;
- }
-};
-
-void expect_ipv6_addr_equal(struct in6_addr *expected, struct in6_addr *actual) {
- if (!IN6_ARE_ADDR_EQUAL(expected, actual)) {
- char expected_str[INET6_ADDRSTRLEN], actual_str[INET6_ADDRSTRLEN];
- inet_ntop(AF_INET6, expected, expected_str, sizeof(expected_str));
- inet_ntop(AF_INET6, actual, actual_str, sizeof(actual_str));
- FAIL()
- << "Unexpected IPv6 address:: "
- << "\n Expected: " << expected_str
- << "\n Actual: " << actual_str
- << "\n";
- }
-}
-
-TEST_F(ClatdTest, TestIPv6PrefixEqual) {
- EXPECT_TRUE(ipv6_prefix_equal(&Global_Clatd_Config.plat_subnet,
- &Global_Clatd_Config.plat_subnet));
- EXPECT_FALSE(ipv6_prefix_equal(&Global_Clatd_Config.plat_subnet,
- &Global_Clatd_Config.ipv6_local_subnet));
-
- struct in6_addr subnet2 = Global_Clatd_Config.ipv6_local_subnet;
- EXPECT_TRUE(ipv6_prefix_equal(&Global_Clatd_Config.ipv6_local_subnet, &subnet2));
- EXPECT_TRUE(ipv6_prefix_equal(&subnet2, &Global_Clatd_Config.ipv6_local_subnet));
-
- subnet2.s6_addr[6] = 0xff;
- EXPECT_FALSE(ipv6_prefix_equal(&Global_Clatd_Config.ipv6_local_subnet, &subnet2));
- EXPECT_FALSE(ipv6_prefix_equal(&subnet2, &Global_Clatd_Config.ipv6_local_subnet));
-}
-
-int count_onebits(const void *data, size_t size) {
- int onebits = 0;
- for (size_t pos = 0; pos < size; pos++) {
- uint8_t *byte = ((uint8_t*) data) + pos;
- for (int shift = 0; shift < 8; shift++) {
- onebits += (*byte >> shift) & 1;
- }
- }
- return onebits;
-}
-
-TEST_F(ClatdTest, TestCountOnebits) {
- uint64_t i;
- i = 1;
- ASSERT_EQ(1, count_onebits(&i, sizeof(i)));
- i <<= 61;
- ASSERT_EQ(1, count_onebits(&i, sizeof(i)));
- i |= ((uint64_t) 1 << 33);
- ASSERT_EQ(2, count_onebits(&i, sizeof(i)));
- i = 0xf1000202020000f0;
- ASSERT_EQ(5 + 1 + 1 + 1 + 4, count_onebits(&i, sizeof(i)));
-}
-
-TEST_F(ClatdTest, TestGenIIDConfigured) {
- struct in6_addr myaddr, expected;
- Global_Clatd_Config.use_dynamic_iid = 0;
- ASSERT_TRUE(inet_pton(AF_INET6, "::bad:ace:d00d", &Global_Clatd_Config.ipv6_host_id));
- ASSERT_TRUE(inet_pton(AF_INET6, "2001:db8:1:2:0:bad:ace:d00d", &expected));
- ASSERT_TRUE(inet_pton(AF_INET6, "2001:db8:1:2:f076:ae99:124e:aa54", &myaddr));
- config_generate_local_ipv6_subnet(&myaddr);
- expect_ipv6_addr_equal(&expected, &myaddr);
-
- Global_Clatd_Config.use_dynamic_iid = 1;
- config_generate_local_ipv6_subnet(&myaddr);
- EXPECT_FALSE(IN6_ARE_ADDR_EQUAL(&expected, &myaddr));
-}
-
-TEST_F(ClatdTest, TestGenIIDRandom) {
- struct in6_addr interface_ipv6;
- ASSERT_TRUE(inet_pton(AF_INET6, "2001:db8:1:2:f076:ae99:124e:aa54", &interface_ipv6));
- Global_Clatd_Config.ipv6_host_id = in6addr_any;
-
- // Generate a boatload of random IIDs.
- int onebits = 0;
- uint64_t prev_iid = 0;
- for (int i = 0; i < 100000; i++) {
- struct in6_addr myaddr = interface_ipv6;
-
- config_generate_local_ipv6_subnet(&myaddr);
-
- // Check the generated IP address is in the same prefix as the interface IPv6 address.
- EXPECT_TRUE(ipv6_prefix_equal(&interface_ipv6, &myaddr));
-
- // Check that consecutive IIDs are not the same.
- uint64_t iid = * (uint64_t*) (&myaddr.s6_addr[8]);
- ASSERT_TRUE(iid != prev_iid)
- << "Two consecutive random IIDs are the same: "
- << std::showbase << std::hex
- << iid << "\n";
- prev_iid = iid;
-
- // Check that the IID is checksum-neutral with the NAT64 prefix and the
- // local prefix.
- struct in_addr *ipv4addr = &Global_Clatd_Config.ipv4_local_subnet;
- struct in6_addr *plat_subnet = &Global_Clatd_Config.plat_subnet;
-
- uint16_t c1 = ip_checksum_finish(ip_checksum_add(0, ipv4addr, sizeof(*ipv4addr)));
- uint16_t c2 = ip_checksum_finish(ip_checksum_add(0, plat_subnet, sizeof(*plat_subnet)) +
- ip_checksum_add(0, &myaddr, sizeof(myaddr)));
-
- if (c1 != c2) {
- char myaddr_str[INET6_ADDRSTRLEN], plat_str[INET6_ADDRSTRLEN], ipv4_str[INET6_ADDRSTRLEN];
- inet_ntop(AF_INET6, &myaddr, myaddr_str, sizeof(myaddr_str));
- inet_ntop(AF_INET6, plat_subnet, plat_str, sizeof(plat_str));
- inet_ntop(AF_INET, ipv4addr, ipv4_str, sizeof(ipv4_str));
- FAIL()
- << "Bad IID: " << myaddr_str
- << " not checksum-neutral with " << ipv4_str << " and " << plat_str
- << std::showbase << std::hex
- << "\n IPv4 checksum: " << c1
- << "\n IPv6 checksum: " << c2
- << "\n";
- }
-
- // Check that IIDs are roughly random and use all the bits by counting the
- // total number of bits set to 1 in a random sample of 100000 generated IIDs.
- onebits += count_onebits(&iid, sizeof(iid));
- }
- EXPECT_LE(3190000, onebits);
- EXPECT_GE(3210000, onebits);
-}
-
-extern "C" addr_free_func config_is_ipv4_address_free;
-int never_free(in_addr_t /* addr */) { return 0; }
-int always_free(in_addr_t /* addr */) { return 1; }
-int only2_free(in_addr_t addr) { return (ntohl(addr) & 0xff) == 2; }
-int over6_free(in_addr_t addr) { return (ntohl(addr) & 0xff) >= 6; }
-int only10_free(in_addr_t addr) { return (ntohl(addr) & 0xff) == 10; }
-
-TEST_F(ClatdTest, SelectIPv4Address) {
- struct in_addr addr;
-
- inet_pton(AF_INET, kIPv4LocalAddr, &addr);
-
- addr_free_func orig_config_is_ipv4_address_free = config_is_ipv4_address_free;
-
- // If no addresses are free, return INADDR_NONE.
- config_is_ipv4_address_free = never_free;
- EXPECT_EQ(INADDR_NONE, config_select_ipv4_address(&addr, 29));
- EXPECT_EQ(INADDR_NONE, config_select_ipv4_address(&addr, 16));
-
- // If the configured address is free, pick that. But a prefix that's too big is invalid.
- config_is_ipv4_address_free = always_free;
- EXPECT_EQ(inet_addr(kIPv4LocalAddr), config_select_ipv4_address(&addr, 29));
- EXPECT_EQ(inet_addr(kIPv4LocalAddr), config_select_ipv4_address(&addr, 20));
- EXPECT_EQ(INADDR_NONE, config_select_ipv4_address(&addr, 15));
-
- // A prefix length of 32 works, but anything above it is invalid.
- EXPECT_EQ(inet_addr(kIPv4LocalAddr), config_select_ipv4_address(&addr, 32));
- EXPECT_EQ(INADDR_NONE, config_select_ipv4_address(&addr, 33));
-
- // If another address is free, pick it.
- config_is_ipv4_address_free = over6_free;
- EXPECT_EQ(inet_addr("192.0.0.6"), config_select_ipv4_address(&addr, 29));
-
- // Check that we wrap around to addresses that are lower than the first address.
- config_is_ipv4_address_free = only2_free;
- EXPECT_EQ(inet_addr("192.0.0.2"), config_select_ipv4_address(&addr, 29));
- EXPECT_EQ(INADDR_NONE, config_select_ipv4_address(&addr, 30));
-
- // If a free address exists outside the prefix, we don't pick it.
- config_is_ipv4_address_free = only10_free;
- EXPECT_EQ(INADDR_NONE, config_select_ipv4_address(&addr, 29));
- EXPECT_EQ(inet_addr("192.0.0.10"), config_select_ipv4_address(&addr, 24));
-
- // Now try using the real function which sees if IP addresses are free using bind().
- // Assume that the machine running the test has the address 127.0.0.1, but not 8.8.8.8.
- config_is_ipv4_address_free = orig_config_is_ipv4_address_free;
- addr.s_addr = inet_addr("8.8.8.8");
- EXPECT_EQ(inet_addr("8.8.8.8"), config_select_ipv4_address(&addr, 29));
-
- addr.s_addr = inet_addr("127.0.0.1");
- EXPECT_EQ(inet_addr("127.0.0.2"), config_select_ipv4_address(&addr, 29));
-}
-
-TEST_F(ClatdTest, DataSanitycheck) {
- // Sanity checks the data.
- uint8_t v4_header[] = { IPV4_UDP_HEADER };
- ASSERT_EQ(sizeof(struct iphdr), sizeof(v4_header)) << "Test IPv4 header: incorrect length\n";
-
- uint8_t v6_header[] = { IPV6_UDP_HEADER };
- ASSERT_EQ(sizeof(struct ip6_hdr), sizeof(v6_header)) << "Test IPv6 header: incorrect length\n";
-
- uint8_t udp_header[] = { UDP_HEADER };
- ASSERT_EQ(sizeof(struct udphdr), sizeof(udp_header)) << "Test UDP header: incorrect length\n";
-
- // Sanity checks check_packet.
- struct udphdr *udp;
- uint8_t v4_udp_packet[] = { IPV4_UDP_HEADER UDP_HEADER PAYLOAD };
- udp = (struct udphdr *) (v4_udp_packet + sizeof(struct iphdr));
- fix_udp_checksum(v4_udp_packet);
- ASSERT_EQ(kUdpV4Checksum, udp->check) << "UDP/IPv4 packet checksum sanity check\n";
- check_packet(v4_udp_packet, sizeof(v4_udp_packet), "UDP/IPv4 packet sanity check");
-
- uint8_t v6_udp_packet[] = { IPV6_UDP_HEADER UDP_HEADER PAYLOAD };
- udp = (struct udphdr *) (v6_udp_packet + sizeof(struct ip6_hdr));
- fix_udp_checksum(v6_udp_packet);
- ASSERT_EQ(kUdpV6Checksum, udp->check) << "UDP/IPv6 packet checksum sanity check\n";
- check_packet(v6_udp_packet, sizeof(v6_udp_packet), "UDP/IPv6 packet sanity check");
-
- uint8_t ipv4_ping[] = { IPV4_ICMP_HEADER IPV4_PING PAYLOAD };
- check_packet(ipv4_ping, sizeof(ipv4_ping), "IPv4 ping sanity check");
-
- uint8_t ipv6_ping[] = { IPV6_ICMPV6_HEADER IPV6_PING PAYLOAD };
- check_packet(ipv6_ping, sizeof(ipv6_ping), "IPv6 ping sanity check");
-
- // Sanity checks reassemble_packet.
- uint8_t reassembled[MAXMTU];
- size_t total_length = sizeof(reassembled);
- reassemble_packet(kIPv4Fragments, kIPv4FragLengths, ARRAYSIZE(kIPv4Fragments),
- reassembled, &total_length, "Reassembly sanity check");
- check_packet(reassembled, total_length, "IPv4 Reassembled packet is valid");
- ASSERT_EQ(sizeof(kReassembledIPv4), total_length) << "IPv4 reassembly sanity check: length\n";
- ASSERT_TRUE(!is_ipv4_fragment((struct iphdr *) reassembled))
- << "Sanity check: reassembled packet is a fragment!\n";
- check_data_matches(kReassembledIPv4, reassembled, total_length, "IPv4 reassembly sanity check");
-
- total_length = sizeof(reassembled);
- reassemble_packet(kIPv6Fragments, kIPv6FragLengths, ARRAYSIZE(kIPv6Fragments),
- reassembled, &total_length, "IPv6 reassembly sanity check");
- ASSERT_TRUE(!is_ipv6_fragment((struct ip6_hdr *) reassembled, total_length))
- << "Sanity check: reassembled packet is a fragment!\n";
- check_packet(reassembled, total_length, "IPv6 Reassembled packet is valid");
-}
-
-TEST_F(ClatdTest, PseudoChecksum) {
- uint32_t pseudo_checksum;
-
- uint8_t v4_header[] = { IPV4_UDP_HEADER };
- uint8_t v4_pseudo_header[] = { IPV4_PSEUDOHEADER(v4_header, UDP_LEN) };
- pseudo_checksum = ipv4_pseudo_header_checksum((struct iphdr *) v4_header, UDP_LEN);
- EXPECT_EQ(ip_checksum_finish(pseudo_checksum),
- ip_checksum(v4_pseudo_header, sizeof(v4_pseudo_header)))
- << "ipv4_pseudo_header_checksum incorrect\n";
-
- uint8_t v6_header[] = { IPV6_UDP_HEADER };
- uint8_t v6_pseudo_header[] = { IPV6_PSEUDOHEADER(v6_header, IPPROTO_UDP, UDP_LEN) };
- pseudo_checksum = ipv6_pseudo_header_checksum((struct ip6_hdr *) v6_header, UDP_LEN, IPPROTO_UDP);
- EXPECT_EQ(ip_checksum_finish(pseudo_checksum),
- ip_checksum(v6_pseudo_header, sizeof(v6_pseudo_header)))
- << "ipv6_pseudo_header_checksum incorrect\n";
-}
-
-TEST_F(ClatdTest, TransportChecksum) {
- uint8_t udphdr[] = { UDP_HEADER };
- uint8_t payload[] = { PAYLOAD };
- EXPECT_EQ(kUdpPartialChecksum, ip_checksum_add(0, udphdr, sizeof(udphdr)))
- << "UDP partial checksum\n";
- EXPECT_EQ(kPayloadPartialChecksum, ip_checksum_add(0, payload, sizeof(payload)))
- << "Payload partial checksum\n";
-
- uint8_t ip[] = { IPV4_UDP_HEADER };
- uint8_t ip6[] = { IPV6_UDP_HEADER };
- uint32_t ipv4_pseudo_sum = ipv4_pseudo_header_checksum((struct iphdr *) ip, UDP_LEN);
- uint32_t ipv6_pseudo_sum = ipv6_pseudo_header_checksum((struct ip6_hdr *) ip6, UDP_LEN,
- IPPROTO_UDP);
-
- EXPECT_EQ(0x3ad0U, ipv4_pseudo_sum) << "IPv4 pseudo-checksum sanity check\n";
- EXPECT_EQ(0x2644bU, ipv6_pseudo_sum) << "IPv6 pseudo-checksum sanity check\n";
- EXPECT_EQ(
- kUdpV4Checksum,
- ip_checksum_finish(ipv4_pseudo_sum + kUdpPartialChecksum + kPayloadPartialChecksum))
- << "Unexpected UDP/IPv4 checksum\n";
- EXPECT_EQ(
- kUdpV6Checksum,
- ip_checksum_finish(ipv6_pseudo_sum + kUdpPartialChecksum + kPayloadPartialChecksum))
- << "Unexpected UDP/IPv6 checksum\n";
-
- EXPECT_EQ(kUdpV6Checksum,
- ip_checksum_adjust(kUdpV4Checksum, ipv4_pseudo_sum, ipv6_pseudo_sum))
- << "Adjust IPv4/UDP checksum to IPv6\n";
- EXPECT_EQ(kUdpV4Checksum,
- ip_checksum_adjust(kUdpV6Checksum, ipv6_pseudo_sum, ipv4_pseudo_sum))
- << "Adjust IPv6/UDP checksum to IPv4\n";
-}
-
-TEST_F(ClatdTest, AdjustChecksum) {
- struct checksum_data {
- uint16_t checksum;
- uint32_t old_hdr_sum;
- uint32_t new_hdr_sum;
- uint16_t result;
- } DATA[] = {
- { 0x1423, 0xb8ec, 0x2d757, 0xf5b5 },
- { 0xf5b5, 0x2d757, 0xb8ec, 0x1423 },
- { 0xdd2f, 0x5555, 0x3285, 0x0000 },
- { 0x1215, 0x5560, 0x15560 + 20, 0x1200 },
- { 0xd0c7, 0x3ad0, 0x2644b, 0xa74a },
- };
- unsigned i = 0;
-
- for (i = 0; i < ARRAYSIZE(DATA); i++) {
- struct checksum_data *data = DATA + i;
- uint16_t result = ip_checksum_adjust(data->checksum, data->old_hdr_sum, data->new_hdr_sum);
- EXPECT_EQ(result, data->result)
- << "Incorrect checksum" << std::showbase << std::hex
- << "\n Expected: " << data->result
- << "\n Actual: " << result
- << "\n checksum=" << data->checksum
- << " old_sum=" << data->old_hdr_sum << " new_sum=" << data->new_hdr_sum << "\n";
- }
-}
-
-TEST_F(ClatdTest, Translate) {
- uint8_t udp_ipv4[] = { IPV4_UDP_HEADER UDP_HEADER PAYLOAD };
- uint8_t udp_ipv6[] = { IPV6_UDP_HEADER UDP_HEADER PAYLOAD };
- fix_udp_checksum(udp_ipv4);
- fix_udp_checksum(udp_ipv6);
- check_translated_packet(udp_ipv4, sizeof(udp_ipv4), udp_ipv6, sizeof(udp_ipv6),
- "UDP/IPv4 -> UDP/IPv6 translation");
- check_translated_packet(udp_ipv6, sizeof(udp_ipv6), udp_ipv4, sizeof(udp_ipv4),
- "UDP/IPv6 -> UDP/IPv4 translation");
-
- uint8_t ipv4_ping[] = { IPV4_ICMP_HEADER IPV4_PING PAYLOAD };
- uint8_t ipv6_ping[] = { IPV6_ICMPV6_HEADER IPV6_PING PAYLOAD };
- check_translated_packet(ipv4_ping, sizeof(ipv4_ping), ipv6_ping, sizeof(ipv6_ping),
- "ICMP->ICMPv6 translation");
- check_translated_packet(ipv6_ping, sizeof(ipv6_ping), ipv4_ping, sizeof(ipv4_ping),
- "ICMPv6->ICMP translation");
-}
-
-TEST_F(ClatdTest, Fragmentation) {
- check_fragment_translation(kIPv4Fragments, kIPv4FragLengths,
- kIPv6Fragments, kIPv6FragLengths,
- ARRAYSIZE(kIPv4Fragments), "IPv4->IPv6 fragment translation");
-
- check_fragment_translation(kIPv6Fragments, kIPv6FragLengths,
- kIPv4Fragments, kIPv4FragLengths,
- ARRAYSIZE(kIPv6Fragments), "IPv6->IPv4 fragment translation");
-}
-
-void check_translate_checksum_neutral(const uint8_t *original, size_t original_len,
- size_t expected_len, const char *msg) {
- uint8_t translated[MAXMTU];
- size_t translated_len = sizeof(translated);
- do_translate_packet(original, original_len, translated, &translated_len, msg);
- EXPECT_EQ(expected_len, translated_len) << msg << ": Translated packet length incorrect\n";
- // do_translate_packet already checks packets for validity and verifies the checksum.
- int original_check = get_transport_checksum(original);
- int translated_check = get_transport_checksum(translated);
- ASSERT_NE(-1, original_check);
- ASSERT_NE(-1, translated_check);
- ASSERT_EQ(original_check, translated_check)
- << "Not checksum neutral: original and translated checksums differ\n";
-}
-
-TEST_F(ClatdTest, TranslateChecksumNeutral) {
- // Generate a random clat IPv6 address and check that translation is checksum-neutral.
- Global_Clatd_Config.ipv6_host_id = in6addr_any;
- ASSERT_TRUE(inet_pton(AF_INET6, "2001:db8:1:2:f076:ae99:124e:aa54",
- &Global_Clatd_Config.ipv6_local_subnet));
- config_generate_local_ipv6_subnet(&Global_Clatd_Config.ipv6_local_subnet);
- ASSERT_NE((uint32_t) 0x00000464, Global_Clatd_Config.ipv6_local_subnet.s6_addr32[3]);
- ASSERT_NE((uint32_t) 0, Global_Clatd_Config.ipv6_local_subnet.s6_addr32[3]);
-
- // Check that translating UDP packets is checksum-neutral. First, IPv4.
- uint8_t udp_ipv4[] = { IPV4_UDP_HEADER UDP_HEADER PAYLOAD };
- fix_udp_checksum(udp_ipv4);
- check_translate_checksum_neutral(udp_ipv4, sizeof(udp_ipv4), sizeof(udp_ipv4) + 20,
- "UDP/IPv4 -> UDP/IPv6 checksum neutral");
-
- // Now try IPv6.
- uint8_t udp_ipv6[] = { IPV6_UDP_HEADER UDP_HEADER PAYLOAD };
- // The test packet uses the static IID, not the random IID. Fix up the source address.
- struct ip6_hdr *ip6 = (struct ip6_hdr *) udp_ipv6;
- memcpy(&ip6->ip6_src, &Global_Clatd_Config.ipv6_local_subnet, sizeof(ip6->ip6_src));
- fix_udp_checksum(udp_ipv6);
- check_translate_checksum_neutral(udp_ipv4, sizeof(udp_ipv4), sizeof(udp_ipv4) + 20,
- "UDP/IPv4 -> UDP/IPv6 checksum neutral");
-}
+++ /dev/null
-/*
- * Copyright 2011 Daniel Drown
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * config.c - configuration settings
- */
-
-#include <string.h>
-#include <stdlib.h>
-#include <arpa/inet.h>
-#include <stdio.h>
-#include <limits.h>
-#include <errno.h>
-#include <unistd.h>
-
-#include <cutils/config_utils.h>
-#include <netutils/ifc.h>
-
-#include "config.h"
-#include "dns64.h"
-#include "logging.h"
-#include "getaddr.h"
-#include "clatd.h"
-#include "checksum.h"
-
-struct clat_config Global_Clatd_Config;
-
-/* function: config_item_str
- * locates the config item and returns the pointer to a string, or NULL on failure. Caller frees pointer
- * root - parsed configuration
- * item_name - name of config item to locate
- * defaultvar - value to use if config item isn't present
- */
-char *config_item_str(cnode *root, const char *item_name, const char *defaultvar) {
- const char *tmp;
-
- if(!(tmp = config_str(root, item_name, defaultvar))) {
- logmsg(ANDROID_LOG_FATAL,"%s config item needed",item_name);
- return NULL;
- }
- return strdup(tmp);
-}
-
-/* function: config_item_int16_t
- * locates the config item, parses the integer, and returns the pointer ret_val_ptr, or NULL on failure
- * root - parsed configuration
- * item_name - name of config item to locate
- * defaultvar - value to use if config item isn't present
- * ret_val_ptr - pointer for return value storage
- */
-int16_t *config_item_int16_t(cnode *root, const char *item_name, const char *defaultvar, int16_t *ret_val_ptr) {
- const char *tmp;
- char *endptr;
- long int conf_int;
-
- if(!(tmp = config_str(root, item_name, defaultvar))) {
- logmsg(ANDROID_LOG_FATAL,"%s config item needed",item_name);
- return NULL;
- }
-
- errno = 0;
- conf_int = strtol(tmp,&endptr,10);
- if(errno > 0) {
- logmsg(ANDROID_LOG_FATAL,"%s config item is not numeric: %s (error=%s)",item_name,tmp,strerror(errno));
- return NULL;
- }
- if(endptr == tmp || *tmp == '\0') {
- logmsg(ANDROID_LOG_FATAL,"%s config item is not numeric: %s",item_name,tmp);
- return NULL;
- }
- if(*endptr != '\0') {
- logmsg(ANDROID_LOG_FATAL,"%s config item contains non-numeric characters: %s",item_name,endptr);
- return NULL;
- }
- if(conf_int > INT16_MAX || conf_int < INT16_MIN) {
- logmsg(ANDROID_LOG_FATAL,"%s config item is too big/small: %d",item_name,conf_int);
- return NULL;
- }
- *ret_val_ptr = conf_int;
- return ret_val_ptr;
-}
-
-/* function: config_item_ip
- * locates the config item, parses the ipv4 address, and returns the pointer ret_val_ptr, or NULL on failure
- * root - parsed configuration
- * item_name - name of config item to locate
- * defaultvar - value to use if config item isn't present
- * ret_val_ptr - pointer for return value storage
- */
-struct in_addr *config_item_ip(cnode *root, const char *item_name, const char *defaultvar, struct in_addr *ret_val_ptr) {
- const char *tmp;
- int status;
-
- if(!(tmp = config_str(root, item_name, defaultvar))) {
- logmsg(ANDROID_LOG_FATAL,"%s config item needed",item_name);
- return NULL;
- }
-
- status = inet_pton(AF_INET, tmp, ret_val_ptr);
- if(status <= 0) {
- logmsg(ANDROID_LOG_FATAL,"invalid IPv4 address specified for %s: %s", item_name, tmp);
- return NULL;
- }
-
- return ret_val_ptr;
-}
-
-/* function: config_item_ip6
- * locates the config item, parses the ipv6 address, and returns the pointer ret_val_ptr, or NULL on failure
- * root - parsed configuration
- * item_name - name of config item to locate
- * defaultvar - value to use if config item isn't present
- * ret_val_ptr - pointer for return value storage
- */
-struct in6_addr *config_item_ip6(cnode *root, const char *item_name, const char *defaultvar, struct in6_addr *ret_val_ptr) {
- const char *tmp;
- int status;
-
- if(!(tmp = config_str(root, item_name, defaultvar))) {
- logmsg(ANDROID_LOG_FATAL,"%s config item needed",item_name);
- return NULL;
- }
-
- status = inet_pton(AF_INET6, tmp, ret_val_ptr);
- if(status <= 0) {
- logmsg(ANDROID_LOG_FATAL,"invalid IPv6 address specified for %s: %s", item_name, tmp);
- return NULL;
- }
-
- return ret_val_ptr;
-}
-
-/* function: free_config
- * frees the memory used by the global config variable
- */
-void free_config() {
- if(Global_Clatd_Config.plat_from_dns64_hostname) {
- free(Global_Clatd_Config.plat_from_dns64_hostname);
- Global_Clatd_Config.plat_from_dns64_hostname = NULL;
- }
-}
-
-/* function: ipv6_prefix_equal
- * compares the prefixes two ipv6 addresses. assumes the prefix lengths are both /64.
- * a1 - first address
- * a2 - second address
- * returns: 0 if the subnets are different, 1 if they are the same.
- */
-int ipv6_prefix_equal(struct in6_addr *a1, struct in6_addr *a2) {
- return !memcmp(a1, a2, 8);
-}
-
-/* function: dns64_detection
- * does dns lookups to set the plat subnet or exits on failure, waits forever for a dns response with a query backoff timer
- * net_id - (optional) netId to use, NETID_UNSET indicates use of default network
- */
-void dns64_detection(unsigned net_id) {
- int backoff_sleep, status;
- struct in6_addr tmp_ptr;
-
- backoff_sleep = 1;
-
- while(1) {
- status = plat_prefix(Global_Clatd_Config.plat_from_dns64_hostname,net_id,&tmp_ptr);
- if(status > 0) {
- memcpy(&Global_Clatd_Config.plat_subnet, &tmp_ptr, sizeof(struct in6_addr));
- return;
- }
- logmsg(ANDROID_LOG_WARN, "dns64_detection -- error, sleeping for %d seconds", backoff_sleep);
- sleep(backoff_sleep);
- backoff_sleep *= 2;
- if(backoff_sleep >= 120) {
- backoff_sleep = 120;
- }
- }
-}
-
-/* function: gen_random_iid
- * picks a random interface ID that is checksum neutral with the IPv4 address and the NAT64 prefix
- * myaddr - IPv6 address to write to
- * ipv4_local_subnet - clat IPv4 address
- * plat_subnet - NAT64 prefix
- */
-void gen_random_iid(struct in6_addr *myaddr, struct in_addr *ipv4_local_subnet,
- struct in6_addr *plat_subnet) {
- // Fill last 8 bytes of IPv6 address with random bits.
- arc4random_buf(&myaddr->s6_addr[8], 8);
-
- // Make the IID checksum-neutral. That is, make it so that:
- // checksum(Local IPv4 | Remote IPv4) = checksum(Local IPv6 | Remote IPv6)
- // in other words (because remote IPv6 = NAT64 prefix | Remote IPv4):
- // checksum(Local IPv4) = checksum(Local IPv6 | NAT64 prefix)
- // Do this by adjusting the two bytes in the middle of the IID.
-
- uint16_t middlebytes = (myaddr->s6_addr[11] << 8) + myaddr->s6_addr[12];
-
- uint32_t c1 = ip_checksum_add(0, ipv4_local_subnet, sizeof(*ipv4_local_subnet));
- uint32_t c2 = ip_checksum_add(0, plat_subnet, sizeof(*plat_subnet)) +
- ip_checksum_add(0, myaddr, sizeof(*myaddr));
-
- uint16_t delta = ip_checksum_adjust(middlebytes, c1, c2);
- myaddr->s6_addr[11] = delta >> 8;
- myaddr->s6_addr[12] = delta & 0xff;
-}
-
-// Factored out to a separate function for testability.
-int connect_is_ipv4_address_free(in_addr_t addr) {
- int s = socket(AF_INET, SOCK_DGRAM, 0);
- if (s == -1) {
- return 0;
- }
-
- // Attempt to connect to the address. If the connection succeeds and getsockname returns the same
- // the address then the address is already assigned to the system and we can't use it.
- struct sockaddr_in sin = { .sin_family = AF_INET, .sin_addr = { addr }, .sin_port = 53 };
- socklen_t len = sizeof(sin);
- int inuse = connect(s, (struct sockaddr *) &sin, sizeof(sin)) == 0 &&
- getsockname(s, (struct sockaddr *) &sin, &len) == 0 &&
- (size_t) len >= sizeof(sin) &&
- sin.sin_addr.s_addr == addr;
-
- close(s);
- return !inuse;
-}
-
-addr_free_func config_is_ipv4_address_free = connect_is_ipv4_address_free;
-
-/* function: config_select_ipv4_address
- * picks a free IPv4 address, starting from ip and trying all addresses in the prefix in order
- * ip - the IP address from the configuration file
- * prefixlen - the length of the prefix from which addresses may be selected.
- * returns: the IPv4 address, or INADDR_NONE if no addresses were available
- */
-in_addr_t config_select_ipv4_address(const struct in_addr *ip, int16_t prefixlen) {
- in_addr_t chosen = INADDR_NONE;
-
- // Don't accept prefixes that are too large because we scan addresses one by one.
- if (prefixlen < 16 || prefixlen > 32) {
- return chosen;
- }
-
- // All these are in host byte order.
- in_addr_t mask = 0xffffffff >> (32 - prefixlen) << (32 - prefixlen);
- in_addr_t ipv4 = ntohl(ip->s_addr);
- in_addr_t first_ipv4 = ipv4;
- in_addr_t prefix = ipv4 & mask;
-
- // Pick the first IPv4 address in the pool, wrapping around if necessary.
- // So, for example, 192.0.0.4 -> 192.0.0.5 -> 192.0.0.6 -> 192.0.0.7 -> 192.0.0.0.
- do {
- if (config_is_ipv4_address_free(htonl(ipv4))) {
- chosen = htonl(ipv4);
- break;
- }
- ipv4 = prefix | ((ipv4 + 1) & ~mask);
- } while (ipv4 != first_ipv4);
-
- return chosen;
-}
-
-/* function: config_generate_local_ipv6_subnet
- * generates the local ipv6 subnet when given the interface ip
- * requires config.ipv6_host_id
- * interface_ip - in: interface ip, out: local ipv6 host address
- */
-void config_generate_local_ipv6_subnet(struct in6_addr *interface_ip) {
- int i;
-
- if (Global_Clatd_Config.use_dynamic_iid) {
- /* Generate a random interface ID. */
- gen_random_iid(interface_ip,
- &Global_Clatd_Config.ipv4_local_subnet,
- &Global_Clatd_Config.plat_subnet);
- } else {
- /* Use the specified interface ID. */
- for(i = 2; i < 4; i++) {
- interface_ip->s6_addr32[i] = Global_Clatd_Config.ipv6_host_id.s6_addr32[i];
- }
- }
-}
-
-/* function: read_config
- * reads the config file and parses it into the global variable Global_Clatd_Config. returns 0 on failure, 1 on success
- * file - filename to parse
- * uplink_interface - interface to use to reach the internet and supplier of address space
- * plat_prefix - (optional) plat prefix to use, otherwise follow config file
- * net_id - (optional) netId to use, NETID_UNSET indicates use of default network
- */
-int read_config(const char *file, const char *uplink_interface, const char *plat_prefix,
- unsigned net_id) {
- cnode *root = config_node("", "");
- void *tmp_ptr = NULL;
- unsigned flags;
-
- if(!root) {
- logmsg(ANDROID_LOG_FATAL,"out of memory");
- return 0;
- }
-
- memset(&Global_Clatd_Config, '\0', sizeof(Global_Clatd_Config));
-
- config_load_file(root, file);
- if(root->first_child == NULL) {
- logmsg(ANDROID_LOG_FATAL,"Could not read config file %s", file);
- goto failed;
- }
-
- Global_Clatd_Config.default_pdp_interface = strdup(uplink_interface);
- if (!Global_Clatd_Config.default_pdp_interface)
- goto failed;
-
- if(!config_item_int16_t(root, "mtu", "-1", &Global_Clatd_Config.mtu))
- goto failed;
-
- if(!config_item_int16_t(root, "ipv4mtu", "-1", &Global_Clatd_Config.ipv4mtu))
- goto failed;
-
- if(!config_item_ip(root, "ipv4_local_subnet", DEFAULT_IPV4_LOCAL_SUBNET,
- &Global_Clatd_Config.ipv4_local_subnet))
- goto failed;
-
- if(!config_item_int16_t(root, "ipv4_local_prefixlen", DEFAULT_IPV4_LOCAL_PREFIXLEN,
- &Global_Clatd_Config.ipv4_local_prefixlen))
- goto failed;
-
- if(plat_prefix) { // plat subnet is coming from the command line
- if(inet_pton(AF_INET6, plat_prefix, &Global_Clatd_Config.plat_subnet) <= 0) {
- logmsg(ANDROID_LOG_FATAL,"invalid IPv6 address specified for plat prefix: %s", plat_prefix);
- goto failed;
- }
- } else {
- tmp_ptr = (void *)config_item_str(root, "plat_from_dns64", "yes");
- if(!tmp_ptr || strcmp(tmp_ptr, "no") == 0) {
- free(tmp_ptr);
-
- if(!config_item_ip6(root, "plat_subnet", NULL, &Global_Clatd_Config.plat_subnet)) {
- logmsg(ANDROID_LOG_FATAL, "plat_from_dns64 disabled, but no plat_subnet specified");
- goto failed;
- }
- } else {
- free(tmp_ptr);
-
- if(!(Global_Clatd_Config.plat_from_dns64_hostname = config_item_str(root, "plat_from_dns64_hostname", DEFAULT_DNS64_DETECTION_HOSTNAME)))
- goto failed;
- dns64_detection(net_id);
- }
- }
-
- if (!config_item_ip6(root, "ipv6_host_id", "::", &Global_Clatd_Config.ipv6_host_id))
- goto failed;
-
- /* In order to prevent multiple devices attempting to use the same clat address, never use a
- statically-configured interface ID on a broadcast interface such as wifi. */
- if (!IN6_IS_ADDR_UNSPECIFIED(&Global_Clatd_Config.ipv6_host_id)) {
- ifc_init();
- ifc_get_info(Global_Clatd_Config.default_pdp_interface, NULL, NULL, &flags);
- ifc_close();
- Global_Clatd_Config.use_dynamic_iid = (flags & IFF_BROADCAST) != 0;
- } else {
- Global_Clatd_Config.use_dynamic_iid = 1;
- }
-
- return 1;
-
-failed:
- free(root);
- free_config();
- return 0;
-}
-
-/* function; dump_config
- * prints the current config
- */
-void dump_config() {
- char charbuffer[INET6_ADDRSTRLEN];
-
- logmsg(ANDROID_LOG_DEBUG,"mtu = %d",Global_Clatd_Config.mtu);
- logmsg(ANDROID_LOG_DEBUG,"ipv4mtu = %d",Global_Clatd_Config.ipv4mtu);
- logmsg(ANDROID_LOG_DEBUG,"ipv6_local_subnet = %s",inet_ntop(AF_INET6, &Global_Clatd_Config.ipv6_local_subnet, charbuffer, sizeof(charbuffer)));
- logmsg(ANDROID_LOG_DEBUG,"ipv4_local_subnet = %s",inet_ntop(AF_INET, &Global_Clatd_Config.ipv4_local_subnet, charbuffer, sizeof(charbuffer)));
- logmsg(ANDROID_LOG_DEBUG,"ipv4_local_prefixlen = %d", Global_Clatd_Config.ipv4_local_prefixlen);
- logmsg(ANDROID_LOG_DEBUG,"plat_subnet = %s",inet_ntop(AF_INET6, &Global_Clatd_Config.plat_subnet, charbuffer, sizeof(charbuffer)));
- logmsg(ANDROID_LOG_DEBUG,"default_pdp_interface = %s",Global_Clatd_Config.default_pdp_interface);
-}
+++ /dev/null
-/*
- * Copyright 2011 Daniel Drown
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * config.h - configuration settings
- */
-#ifndef __CONFIG_H__
-#define __CONFIG_H__
-
-#include <netinet/in.h>
-#include <linux/if.h>
-
-#define DEFAULT_IPV4_LOCAL_SUBNET "192.0.0.4"
-#define DEFAULT_IPV4_LOCAL_PREFIXLEN "29"
-#define DEFAULT_DNS64_DETECTION_HOSTNAME "ipv4only.arpa"
-
-struct clat_config {
- int16_t mtu, ipv4mtu;
- struct in6_addr ipv6_local_subnet;
- struct in6_addr ipv6_host_id;
- struct in_addr ipv4_local_subnet;
- int16_t ipv4_local_prefixlen;
- struct in6_addr plat_subnet;
- char *default_pdp_interface;
- char *plat_from_dns64_hostname;
- int use_dynamic_iid;
-};
-
-extern struct clat_config Global_Clatd_Config;
-
-int read_config(const char *file, const char *uplink_interface, const char *plat_prefix,
- unsigned net_id);
-void config_generate_local_ipv6_subnet(struct in6_addr *interface_ip);
-in_addr_t config_select_ipv4_address(const struct in_addr *ip, int16_t prefixlen);
-int ipv6_prefix_equal(struct in6_addr *a1, struct in6_addr *a2);
-
-typedef int (*addr_free_func)(in_addr_t addr);
-
-#endif /* __CONFIG_H__ */
+++ /dev/null
-/*
- * Copyright 2011 Daniel Drown
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * debug.h - debug settings
- */
-#ifndef __DEBUG_H__
-#define __DEBUG_H__
-
-// set to 1 to enable debug logging and packet dumping.
-#define CLAT_DEBUG 0
-
-#endif /* __DEBUG_H__ */
+++ /dev/null
-/*
- * Copyright 2011 Daniel Drown
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * dns64.c - find the nat64 prefix with a dns64 lookup
- */
-
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <netdb.h>
-#include <strings.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-
-#include "dns64.h"
-#include "logging.h"
-#include "resolv_netid.h"
-
-/* function: plat_prefix
- * looks up an ipv4-only hostname and looks for a nat64 /96 prefix, returns 1 on success, 0 on failure
- * ipv4_name - name to lookup
- * net_id - (optional) netId to use, NETID_UNSET indicates use of default network
- * prefix - the plat /96 prefix
- */
-int plat_prefix(const char *ipv4_name, unsigned net_id, struct in6_addr *prefix) {
- const struct addrinfo hints = {
- .ai_family = AF_INET6,
- };
- int status;
- struct addrinfo *result = NULL;
- struct in6_addr plat_addr;
- char plat_addr_str[INET6_ADDRSTRLEN];
-
- logmsg(ANDROID_LOG_INFO, "Detecting NAT64 prefix from DNS...");
-
- status = android_getaddrinfofornet(ipv4_name, NULL, &hints, net_id, MARK_UNSET, &result);
- if (status != 0 || result == NULL) {
- logmsg(ANDROID_LOG_ERROR, "plat_prefix/dns(%s) status = %d/%s",
- ipv4_name, status, gai_strerror(status));
- return 0;
- }
-
- // Use only the first result. If other records are present, possibly with
- // differing DNS64 prefixes they are ignored (there is very little sensible
- // that could be done with them at this time anyway).
-
- if (result->ai_family != AF_INET6) {
- logmsg(ANDROID_LOG_WARN, "plat_prefix/unexpected address family: %d", result->ai_family);
- return 0;
- }
- plat_addr = ((struct sockaddr_in6 *)result->ai_addr)->sin6_addr;
- // Only /96 DNS64 prefixes are supported at this time.
- plat_addr.s6_addr32[3] = 0;
- freeaddrinfo(result);
-
- logmsg(ANDROID_LOG_INFO, "Detected NAT64 prefix %s/96",
- inet_ntop(AF_INET6, &plat_addr, plat_addr_str, sizeof(plat_addr_str)));
- *prefix = plat_addr;
- return 1;
-}
+++ /dev/null
-/*
- * Copyright 2011 Daniel Drown
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * dns64.h - find the nat64 prefix with a dns64 lookup
- */
-#ifndef __DNS64_H__
-#define __DNS64_H__
-
-int plat_prefix(const char *ipv4_name, unsigned net_id, struct in6_addr *prefix);
-
-#endif
+++ /dev/null
-/*
- * Copyright 2011 Daniel Drown
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * dump.c - print various headers for debugging
- */
-#include <stdio.h>
-#include <stdint.h>
-#include <stdlib.h>
-
-#include <arpa/inet.h>
-#include <netinet/in.h>
-#include <netinet/ip.h>
-#include <netinet/ip_icmp.h>
-#include <netinet/udp.h>
-#include <netinet/tcp.h>
-#include <netinet/ip6.h>
-#include <netinet/icmp6.h>
-#include <linux/icmp.h>
-
-#include "debug.h"
-#include "checksum.h"
-#include "clatd.h"
-#include "logging.h"
-
-#if CLAT_DEBUG
-
-/* print ip header */
-void dump_ip(struct iphdr *header) {
- u_int16_t frag_flags;
- char addrstr[INET6_ADDRSTRLEN];
-
- frag_flags = ntohs(header->frag_off);
-
- printf("IP packet\n");
- printf("header_len = %x\n",header->ihl);
- printf("version = %x\n",header->version);
- printf("tos = %x\n",header->tos);
- printf("tot_len = %x\n",ntohs(header->tot_len));
- printf("id = %x\n",ntohs(header->id));
- printf("frag: ");
- if(frag_flags & IP_RF) {
- printf("(RF) ");
- }
- if(frag_flags & IP_DF) {
- printf("DF ");
- }
- if(frag_flags & IP_MF) {
- printf("MF ");
- }
- printf("offset = %x\n",frag_flags & IP_OFFMASK);
- printf("ttl = %x\n",header->ttl);
- printf("protocol = %x\n",header->protocol);
- printf("checksum = %x\n",ntohs(header->check));
- inet_ntop(AF_INET, &header->saddr, addrstr, sizeof(addrstr));
- printf("saddr = %s\n",addrstr);
- inet_ntop(AF_INET, &header->daddr, addrstr, sizeof(addrstr));
- printf("daddr = %s\n",addrstr);
-}
-
-/* print ip6 header */
-void dump_ip6(struct ip6_hdr *header) {
- char addrstr[INET6_ADDRSTRLEN];
-
- printf("ipv6\n");
- printf("version = %x\n",header->ip6_vfc >> 4);
- printf("traffic class = %x\n",header->ip6_flow >> 20);
- printf("flow label = %x\n",ntohl(header->ip6_flow & 0x000fffff));
- printf("payload len = %x\n",ntohs(header->ip6_plen));
- printf("next header = %x\n",header->ip6_nxt);
- printf("hop limit = %x\n",header->ip6_hlim);
-
- inet_ntop(AF_INET6, &header->ip6_src, addrstr, sizeof(addrstr));
- printf("source = %s\n",addrstr);
-
- inet_ntop(AF_INET6, &header->ip6_dst, addrstr, sizeof(addrstr));
- printf("dest = %s\n",addrstr);
-}
-
-/* print icmp header */
-void dump_icmp(struct icmphdr *icmp) {
- printf("ICMP\n");
-
- printf("icmp.type = %x ",icmp->type);
- if(icmp->type == ICMP_ECHOREPLY) {
- printf("echo reply");
- } else if(icmp->type == ICMP_ECHO) {
- printf("echo request");
- } else {
- printf("other");
- }
- printf("\n");
- printf("icmp.code = %x\n",icmp->code);
- printf("icmp.checksum = %x\n",ntohs(icmp->checksum));
- if(icmp->type == ICMP_ECHOREPLY || icmp->type == ICMP_ECHO) {
- printf("icmp.un.echo.id = %x\n",ntohs(icmp->un.echo.id));
- printf("icmp.un.echo.sequence = %x\n",ntohs(icmp->un.echo.sequence));
- }
-}
-
-/* print icmp6 header */
-void dump_icmp6(struct icmp6_hdr *icmp6) {
- printf("ICMP6\n");
- printf("type = %x",icmp6->icmp6_type);
- if(icmp6->icmp6_type == ICMP6_ECHO_REQUEST) {
- printf("(echo request)");
- } else if(icmp6->icmp6_type == ICMP6_ECHO_REPLY) {
- printf("(echo reply)");
- }
- printf("\n");
- printf("code = %x\n",icmp6->icmp6_code);
-
- printf("checksum = %x\n",icmp6->icmp6_cksum);
-
- if((icmp6->icmp6_type == ICMP6_ECHO_REQUEST) || (icmp6->icmp6_type == ICMP6_ECHO_REPLY)) {
- printf("icmp6_id = %x\n",icmp6->icmp6_id);
- printf("icmp6_seq = %x\n",icmp6->icmp6_seq);
- }
-}
-
-/* print udp header */
-void dump_udp_generic(const struct udphdr *udp, uint32_t temp_checksum,
- const uint8_t *payload, size_t payload_size) {
- uint16_t my_checksum;
-
- temp_checksum = ip_checksum_add(temp_checksum, udp, sizeof(struct udphdr));
- temp_checksum = ip_checksum_add(temp_checksum, payload, payload_size);
- my_checksum = ip_checksum_finish(temp_checksum);
-
- printf("UDP\n");
- printf("source = %x\n",ntohs(udp->source));
- printf("dest = %x\n",ntohs(udp->dest));
- printf("len = %x\n",ntohs(udp->len));
- printf("check = %x (mine %x)\n",udp->check,my_checksum);
-}
-
-/* print ipv4/udp header */
-void dump_udp(const struct udphdr *udp, const struct iphdr *ip,
- const uint8_t *payload, size_t payload_size) {
- uint32_t temp_checksum;
- temp_checksum = ipv4_pseudo_header_checksum(ip, sizeof(*udp) + payload_size);
- dump_udp_generic(udp, temp_checksum, payload, payload_size);
-}
-
-/* print ipv6/udp header */
-void dump_udp6(const struct udphdr *udp, const struct ip6_hdr *ip6,
- const uint8_t *payload, size_t payload_size) {
- uint32_t temp_checksum;
- temp_checksum = ipv6_pseudo_header_checksum(ip6, sizeof(*udp) + payload_size, IPPROTO_UDP);
- dump_udp_generic(udp, temp_checksum, payload, payload_size);
-}
-
-/* print tcp header */
-void dump_tcp_generic(const struct tcphdr *tcp, const uint8_t *options, size_t options_size, uint32_t temp_checksum, const uint8_t *payload, size_t payload_size) {
- uint16_t my_checksum;
-
- temp_checksum = ip_checksum_add(temp_checksum, tcp, sizeof(struct tcphdr));
- if(options) {
- temp_checksum = ip_checksum_add(temp_checksum, options, options_size);
- }
- temp_checksum = ip_checksum_add(temp_checksum, payload, payload_size);
- my_checksum = ip_checksum_finish(temp_checksum);
-
- printf("TCP\n");
- printf("source = %x\n",ntohs(tcp->source));
- printf("dest = %x\n",ntohs(tcp->dest));
- printf("seq = %x\n",ntohl(tcp->seq));
- printf("ack = %x\n",ntohl(tcp->ack_seq));
- printf("d_off = %x\n",tcp->doff);
- printf("res1 = %x\n",tcp->res1);
-#ifdef __BIONIC__
- printf("CWR = %x\n",tcp->cwr);
- printf("ECE = %x\n",tcp->ece);
-#else
- printf("CWR/ECE = %x\n",tcp->res2);
-#endif
- printf("urg = %x ack = %x psh = %x rst = %x syn = %x fin = %x\n",
- tcp->urg, tcp->ack, tcp->psh, tcp->rst, tcp->syn, tcp->fin);
- printf("window = %x\n",ntohs(tcp->window));
- printf("check = %x [mine %x]\n",tcp->check,my_checksum);
- printf("urgent = %x\n",tcp->urg_ptr);
-
- if(options) {
- size_t i;
-
- printf("options: ");
- for(i=0; i<options_size; i++) {
- printf("%x ",*(options+i));
- }
- printf("\n");
- }
-}
-
-/* print ipv4/tcp header */
-void dump_tcp(const struct tcphdr *tcp, const struct iphdr *ip,
- const uint8_t *payload, size_t payload_size,
- const uint8_t *options, size_t options_size) {
- uint32_t temp_checksum;
-
- temp_checksum = ipv4_pseudo_header_checksum(ip, sizeof(*tcp) + options_size + payload_size);
- dump_tcp_generic(tcp, options, options_size, temp_checksum, payload, payload_size);
-}
-
-/* print ipv6/tcp header */
-void dump_tcp6(const struct tcphdr *tcp, const struct ip6_hdr *ip6,
- const uint8_t *payload, size_t payload_size,
- const uint8_t *options, size_t options_size) {
- uint32_t temp_checksum;
-
- temp_checksum = ipv6_pseudo_header_checksum(ip6, sizeof(*tcp) + options_size + payload_size, IPPROTO_TCP);
- dump_tcp_generic(tcp, options, options_size, temp_checksum, payload, payload_size);
-}
-
-/* generic hex dump */
-void logcat_hexdump(const char *info, const uint8_t *data, size_t len) {
- char output[PACKETLEN*3+2];
- size_t i;
-
- output[0] = '\0';
- for(i = 0; i < len && i < PACKETLEN; i++) {
- snprintf(output + i*3, 4, " %02x", data[i]);
- }
- output[len*3+3] = '\0';
-
- logmsg(ANDROID_LOG_WARN,"info %s len %d data%s", info, len, output);
-}
-
-void dump_iovec(const struct iovec *iov, int iov_len) {
- int i;
- char *str;
- for (i = 0; i < iov_len; i++) {
- asprintf(&str, "iov[%d]: ", i);
- logcat_hexdump(str, iov[i].iov_base, iov[i].iov_len);
- free(str);
- }
-}
-#endif // CLAT_DEBUG
+++ /dev/null
-/*
- * Copyright 2011 Daniel Drown
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * dump.h - debug functions
- */
-#ifndef __DUMP_H__
-#define __DUMP_H__
-
-void dump_ip(struct iphdr *header);
-void dump_icmp(struct icmphdr *icmp);
-void dump_udp(const struct udphdr *udp, const struct iphdr *ip,
- const uint8_t *payload, size_t payload_size);
-void dump_tcp(const struct tcphdr *tcp, const struct iphdr *ip,
- const uint8_t *payload, size_t payload_size,
- const char *options, size_t options_size);
-
-void dump_ip6(struct ip6_hdr *header);
-void dump_icmp6(struct icmp6_hdr *icmp6);
-void dump_udp6(const struct udphdr *udp, const struct ip6_hdr *ip6,
- const uint8_t *payload, size_t payload_size);
-void dump_tcp6(const struct tcphdr *tcp, const struct ip6_hdr *ip6,
- const uint8_t *payload, size_t payload_size,
- const char *options, size_t options_size);
-
-void logcat_hexdump(const char *info, const uint8_t *data, size_t len);
-void dump_iovec(const struct iovec *iov, int iov_len);
-
-#endif /* __DUMP_H__ */
+++ /dev/null
-/*
- * Copyright 2012 Daniel Drown
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * getaddr.c - get a locally configured address
- */
-#include <netinet/in.h>
-#include <strings.h>
-#include <string.h>
-#include <net/if.h>
-
-#include <linux/rtnetlink.h>
-#include <netlink/handlers.h>
-#include <netlink/msg.h>
-
-#include "getaddr.h"
-#include "netlink_msg.h"
-#include "logging.h"
-
-// shared state between getinterface_ip and getaddr_cb
-struct target {
- int family;
- unsigned int ifindex;
- union anyip ip;
- int foundip;
-};
-
-/* function: getaddr_cb
- * callback for getinterface_ip
- * msg - netlink message
- * data - (struct target) info for which address we're looking for
- */
-static int getaddr_cb(struct nl_msg *msg, void *data) {
- struct ifaddrmsg *ifa_p;
- struct rtattr *rta_p;
- int rta_len;
- struct target *targ_p = (struct target *)data;
-
- ifa_p = (struct ifaddrmsg *)nlmsg_data(nlmsg_hdr(msg));
- rta_p = (struct rtattr *)IFA_RTA(ifa_p);
-
- if(ifa_p->ifa_index != targ_p->ifindex)
- return NL_OK;
-
- if(ifa_p->ifa_scope != RT_SCOPE_UNIVERSE)
- return NL_OK;
-
- rta_len = RTM_PAYLOAD(nlmsg_hdr(msg));
- for (; RTA_OK(rta_p, rta_len); rta_p = RTA_NEXT(rta_p, rta_len)) {
- switch(rta_p->rta_type) {
- case IFA_ADDRESS:
- if((targ_p->family == AF_INET6) && !(ifa_p->ifa_flags & IFA_F_SECONDARY)) {
- memcpy(&targ_p->ip.ip6, RTA_DATA(rta_p), rta_p->rta_len - sizeof(struct rtattr));
- targ_p->foundip = 1;
- return NL_OK;
- }
- break;
- case IFA_LOCAL:
- if(targ_p->family == AF_INET) {
- memcpy(&targ_p->ip.ip4, RTA_DATA(rta_p), rta_p->rta_len - sizeof(struct rtattr));
- targ_p->foundip = 1;
- return NL_OK;
- }
- break;
- }
- }
-
- return NL_OK;
-}
-
-/* function: error_handler
- * error callback for getinterface_ip
- * nla - source of the error message
- * err - netlink message
- * arg - (struct target) info for which address we're looking for
- */
-static int error_handler(__attribute__((unused)) struct sockaddr_nl *nla,
- __attribute__((unused)) struct nlmsgerr *err,
- __attribute__((unused)) void *arg) {
- return NL_OK;
-}
-
-/* function: getinterface_ip
- * finds the first global non-privacy IP of the given family for the given interface, or returns NULL. caller frees pointer
- * interface - interface to look for
- * family - family
- */
-union anyip *getinterface_ip(const char *interface, int family) {
- struct ifaddrmsg ifa;
- struct nl_cb *callbacks = NULL;
- struct target targ;
- union anyip *retval = NULL;
-
- targ.family = family;
- targ.foundip = 0;
- targ.ifindex = if_nametoindex(interface);
- if(targ.ifindex == 0) {
- return NULL; // interface not found
- }
-
- memset(&ifa, 0, sizeof(ifa));
- ifa.ifa_family = targ.family;
-
- callbacks = nl_cb_alloc(NL_CB_DEFAULT);
- if(!callbacks) {
- goto cleanup;
- }
- nl_cb_set(callbacks, NL_CB_VALID, NL_CB_CUSTOM, getaddr_cb, &targ);
- nl_cb_err(callbacks, NL_CB_CUSTOM, error_handler, &targ);
-
- // sends message and waits for a response
- send_ifaddrmsg(RTM_GETADDR, NLM_F_REQUEST | NLM_F_ROOT, &ifa, callbacks);
-
- if(targ.foundip) {
- retval = malloc(sizeof(union anyip));
- if(!retval) {
- logmsg(ANDROID_LOG_FATAL,"getinterface_ip/out of memory");
- goto cleanup;
- }
- memcpy(retval, &targ.ip, sizeof(union anyip));
- }
-
-cleanup:
- if(callbacks)
- nl_cb_put(callbacks);
-
- return retval;
-}
+++ /dev/null
-/*
- * Copyright 2011 Daniel Drown
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * getaddr.h - get a locally configured address
- */
-#ifndef __GETADDR_H__
-#define __GETADDR_H__
-
-union anyip {
- struct in6_addr ip6;
- struct in_addr ip4;
-};
-
-union anyip *getinterface_ip(const char *interface, int family);
-
-#endif
+++ /dev/null
-/*
- * Copyright (C) 2013 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * icmp.c - convenience functions for translating ICMP and ICMPv6 packets.
- */
-
-#include <netinet/in.h>
-#include <netinet/ip_icmp.h>
-#include <netinet/icmp6.h>
-#include <linux/icmp.h>
-
-#include "logging.h"
-#include "icmp.h"
-
-/* function: icmp_guess_ttl
- * Guesses the number of hops a received packet has traversed based on its TTL.
- * ttl - the ttl of the received packet.
- */
-uint8_t icmp_guess_ttl(uint8_t ttl) {
- if (ttl > 128) {
- return 255 - ttl;
- } else if (ttl > 64) {
- return 128 - ttl;
- } else if (ttl > 32) {
- return 64 - ttl;
- } else {
- return 32 - ttl;
- }
-}
-
-/* function: is_icmp_error
- * Determines whether an ICMP type is an error message.
- * type: the ICMP type
- */
-int is_icmp_error(uint8_t type) {
- return type == 3 || type == 11 || type == 12;
-}
-
-/* function: is_icmp6_error
- * Determines whether an ICMPv6 type is an error message.
- * type: the ICMPv6 type
- */
-int is_icmp6_error(uint8_t type) {
- return type < 128;
-}
-
-/* function: icmp_to_icmp6_type
- * Maps ICMP types to ICMPv6 types. Partial implementation of RFC 6145, section 4.2.
- * type - the ICMPv6 type
- */
-uint8_t icmp_to_icmp6_type(uint8_t type, uint8_t code) {
- switch (type) {
- case ICMP_ECHO:
- return ICMP6_ECHO_REQUEST;
-
- case ICMP_ECHOREPLY:
- return ICMP6_ECHO_REPLY;
-
- case ICMP_TIME_EXCEEDED:
- return ICMP6_TIME_EXCEEDED;
-
- case ICMP_DEST_UNREACH:
- // These two types need special translation which we don't support yet.
- if (code != ICMP_UNREACH_PROTOCOL && code != ICMP_UNREACH_NEEDFRAG) {
- return ICMP6_DST_UNREACH;
- }
- }
-
- // We don't understand this ICMP type. Return parameter problem so the caller will bail out.
- logmsg_dbg(ANDROID_LOG_DEBUG, "icmp_to_icmp6_type: unhandled ICMP type %d", type);
- return ICMP6_PARAM_PROB;
-}
-
-/* function: icmp_to_icmp6_code
- * Maps ICMP codes to ICMPv6 codes. Partial implementation of RFC 6145, section 4.2.
- * type - the ICMP type
- * code - the ICMP code
- */
-uint8_t icmp_to_icmp6_code(uint8_t type, uint8_t code) {
- switch (type) {
- case ICMP_ECHO:
- case ICMP_ECHOREPLY:
- return 0;
-
- case ICMP_TIME_EXCEEDED:
- return code;
-
- case ICMP_DEST_UNREACH:
- switch (code) {
- case ICMP_UNREACH_NET:
- case ICMP_UNREACH_HOST:
- return ICMP6_DST_UNREACH_NOROUTE;
-
- case ICMP_UNREACH_PORT:
- return ICMP6_DST_UNREACH_NOPORT;
-
- case ICMP_UNREACH_NET_PROHIB:
- case ICMP_UNREACH_HOST_PROHIB:
- case ICMP_UNREACH_FILTER_PROHIB:
- case ICMP_UNREACH_PRECEDENCE_CUTOFF:
- return ICMP6_DST_UNREACH_ADMIN;
-
- // Otherwise, we don't understand this ICMP type/code combination. Fall through.
- }
- }
- logmsg_dbg(ANDROID_LOG_DEBUG, "icmp_to_icmp6_code: unhandled ICMP type/code %d/%d", type, code);
- return 0;
-}
-
-/* function: icmp6_to_icmp_type
- * Maps ICMPv6 types to ICMP types. Partial implementation of RFC 6145, section 5.2.
- * type - the ICMP type
- */
-uint8_t icmp6_to_icmp_type(uint8_t type, uint8_t code) {
- switch (type) {
- case ICMP6_ECHO_REQUEST:
- return ICMP_ECHO;
-
- case ICMP6_ECHO_REPLY:
- return ICMP_ECHOREPLY;
-
- case ICMP6_DST_UNREACH:
- return ICMP_DEST_UNREACH;
-
- case ICMP6_TIME_EXCEEDED:
- return ICMP_TIME_EXCEEDED;
- }
-
- // We don't understand this ICMP type. Return parameter problem so the caller will bail out.
- logmsg_dbg(ANDROID_LOG_DEBUG, "icmp6_to_icmp_type: unhandled ICMP type/code %d/%d", type, code);
- return ICMP_PARAMETERPROB;
-}
-
-/* function: icmp6_to_icmp_code
- * Maps ICMPv6 codes to ICMP codes. Partial implementation of RFC 6145, section 5.2.
- * type - the ICMPv6 type
- * code - the ICMPv6 code
- */
-uint8_t icmp6_to_icmp_code(uint8_t type, uint8_t code) {
- switch (type) {
- case ICMP6_ECHO_REQUEST:
- case ICMP6_ECHO_REPLY:
- case ICMP6_TIME_EXCEEDED:
- return code;
-
- case ICMP6_DST_UNREACH:
- switch (code) {
- case ICMP6_DST_UNREACH_NOROUTE:
- return ICMP_UNREACH_HOST;
-
- case ICMP6_DST_UNREACH_ADMIN:
- return ICMP_UNREACH_HOST_PROHIB;
-
- case ICMP6_DST_UNREACH_BEYONDSCOPE:
- return ICMP_UNREACH_HOST;
-
- case ICMP6_DST_UNREACH_ADDR:
- return ICMP_HOST_UNREACH;
-
- case ICMP6_DST_UNREACH_NOPORT:
- return ICMP_UNREACH_PORT;
-
- // Otherwise, we don't understand this ICMPv6 type/code combination. Fall through.
- }
- }
-
- logmsg_dbg(ANDROID_LOG_DEBUG, "icmp6_to_icmp_code: unhandled ICMP type/code %d/%d", type, code);
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (C) 2013 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * icmp.c - convenience functions for translating ICMP and ICMPv6 packets.
- */
-
-#ifndef __ICMP_H__
-#define __ICMP_H__
-
-#include <stdint.h>
-
-// Guesses the number of hops a received packet has traversed based on its TTL.
-uint8_t icmp_guess_ttl(uint8_t ttl);
-
-// Determines whether an ICMP type is an error message.
-int is_icmp_error(uint8_t type);
-
-// Determines whether an ICMPv6 type is an error message.
-int is_icmp6_error(uint8_t type);
-
-// Maps ICMP types to ICMPv6 types. Partial implementation of RFC 6145, section 4.2.
-uint8_t icmp_to_icmp6_type(uint8_t type, uint8_t code);
-
-// Maps ICMP codes to ICMPv6 codes. Partial implementation of RFC 6145, section 4.2.
-uint8_t icmp_to_icmp6_code(uint8_t type, uint8_t code);
-
-// Maps ICMPv6 types to ICMP types. Partial implementation of RFC 6145, section 5.2.
-uint8_t icmp6_to_icmp_type(uint8_t type, uint8_t code);
-
-// Maps ICMPv6 codes to ICMP codes. Partial implementation of RFC 6145, section 5.2.
-uint8_t icmp6_to_icmp_code(uint8_t type, uint8_t code);
-
-#endif /* __ICMP_H__ */
+++ /dev/null
-/*
- * Copyright 2011 Daniel Drown
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * ipv4.c - takes ipv4 packets, finds their headers, and then calls translation functions on them
- */
-#include <string.h>
-
-#include "translate.h"
-#include "checksum.h"
-#include "logging.h"
-#include "debug.h"
-#include "dump.h"
-
-/* function: icmp_packet
- * translates an icmp packet
- * out - output packet
- * icmp - pointer to icmp header in packet
- * checksum - pseudo-header checksum
- * len - size of ip payload
- * returns: the highest position in the output clat_packet that's filled in
- */
-int icmp_packet(clat_packet out, clat_packet_index pos, const struct icmphdr *icmp,
- uint32_t checksum, size_t len) {
- const uint8_t *payload;
- size_t payload_size;
-
- if(len < sizeof(struct icmphdr)) {
- logmsg_dbg(ANDROID_LOG_ERROR, "icmp_packet/(too small)");
- return 0;
- }
-
- payload = (const uint8_t *) (icmp + 1);
- payload_size = len - sizeof(struct icmphdr);
-
- return icmp_to_icmp6(out, pos, icmp, checksum, payload, payload_size);
-}
-
-/* function: ipv4_packet
- * translates an ipv4 packet
- * out - output packet
- * packet - packet data
- * len - size of packet
- * returns: the highest position in the output clat_packet that's filled in
- */
-int ipv4_packet(clat_packet out, clat_packet_index pos, const uint8_t *packet, size_t len) {
- const struct iphdr *header = (struct iphdr *) packet;
- struct ip6_hdr *ip6_targ = (struct ip6_hdr *) out[pos].iov_base;
- struct ip6_frag *frag_hdr;
- size_t frag_hdr_len;
- uint8_t nxthdr;
- const uint8_t *next_header;
- size_t len_left;
- uint32_t old_sum, new_sum;
- int iov_len;
-
- if(len < sizeof(struct iphdr)) {
- logmsg_dbg(ANDROID_LOG_ERROR, "ip_packet/too short for an ip header");
- return 0;
- }
-
- if(header->ihl < 5) {
- logmsg_dbg(ANDROID_LOG_ERROR, "ip_packet/ip header length set to less than 5: %x", header->ihl);
- return 0;
- }
-
- if((size_t) header->ihl * 4 > len) { // ip header length larger than entire packet
- logmsg_dbg(ANDROID_LOG_ERROR, "ip_packet/ip header length set too large: %x", header->ihl);
- return 0;
- }
-
- if(header->version != 4) {
- logmsg_dbg(ANDROID_LOG_ERROR, "ip_packet/ip header version not 4: %x", header->version);
- return 0;
- }
-
- /* rfc6145 - If any IPv4 options are present in the IPv4 packet, they MUST be
- * ignored and the packet translated normally; there is no attempt to
- * translate the options.
- */
-
- next_header = packet + header->ihl*4;
- len_left = len - header->ihl * 4;
-
- nxthdr = header->protocol;
- if (nxthdr == IPPROTO_ICMP) {
- // ICMP and ICMPv6 have different protocol numbers.
- nxthdr = IPPROTO_ICMPV6;
- }
-
- /* Fill in the IPv6 header. We need to do this before we translate the packet because TCP and
- * UDP include parts of the IP header in the checksum. Set the length to zero because we don't
- * know it yet.
- */
- fill_ip6_header(ip6_targ, 0, nxthdr, header);
- out[pos].iov_len = sizeof(struct ip6_hdr);
-
- /* Calculate the pseudo-header checksum.
- * Technically, the length that is used in the pseudo-header checksum is the transport layer
- * length, which is not the same as len_left in the case of fragmented packets. But since
- * translation does not change the transport layer length, the checksum is unaffected.
- */
- old_sum = ipv4_pseudo_header_checksum(header, len_left);
- new_sum = ipv6_pseudo_header_checksum(ip6_targ, len_left, nxthdr);
-
- // If the IPv4 packet is fragmented, add a Fragment header.
- frag_hdr = (struct ip6_frag *) out[pos + 1].iov_base;
- frag_hdr_len = maybe_fill_frag_header(frag_hdr, ip6_targ, header);
- out[pos + 1].iov_len = frag_hdr_len;
-
- if (frag_hdr_len && frag_hdr->ip6f_offlg & IP6F_OFF_MASK) {
- // Non-first fragment. Copy the rest of the packet as is.
- iov_len = generic_packet(out, pos + 2, next_header, len_left);
- } else if (nxthdr == IPPROTO_ICMPV6) {
- iov_len = icmp_packet(out, pos + 2, (const struct icmphdr *) next_header, new_sum, len_left);
- } else if (nxthdr == IPPROTO_TCP) {
- iov_len = tcp_packet(out, pos + 2, (const struct tcphdr *) next_header, old_sum, new_sum,
- len_left);
- } else if (nxthdr == IPPROTO_UDP) {
- iov_len = udp_packet(out, pos + 2, (const struct udphdr *) next_header, old_sum, new_sum,
- len_left);
- } else if (nxthdr == IPPROTO_GRE) {
- iov_len = generic_packet(out, pos + 2, next_header, len_left);
- } else {
-#if CLAT_DEBUG
- logmsg_dbg(ANDROID_LOG_ERROR, "ip_packet/unknown protocol: %x",header->protocol);
- logcat_hexdump("ipv4/protocol", packet, len);
-#endif
- return 0;
- }
-
- // Set the length.
- ip6_targ->ip6_plen = htons(packet_length(out, pos));
- return iov_len;
-}
+++ /dev/null
-/*
- * Copyright 2011 Daniel Drown
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * ipv6.c - takes ipv6 packets, finds their headers, and then calls translation functions on them
- */
-#include <string.h>
-
-#include <arpa/inet.h>
-
-#include "translate.h"
-#include "checksum.h"
-#include "logging.h"
-#include "dump.h"
-#include "config.h"
-#include "debug.h"
-
-/* function: icmp6_packet
- * takes an icmp6 packet and sets it up for translation
- * out - output packet
- * icmp6 - pointer to icmp6 header in packet
- * checksum - pseudo-header checksum (unused)
- * len - size of ip payload
- * returns: the highest position in the output clat_packet that's filled in
- */
-int icmp6_packet(clat_packet out, clat_packet_index pos, const struct icmp6_hdr *icmp6,
- size_t len) {
- const uint8_t *payload;
- size_t payload_size;
-
- if(len < sizeof(struct icmp6_hdr)) {
- logmsg_dbg(ANDROID_LOG_ERROR, "icmp6_packet/(too small)");
- return 0;
- }
-
- payload = (const uint8_t *) (icmp6 + 1);
- payload_size = len - sizeof(struct icmp6_hdr);
-
- return icmp6_to_icmp(out, pos, icmp6, payload, payload_size);
-}
-
-/* function: log_bad_address
- * logs a bad address to android's log buffer if debugging is turned on
- * fmt - printf-style format, use %s to place the address
- * badaddr - the bad address in question
- */
-#if CLAT_DEBUG
-void log_bad_address(const char *fmt, const struct in6_addr *src, const struct in6_addr *dst) {
- char srcstr[INET6_ADDRSTRLEN];
- char dststr[INET6_ADDRSTRLEN];
-
- inet_ntop(AF_INET6, src, srcstr, sizeof(srcstr));
- inet_ntop(AF_INET6, dst, dststr, sizeof(dststr));
- logmsg_dbg(ANDROID_LOG_ERROR, fmt, srcstr, dststr);
-}
-#else
-#define log_bad_address(fmt, src, dst)
-#endif
-
-/* function: ipv6_packet
- * takes an ipv6 packet and hands it off to the layer 4 protocol function
- * out - output packet
- * packet - packet data
- * len - size of packet
- * returns: the highest position in the output clat_packet that's filled in
- */
-int ipv6_packet(clat_packet out, clat_packet_index pos, const uint8_t *packet, size_t len) {
- const struct ip6_hdr *ip6 = (struct ip6_hdr *) packet;
- struct iphdr *ip_targ = (struct iphdr *) out[pos].iov_base;
- struct ip6_frag *frag_hdr = NULL;
- uint8_t protocol;
- const uint8_t *next_header;
- size_t len_left;
- uint32_t old_sum, new_sum;
- int iov_len;
-
- if(len < sizeof(struct ip6_hdr)) {
- logmsg_dbg(ANDROID_LOG_ERROR, "ipv6_packet/too short for an ip6 header: %d", len);
- return 0;
- }
-
- if(IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
- log_bad_address("ipv6_packet/multicast %s->%s", &ip6->ip6_src, &ip6->ip6_dst);
- return 0; // silently ignore
- }
-
- // If the packet is not from the plat subnet to the local subnet, or vice versa, drop it, unless
- // it's an ICMP packet (which can come from anywhere). We do not send IPv6 packets from the plat
- // subnet to the local subnet, but these can appear as inner packets in ICMP errors, so we need
- // to translate them. We accept third-party ICMPv6 errors, even though their source addresses
- // cannot be translated, so that things like unreachables and traceroute will work. fill_ip_header
- // takes care of faking a source address for them.
- if (!(is_in_plat_subnet(&ip6->ip6_src) &&
- IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &Global_Clatd_Config.ipv6_local_subnet)) &&
- !(is_in_plat_subnet(&ip6->ip6_dst) &&
- IN6_ARE_ADDR_EQUAL(&ip6->ip6_src, &Global_Clatd_Config.ipv6_local_subnet)) &&
- ip6->ip6_nxt != IPPROTO_ICMPV6) {
- log_bad_address("ipv6_packet/wrong source address: %s->%s", &ip6->ip6_src, &ip6->ip6_dst);
- return 0;
- }
-
- next_header = packet + sizeof(struct ip6_hdr);
- len_left = len - sizeof(struct ip6_hdr);
-
- protocol = ip6->ip6_nxt;
-
- /* Fill in the IPv4 header. We need to do this before we translate the packet because TCP and
- * UDP include parts of the IP header in the checksum. Set the length to zero because we don't
- * know it yet.
- */
- fill_ip_header(ip_targ, 0, protocol, ip6);
- out[pos].iov_len = sizeof(struct iphdr);
-
- // If there's a Fragment header, parse it and decide what the next header is.
- // Do this before calculating the pseudo-header checksum because it updates the next header value.
- if (protocol == IPPROTO_FRAGMENT) {
- frag_hdr = (struct ip6_frag *) next_header;
- if (len_left < sizeof(*frag_hdr)) {
- logmsg_dbg(ANDROID_LOG_ERROR, "ipv6_packet/too short for fragment header: %d", len);
- return 0;
- }
-
- next_header += sizeof(*frag_hdr);
- len_left -= sizeof(*frag_hdr);
-
- protocol = parse_frag_header(frag_hdr, ip_targ);
- }
-
- // ICMP and ICMPv6 have different protocol numbers.
- if (protocol == IPPROTO_ICMPV6) {
- protocol = IPPROTO_ICMP;
- ip_targ->protocol = IPPROTO_ICMP;
- }
-
- /* Calculate the pseudo-header checksum.
- * Technically, the length that is used in the pseudo-header checksum is the transport layer
- * length, which is not the same as len_left in the case of fragmented packets. But since
- * translation does not change the transport layer length, the checksum is unaffected.
- */
- old_sum = ipv6_pseudo_header_checksum(ip6, len_left, protocol);
- new_sum = ipv4_pseudo_header_checksum(ip_targ, len_left);
-
- // Does not support IPv6 extension headers except Fragment.
- if (frag_hdr && (frag_hdr->ip6f_offlg & IP6F_OFF_MASK)) {
- iov_len = generic_packet(out, pos + 2, next_header, len_left);
- } else if (protocol == IPPROTO_ICMP) {
- iov_len = icmp6_packet(out, pos + 2, (const struct icmp6_hdr *) next_header, len_left);
- } else if (protocol == IPPROTO_TCP) {
- iov_len = tcp_packet(out, pos + 2, (const struct tcphdr *) next_header, old_sum, new_sum,
- len_left);
- } else if (protocol == IPPROTO_UDP) {
- iov_len = udp_packet(out, pos + 2, (const struct udphdr *) next_header, old_sum, new_sum,
- len_left);
- } else if (protocol == IPPROTO_GRE) {
- iov_len = generic_packet(out, pos + 2, next_header, len_left);
- } else {
-#if CLAT_DEBUG
- logmsg(ANDROID_LOG_ERROR, "ipv6_packet/unknown next header type: %x", ip6->ip6_nxt);
- logcat_hexdump("ipv6/nxthdr", packet, len);
-#endif
- return 0;
- }
-
- // Set the length and calculate the checksum.
- ip_targ->tot_len = htons(ntohs(ip_targ->tot_len) + packet_length(out, pos));
- ip_targ->check = ip_checksum(ip_targ, sizeof(struct iphdr));
- return iov_len;
-}
+++ /dev/null
-/*
- * Copyright 2011 Daniel Drown
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * logging.c - print a log message
- */
-
-#include <stdarg.h>
-#include <android/log.h>
-
-#include "logging.h"
-#include "debug.h"
-
-/* function: logmsg
- * prints a log message to android's log buffer
- * prio - the log message priority
- * fmt - printf format specifier
- * ... - printf format arguments
- */
-void logmsg(int prio, const char *fmt, ...) {
- va_list ap;
-
- va_start(ap, fmt);
- __android_log_vprint(prio, "clatd", fmt, ap);
- va_end(ap);
-}
-
-/* function: logmsg_dbg
- * prints a log message to android's log buffer if CLAT_DEBUG is set
- * prio - the log message priority
- * fmt - printf format specifier
- * ... - printf format arguments
- */
-#if CLAT_DEBUG
-void logmsg_dbg(int prio, const char *fmt, ...) {
- va_list ap;
-
- va_start(ap, fmt);
- __android_log_vprint(prio, "clatd", fmt, ap);
- va_end(ap);
-}
-#else
-void logmsg_dbg(__attribute__((unused)) int prio, __attribute__((unused)) const char *fmt, ...) {}
-#endif
+++ /dev/null
-/*
- * Copyright 2011 Daniel Drown
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * logging.h - print a log message
- */
-
-#ifndef __LOGGING_H__
-#define __LOGGING_H__
-// for the priorities
-#include <android/log.h>
-
-void logmsg(int prio, const char *fmt, ...);
-void logmsg_dbg(int prio, const char *fmt, ...);
-
-#endif
+++ /dev/null
-/*
- * Copyright 2011 Daniel Drown
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * mtu.c - get interface mtu
- */
-
-#include <string.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/ioctl.h>
-#include <net/if.h>
-
-#include "mtu.h"
-
-/* function: getifmtu
- * returns the interface mtu or -1 on failure
- * ifname - interface name
- */
-int getifmtu(const char *ifname) {
- int fd;
- struct ifreq if_mtu;
-
- fd = socket(AF_INET, SOCK_STREAM, 0);
- if(fd < 0) {
- return -1;
- }
- strncpy(if_mtu.ifr_name, ifname, IFNAMSIZ);
- if_mtu.ifr_name[IFNAMSIZ - 1] = '\0';
- if(ioctl(fd, SIOCGIFMTU, &if_mtu) < 0) {
- return -1;
- }
- return if_mtu.ifr_mtu;
-}
+++ /dev/null
-/*
- * Copyright 2011 Daniel Drown
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * mtu.c - get interface mtu
- */
-
-#ifndef __MTU_H__
-#define __MTU_H__
-
-int getifmtu(const char *ifname);
-
-#endif
+++ /dev/null
-/*
- * Copyright 2012 Daniel Drown <dan-android@drown.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * netlink_callbacks.c - generic callbacks for netlink responses
- */
-#include <netinet/in.h>
-#include <net/if.h>
-
-#include <linux/rtnetlink.h>
-#include <netlink/handlers.h>
-#include <netlink/msg.h>
-
-/* function: ack_handler
- * generic netlink callback for ack messages
- * msg - netlink message
- * data - pointer to an int, stores the success code
- */
-static int ack_handler(__attribute__((unused)) struct nl_msg *msg, void *data) {
- int *retval = data;
- *retval = 0;
- return NL_OK;
-}
-
-/* function: error_handler
- * generic netlink callback for error messages
- * nla - error source
- * err - netlink error message
- * arg - pointer to an int, stores the error code
- */
-static int error_handler(__attribute__((unused)) struct sockaddr_nl *nla,
- struct nlmsgerr *err, void *arg) {
- int *retval = arg;
- if(err->error < 0) {
- *retval = err->error;
- } else {
- *retval = 0; // NLMSG_ERROR used as reply type on no error
- }
- return NL_OK;
-}
-
-/* function: alloc_ack_callbacks
- * allocates a set of netlink callbacks. returns NULL on failure. callbacks will modify retval with <0 meaning failure
- * retval - shared state between caller and callback functions
- */
-struct nl_cb *alloc_ack_callbacks(int *retval) {
- struct nl_cb *callbacks;
-
- callbacks = nl_cb_alloc(NL_CB_DEFAULT);
- if(!callbacks) {
- return NULL;
- }
- nl_cb_set(callbacks, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, retval);
- nl_cb_err(callbacks, NL_CB_CUSTOM, error_handler, retval);
- return callbacks;
-}
+++ /dev/null
-/*
- * Copyright 2012 Daniel Drown <dan-android@drown.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * netlink_callbacks.h - callbacks for netlink responses
- */
-
-#ifndef __NETLINK_CALLBACKS_H__
-#define __NETLINK_CALLBACKS_H__
-
-struct nl_cb *alloc_ack_callbacks(int *retval);
-
-#endif
+++ /dev/null
-/*
- * Copyright 2012 Daniel Drown
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * netlink_msg.c - send an ifaddrmsg/ifinfomsg/rtmsg via netlink
- */
-
-#include <netinet/in.h>
-#include <linux/netlink.h>
-#include <linux/rtnetlink.h>
-#include <string.h>
-#include <errno.h>
-
-#include <netlink-local.h>
-#include <netlink-types.h>
-#include <netlink/socket.h>
-#include <netlink/netlink.h>
-#include <netlink/msg.h>
-
-#include "netlink_msg.h"
-#include "netlink_callbacks.h"
-
-/* function: family_size
- * returns the size of the address structure for the given family, or 0 on error
- * family - AF_INET or AF_INET6
- */
-size_t inet_family_size(int family) {
- if(family == AF_INET) {
- return sizeof(struct in_addr);
- } else if(family == AF_INET6) {
- return sizeof(struct in6_addr);
- } else {
- return 0;
- }
-}
-
-/* function: nlmsg_alloc_generic
- * allocates a netlink message with the given struct inside of it. returns NULL on failure
- * type - netlink message type
- * flags - netlink message flags
- * payload_struct - pointer to a struct to add to netlink message
- * payload_len - bytelength of structure
- */
-struct nl_msg *nlmsg_alloc_generic(uint16_t type, uint16_t flags, void *payload_struct, size_t payload_len) {
- struct nl_msg *msg;
-
- msg = nlmsg_alloc();
- if(!msg) {
- return NULL;
- }
-
- if ((sizeof(struct nl_msg) + payload_len) > msg->nm_size) {
- nlmsg_free(msg);
- return NULL;
- }
-
- msg->nm_nlh->nlmsg_len = NLMSG_LENGTH(payload_len);
- msg->nm_nlh->nlmsg_flags = flags;
- msg->nm_nlh->nlmsg_type = type;
-
- memcpy(nlmsg_data(msg->nm_nlh), payload_struct, payload_len);
-
- return msg;
-}
-
-/* function: nlmsg_alloc_ifaddr
- * allocates a netlink message with a struct ifaddrmsg inside of it. returns NULL on failure
- * type - netlink message type
- * flags - netlink message flags
- * ifa - ifaddrmsg to copy into the new netlink message
- */
-struct nl_msg *nlmsg_alloc_ifaddr(uint16_t type, uint16_t flags, struct ifaddrmsg *ifa) {
- return nlmsg_alloc_generic(type, flags, ifa, sizeof(*ifa));
-}
-
-/* function: nlmsg_alloc_ifinfo
- * allocates a netlink message with a struct ifinfomsg inside of it. returns NULL on failure
- * type - netlink message type
- * flags - netlink message flags
- * ifi - ifinfomsg to copy into the new netlink message
- */
-struct nl_msg *nlmsg_alloc_ifinfo(uint16_t type, uint16_t flags, struct ifinfomsg *ifi) {
- return nlmsg_alloc_generic(type, flags, ifi, sizeof(*ifi));
-}
-
-/* function: nlmsg_alloc_rtmsg
- * allocates a netlink message with a struct rtmsg inside of it. returns NULL on failure
- * type - netlink message type
- * flags - netlink message flags
- * rt - rtmsg to copy into the new netlink message
- */
-struct nl_msg *nlmsg_alloc_rtmsg(uint16_t type, uint16_t flags, struct rtmsg *rt) {
- return nlmsg_alloc_generic(type, flags, rt, sizeof(*rt));
-}
-
-/* function: netlink_set_kernel_only
- * sets a socket to receive messages only from the kernel
- * sock - socket to connect
- */
-int netlink_set_kernel_only(struct nl_sock *nl_sk) {
- struct sockaddr_nl addr = { AF_NETLINK, 0, 0, 0 };
-
- if (!nl_sk) {
- return -EFAULT;
- }
-
- int sockfd = nl_socket_get_fd(nl_sk);
- return connect(sockfd, (struct sockaddr *) &addr, sizeof(addr));
-}
-
-/* function: send_netlink_msg
- * sends a netlink message, reads a response, and hands the response(s) to the callbacks
- * msg - netlink message to send
- * callbacks - callbacks to use on responses
- */
-void send_netlink_msg(struct nl_msg *msg, struct nl_cb *callbacks) {
- struct nl_sock *nl_sk;
-
- nl_sk = nl_socket_alloc();
- if(!nl_sk)
- goto cleanup;
-
- if(nl_connect(nl_sk, NETLINK_ROUTE) != 0)
- goto cleanup;
-
- if(nl_send_auto_complete(nl_sk, msg) < 0)
- goto cleanup;
-
- if(netlink_set_kernel_only(nl_sk) < 0)
- goto cleanup;
-
- nl_recvmsgs(nl_sk, callbacks);
-
-cleanup:
- if(nl_sk)
- nl_socket_free(nl_sk);
-}
-
-/* function: send_ifaddrmsg
- * sends a netlink/ifaddrmsg message and hands the responses to the callbacks
- * type - netlink message type
- * flags - netlink message flags
- * ifa - ifaddrmsg to send
- * callbacks - callbacks to use with the responses
- */
-void send_ifaddrmsg(uint16_t type, uint16_t flags, struct ifaddrmsg *ifa, struct nl_cb *callbacks) {
- struct nl_msg *msg = NULL;
-
- msg = nlmsg_alloc_ifaddr(type, flags, ifa);
- if(!msg)
- return;
-
- send_netlink_msg(msg, callbacks);
-
- nlmsg_free(msg);
-}
-
-/* function: netlink_sendrecv
- * send a nl_msg and return an int status - only supports OK/ERROR responses
- * msg - msg to send
- */
-int netlink_sendrecv(struct nl_msg *msg) {
- struct nl_cb *callbacks = NULL;
- int retval = -EIO;
-
- callbacks = alloc_ack_callbacks(&retval);
- if(!callbacks) {
- return -ENOMEM;
- }
-
- send_netlink_msg(msg, callbacks);
-
- nl_cb_put(callbacks);
-
- return retval;
-}
+++ /dev/null
-/*
- * Copyright 2012 Daniel Drown
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * netlink_msg.h - send an ifaddrmsg/ifinfomsg via netlink
- */
-#ifndef __NETLINK_IFMSG_H__
-#define __NETLINK_IFMSG_H__
-
-size_t inet_family_size(int family);
-struct nl_msg *nlmsg_alloc_ifaddr(uint16_t type, uint16_t flags, struct ifaddrmsg *ifa);
-struct nl_msg *nlmsg_alloc_ifinfo(uint16_t type, uint16_t flags, struct ifinfomsg *ifi);
-struct nl_msg *nlmsg_alloc_rtmsg(uint16_t type, uint16_t flags, struct rtmsg *rt);
-void send_netlink_msg(struct nl_msg *msg, struct nl_cb *callbacks);
-void send_ifaddrmsg(uint16_t type, uint16_t flags, struct ifaddrmsg *ifa, struct nl_cb *callbacks);
-int netlink_sendrecv(struct nl_msg *msg);
-int netlink_set_kernel_only(struct nl_sock *nl_sk);
-
-#endif
+++ /dev/null
-/*
- * Copyright 2014 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * ring.c - packet ring buffer functions
- */
-
-#include <errno.h>
-#include <string.h>
-#include <arpa/inet.h>
-#include <sys/socket.h>
-#include <sys/mman.h>
-#include <linux/if.h>
-#include <linux/if_packet.h>
-
-#include "logging.h"
-#include "ring.h"
-#include "translate.h"
-#include "tun.h"
-
-int ring_create(struct tun_data *tunnel) {
- int packetsock = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_IPV6));
- if (packetsock < 0) {
- logmsg(ANDROID_LOG_FATAL, "packet socket failed: %s", strerror(errno));
- return -1;
- }
-
- int ver = TPACKET_V2;
- if (setsockopt(packetsock, SOL_PACKET, PACKET_VERSION, (void *) &ver, sizeof(ver))) {
- logmsg(ANDROID_LOG_FATAL, "setsockopt(PACKET_VERSION, %d) failed: %s", ver, strerror(errno));
- return -1;
- }
-
- int on = 1;
- if (setsockopt(packetsock, SOL_PACKET, PACKET_LOSS, (void *) &on, sizeof(on))) {
- logmsg(ANDROID_LOG_WARN, "PACKET_LOSS failed: %s", strerror(errno));
- }
-
- struct packet_ring *ring = &tunnel->ring;
- ring->numblocks = TP_NUM_BLOCKS;
-
- int total_frames = TP_FRAMES * ring->numblocks;
-
- struct tpacket_req req = {
- .tp_frame_size = TP_FRAME_SIZE, // Frame size.
- .tp_block_size = TP_BLOCK_SIZE, // Frames per block.
- .tp_block_nr = ring->numblocks, // Number of blocks.
- .tp_frame_nr = total_frames, // Total frames.
- };
-
- if (setsockopt(packetsock, SOL_PACKET, PACKET_RX_RING, &req, sizeof(req)) < 0) {
- logmsg(ANDROID_LOG_FATAL, "PACKET_RX_RING failed: %s", strerror(errno));
- return -1;
- }
-
- size_t buflen = TP_BLOCK_SIZE * ring->numblocks;
- ring->base = mmap(NULL, buflen, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_LOCKED|MAP_POPULATE,
- packetsock, 0);
- if (ring->base == MAP_FAILED) {
- logmsg(ANDROID_LOG_FATAL, "mmap %lu failed: %s", buflen, strerror(errno));
- return -1;
- }
-
- ring->block = 0;
- ring->slot = 0;
- ring->numslots = TP_BLOCK_SIZE / TP_FRAME_SIZE;
- ring->next = (struct tpacket2_hdr *) ring->base;
-
- logmsg(ANDROID_LOG_INFO, "Using ring buffer with %d frames (%d bytes) at %p",
- total_frames, buflen, ring->base);
-
- return packetsock;
-}
-
-/* function: ring_advance
- * advances to the next position in the packet ring
- * ring - packet ring buffer
- */
-static struct tpacket2_hdr* ring_advance(struct packet_ring *ring) {
- uint8_t *next = (uint8_t *) ring->next;
-
- ring->slot++;
- next += TP_FRAME_SIZE;
-
- if (ring->slot == ring->numslots) {
- ring->slot = 0;
- ring->block++;
-
- if (ring->block < ring->numblocks) {
- next += TP_FRAME_GAP;
- } else {
- ring->block = 0;
- next = (uint8_t *) ring->base;
- }
- }
-
- ring->next = (struct tpacket2_hdr *) next;
- return ring->next;
-}
-
-/* function: ring_read
- * reads a packet from the ring buffer and translates it
- * read_fd - file descriptor to read original packet from
- * write_fd - file descriptor to write translated packet to
- * to_ipv6 - whether the packet is to be translated to ipv6 or ipv4
- */
-void ring_read(struct packet_ring *ring, int write_fd, int to_ipv6) {
- struct tpacket2_hdr *tp = ring->next;
- if (tp->tp_status & TP_STATUS_USER) {
- uint8_t *packet = ((uint8_t *) tp) + tp->tp_net;
- translate_packet(write_fd, to_ipv6, packet, tp->tp_len);
- tp->tp_status = TP_STATUS_KERNEL;
- tp = ring_advance(ring);
- }
-}
+++ /dev/null
-/*
- * Copyright 2014 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * ring.c - packet ring buffer functions
- */
-#ifndef __RING_H__
-#define __RING_H__
-
-#include <linux/if.h>
-#include <linux/if_packet.h>
-
-#include "clatd.h"
-
-struct tun_data;
-
-// Frame size. Must be a multiple of TPACKET_ALIGNMENT (=16)
-// Why the 16? http://lxr.free-electrons.com/source/net/packet/af_packet.c?v=3.4#L1764
-#define TP_FRAME_SIZE (TPACKET_ALIGN(MAXMTU) + TPACKET_ALIGN(TPACKET2_HDRLEN) + 16)
-
-// Block size. Must be a multiple of the page size, and a power of two for efficient memory use.
-#define TP_BLOCK_SIZE 65536
-
-// In order to save memory, our frames are not an exact divider of the block size. Therefore, the
-// mmaped region will have gaps corresponding to the empty space at the end of each block.
-#define TP_FRAMES (TP_BLOCK_SIZE / TP_FRAME_SIZE)
-#define TP_FRAME_GAP (TP_BLOCK_SIZE % TP_FRAME_SIZE)
-
-// TODO: Make this configurable. This requires some refactoring because the packet socket is
-// opened before we drop privileges, but the configuration file is read after. A value of 16
-// results in 656 frames (1048576 bytes).
-#define TP_NUM_BLOCKS 16
-
-struct packet_ring {
- uint8_t *base;
- struct tpacket2_hdr *next;
- int slot, numslots;
- int block, numblocks;
-};
-
-int ring_create(struct tun_data *tunnel);
-void ring_read(struct packet_ring *ring, int write_fd, int to_ipv6);
-
-#endif
+++ /dev/null
-/*
- * Copyright 2012 Daniel Drown <dan-android@drown.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * setif.c - network interface configuration
- */
-#include <errno.h>
-#include <netinet/in.h>
-#include <net/if.h>
-
-#include <linux/rtnetlink.h>
-#include <netlink/handlers.h>
-#include <netlink/msg.h>
-
-#include "logging.h"
-#include "netlink_msg.h"
-
-#define DEBUG_OPTNAME(a) case (a): { optname = #a; break; }
-
-/* function: add_address
- * adds an IP address to/from an interface, returns 0 on success and <0 on failure
- * ifname - name of interface to change
- * family - address family (AF_INET, AF_INET6)
- * address - pointer to a struct in_addr or in6_addr
- * prefixlen - bitlength of network (example: 24 for AF_INET's 255.255.255.0)
- * broadcast - broadcast address (only for AF_INET, ignored for AF_INET6)
- */
-int add_address(const char *ifname, int family, const void *address, int prefixlen, const void *broadcast) {
- int retval;
- size_t addr_size;
- struct ifaddrmsg ifa;
- struct nl_msg *msg = NULL;
-
- addr_size = inet_family_size(family);
- if(addr_size == 0) {
- retval = -EAFNOSUPPORT;
- goto cleanup;
- }
-
- memset(&ifa, 0, sizeof(ifa));
- if (!(ifa.ifa_index = if_nametoindex(ifname))) {
- retval = -ENODEV;
- goto cleanup;
- }
- ifa.ifa_family = family;
- ifa.ifa_prefixlen = prefixlen;
- ifa.ifa_scope = RT_SCOPE_UNIVERSE;
-
- msg = nlmsg_alloc_ifaddr(RTM_NEWADDR, NLM_F_ACK | NLM_F_REQUEST | NLM_F_CREATE | NLM_F_REPLACE, &ifa);
- if(!msg) {
- retval = -ENOMEM;
- goto cleanup;
- }
-
- if(nla_put(msg, IFA_LOCAL, addr_size, address) < 0) {
- retval = -ENOMEM;
- goto cleanup;
- }
- if(family == AF_INET6) {
- // AF_INET6 gets IFA_LOCAL + IFA_ADDRESS
- if(nla_put(msg, IFA_ADDRESS, addr_size, address) < 0) {
- retval = -ENOMEM;
- goto cleanup;
- }
- } else if(family == AF_INET) {
- // AF_INET gets IFA_LOCAL + IFA_BROADCAST
- if(nla_put(msg, IFA_BROADCAST, addr_size, broadcast) < 0) {
- retval = -ENOMEM;
- goto cleanup;
- }
- } else {
- retval = -EAFNOSUPPORT;
- goto cleanup;
- }
-
- retval = netlink_sendrecv(msg);
-
-cleanup:
- if(msg)
- nlmsg_free(msg);
-
- return retval;
-}
-
-/* function: if_up
- * sets interface link state to up and sets mtu, returns 0 on success and <0 on failure
- * ifname - interface name to change
- * mtu - new mtu
- */
-int if_up(const char *ifname, int mtu) {
- int retval = -1;
- struct ifinfomsg ifi;
- struct nl_msg *msg = NULL;
-
- memset(&ifi, 0, sizeof(ifi));
- if (!(ifi.ifi_index = if_nametoindex(ifname))) {
- retval = -ENODEV;
- goto cleanup;
- }
- ifi.ifi_change = IFF_UP;
- ifi.ifi_flags = IFF_UP;
-
- msg = nlmsg_alloc_ifinfo(RTM_SETLINK, NLM_F_ACK | NLM_F_REQUEST | NLM_F_ROOT, &ifi);
- if(!msg) {
- retval = -ENOMEM;
- goto cleanup;
- }
-
- if(nla_put(msg, IFLA_MTU, 4, &mtu) < 0) {
- retval = -ENOMEM;
- goto cleanup;
- }
-
- retval = netlink_sendrecv(msg);
-
-cleanup:
- if(msg)
- nlmsg_free(msg);
-
- return retval;
-}
-
-static int do_anycast_setsockopt(int sock, int what, struct in6_addr *addr, int ifindex) {
- struct ipv6_mreq mreq = { *addr, ifindex };
- char *optname;
- int ret;
-
- switch (what) {
- DEBUG_OPTNAME(IPV6_JOIN_ANYCAST)
- DEBUG_OPTNAME(IPV6_LEAVE_ANYCAST)
- default:
- optname = "???";
- break;
- }
-
- ret = setsockopt(sock, SOL_IPV6, what, &mreq, sizeof(mreq));
- if (ret) {
- logmsg(ANDROID_LOG_ERROR, "%s: setsockopt(%s): %s", __func__, optname, strerror(errno));
- }
-
- return ret;
-}
-
-/* function: add_anycast_address
- * adds an anycast IPv6 address to an interface, returns 0 on success and <0 on failure
- * sock - the socket to add the address to
- * addr - the IP address to add
- * ifname - name of interface to add the address to
- */
-int add_anycast_address(int sock, struct in6_addr *addr, const char *ifname) {
- int ifindex;
-
- ifindex = if_nametoindex(ifname);
- if (!ifindex) {
- logmsg(ANDROID_LOG_ERROR, "%s: unknown ifindex for interface %s", __func__, ifname);
- return -ENODEV;
- }
-
- return do_anycast_setsockopt(sock, IPV6_JOIN_ANYCAST, addr, ifindex);
-}
-
-/* function: del_anycast_address
- * removes an anycast IPv6 address from the system, returns 0 on success and <0 on failure
- * sock - the socket to remove from, must have had the address added via add_anycast_address
- * addr - the IP address to remove
- */
-int del_anycast_address(int sock, struct in6_addr *addr) {
- return do_anycast_setsockopt(sock, IPV6_LEAVE_ANYCAST, addr, 0);
-}
+++ /dev/null
-/*
- * Copyright 2012 Daniel Drown
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * setif.h - network interface configuration
- */
-#ifndef __SETIF_H__
-#define __SETIF_H__
-
-int add_address(const char *ifname, int family, const void *address, int cidr, const void *broadcast);
-int if_up(const char *ifname, int mtu);
-
-int add_anycast_address(int sock, const struct in6_addr *addr, const char *interface);
-int del_anycast_address(int sock, const struct in6_addr *addr);
-
-#endif
+++ /dev/null
-/*
- * Copyright 2011 Daniel Drown
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * translate.c - CLAT functions / partial implementation of rfc6145
- */
-#include <string.h>
-
-#include "icmp.h"
-#include "translate.h"
-#include "checksum.h"
-#include "clatd.h"
-#include "config.h"
-#include "logging.h"
-#include "debug.h"
-#include "tun.h"
-
-/* function: packet_checksum
- * calculates the checksum over all the packet components starting from pos
- * checksum - checksum of packet components before pos
- * packet - packet to calculate the checksum of
- * pos - position to start counting from
- * returns - the completed 16-bit checksum, ready to write into a checksum header field
- */
-uint16_t packet_checksum(uint32_t checksum, clat_packet packet, clat_packet_index pos) {
- int i;
- for (i = pos; i < CLAT_POS_MAX; i++) {
- if (packet[i].iov_len > 0) {
- checksum = ip_checksum_add(checksum, packet[i].iov_base, packet[i].iov_len);
- }
- }
- return ip_checksum_finish(checksum);
-}
-
-/* function: packet_length
- * returns the total length of all the packet components after pos
- * packet - packet to calculate the length of
- * pos - position to start counting after
- * returns: the total length of the packet components after pos
- */
-uint16_t packet_length(clat_packet packet, clat_packet_index pos) {
- size_t len = 0;
- int i;
- for (i = pos + 1; i < CLAT_POS_MAX; i++) {
- len += packet[i].iov_len;
- }
- return len;
-}
-
-/* function: is_in_plat_subnet
- * returns true iff the given IPv6 address is in the plat subnet.
- * addr - IPv6 address
- */
-int is_in_plat_subnet(const struct in6_addr *addr6) {
- // Assumes a /96 plat subnet.
- return (addr6 != NULL) && (memcmp(addr6, &Global_Clatd_Config.plat_subnet, 12) == 0);
-}
-
-/* function: ipv6_addr_to_ipv4_addr
- * return the corresponding ipv4 address for the given ipv6 address
- * addr6 - ipv6 address
- * returns: the IPv4 address
- */
-uint32_t ipv6_addr_to_ipv4_addr(const struct in6_addr *addr6) {
- if (is_in_plat_subnet(addr6)) {
- // Assumes a /96 plat subnet.
- return addr6->s6_addr32[3];
- } else if (IN6_ARE_ADDR_EQUAL(addr6, &Global_Clatd_Config.ipv6_local_subnet)) {
- // Special-case our own address.
- return Global_Clatd_Config.ipv4_local_subnet.s_addr;
- } else {
- // Third party packet. Let the caller deal with it.
- return INADDR_NONE;
- }
-}
-
-/* function: ipv4_addr_to_ipv6_addr
- * return the corresponding ipv6 address for the given ipv4 address
- * addr4 - ipv4 address
- */
-struct in6_addr ipv4_addr_to_ipv6_addr(uint32_t addr4) {
- struct in6_addr addr6;
- // Both addresses are in network byte order (addr4 comes from a network packet, and the config
- // file entry is read using inet_ntop).
- if (addr4 == Global_Clatd_Config.ipv4_local_subnet.s_addr) {
- return Global_Clatd_Config.ipv6_local_subnet;
- } else {
- // Assumes a /96 plat subnet.
- addr6 = Global_Clatd_Config.plat_subnet;
- addr6.s6_addr32[3] = addr4;
- return addr6;
- }
-}
-
-/* function: fill_tun_header
- * fill in the header for the tun fd
- * tun_header - tunnel header, already allocated
- * proto - ethernet protocol id: ETH_P_IP(ipv4) or ETH_P_IPV6(ipv6)
- */
-void fill_tun_header(struct tun_pi *tun_header, uint16_t proto) {
- tun_header->flags = 0;
- tun_header->proto = htons(proto);
-}
-
-/* function: fill_ip_header
- * generate an ipv4 header from an ipv6 header
- * ip_targ - (ipv4) target packet header, source: original ipv4 addr, dest: local subnet addr
- * payload_len - length of other data inside packet
- * protocol - protocol number (tcp, udp, etc)
- * old_header - (ipv6) source packet header, source: nat64 prefix, dest: local subnet prefix
- */
-void fill_ip_header(struct iphdr *ip, uint16_t payload_len, uint8_t protocol,
- const struct ip6_hdr *old_header) {
- int ttl_guess;
- memset(ip, 0, sizeof(struct iphdr));
-
- ip->ihl = 5;
- ip->version = 4;
- ip->tos = 0;
- ip->tot_len = htons(sizeof(struct iphdr) + payload_len);
- ip->id = 0;
- ip->frag_off = htons(IP_DF);
- ip->ttl = old_header->ip6_hlim;
- ip->protocol = protocol;
- ip->check = 0;
-
- ip->saddr = ipv6_addr_to_ipv4_addr(&old_header->ip6_src);
- ip->daddr = ipv6_addr_to_ipv4_addr(&old_header->ip6_dst);
-
- // Third-party ICMPv6 message. This may have been originated by an native IPv6 address.
- // In that case, the source IPv6 address can't be translated and we need to make up an IPv4
- // source address. For now, use 255.0.0.<ttl>, which at least looks useful in traceroute.
- if ((uint32_t) ip->saddr == INADDR_NONE) {
- ttl_guess = icmp_guess_ttl(old_header->ip6_hlim);
- ip->saddr = htonl((0xff << 24) + ttl_guess);
- }
-}
-
-/* function: fill_ip6_header
- * generate an ipv6 header from an ipv4 header
- * ip6 - (ipv6) target packet header, source: local subnet prefix, dest: nat64 prefix
- * payload_len - length of other data inside packet
- * protocol - protocol number (tcp, udp, etc)
- * old_header - (ipv4) source packet header, source: local subnet addr, dest: internet's ipv4 addr
- */
-void fill_ip6_header(struct ip6_hdr *ip6, uint16_t payload_len, uint8_t protocol,
- const struct iphdr *old_header) {
- memset(ip6, 0, sizeof(struct ip6_hdr));
-
- ip6->ip6_vfc = 6 << 4;
- ip6->ip6_plen = htons(payload_len);
- ip6->ip6_nxt = protocol;
- ip6->ip6_hlim = old_header->ttl;
-
- ip6->ip6_src = ipv4_addr_to_ipv6_addr(old_header->saddr);
- ip6->ip6_dst = ipv4_addr_to_ipv6_addr(old_header->daddr);
-}
-
-/* function: maybe_fill_frag_header
- * fills a fragmentation header
- * generate an ipv6 fragment header from an ipv4 header
- * frag_hdr - target (ipv6) fragmentation header
- * ip6_targ - target (ipv6) header
- * old_header - (ipv4) source packet header
- * returns: the length of the fragmentation header if present, or zero if not present
- */
-size_t maybe_fill_frag_header(struct ip6_frag *frag_hdr, struct ip6_hdr *ip6_targ,
- const struct iphdr *old_header) {
- uint16_t frag_flags = ntohs(old_header->frag_off);
- uint16_t frag_off = frag_flags & IP_OFFMASK;
- if (frag_off == 0 && (frag_flags & IP_MF) == 0) {
- // Not a fragment.
- return 0;
- }
-
- frag_hdr->ip6f_nxt = ip6_targ->ip6_nxt;
- frag_hdr->ip6f_reserved = 0;
- // In IPv4, the offset is the bottom 13 bits; in IPv6 it's the top 13 bits.
- frag_hdr->ip6f_offlg = htons(frag_off << 3);
- if (frag_flags & IP_MF) {
- frag_hdr->ip6f_offlg |= IP6F_MORE_FRAG;
- }
- frag_hdr->ip6f_ident = htonl(ntohs(old_header->id));
- ip6_targ->ip6_nxt = IPPROTO_FRAGMENT;
-
- return sizeof(*frag_hdr);
-}
-
-/* function: parse_frag_header
- * return the length of the fragmentation header if present, or zero if not present
- * generate an ipv6 fragment header from an ipv4 header
- * frag_hdr - (ipv6) fragmentation header
- * ip_targ - target (ipv4) header
- * returns: the next header value
- */
-uint8_t parse_frag_header(const struct ip6_frag *frag_hdr, struct iphdr *ip_targ) {
- uint16_t frag_off = (ntohs(frag_hdr->ip6f_offlg & IP6F_OFF_MASK) >> 3);
- if (frag_hdr->ip6f_offlg & IP6F_MORE_FRAG) {
- frag_off |= IP_MF;
- }
- ip_targ->frag_off = htons(frag_off);
- ip_targ->id = htons(ntohl(frag_hdr->ip6f_ident) & 0xffff);
- ip_targ->protocol = frag_hdr->ip6f_nxt;
- return frag_hdr->ip6f_nxt;
-}
-
-/* function: icmp_to_icmp6
- * translate ipv4 icmp to ipv6 icmp
- * out - output packet
- * icmp - source packet icmp header
- * checksum - pseudo-header checksum
- * payload - icmp payload
- * payload_size - size of payload
- * returns: the highest position in the output clat_packet that's filled in
- */
-int icmp_to_icmp6(clat_packet out, clat_packet_index pos, const struct icmphdr *icmp,
- uint32_t checksum, const uint8_t *payload, size_t payload_size) {
- struct icmp6_hdr *icmp6_targ = out[pos].iov_base;
- uint8_t icmp6_type;
- int clat_packet_len;
-
- memset(icmp6_targ, 0, sizeof(struct icmp6_hdr));
-
- icmp6_type = icmp_to_icmp6_type(icmp->type, icmp->code);
- icmp6_targ->icmp6_type = icmp6_type;
- icmp6_targ->icmp6_code = icmp_to_icmp6_code(icmp->type, icmp->code);
-
- out[pos].iov_len = sizeof(struct icmp6_hdr);
-
- if (pos == CLAT_POS_TRANSPORTHDR &&
- is_icmp_error(icmp->type) &&
- icmp6_type != ICMP6_PARAM_PROB) {
- // An ICMP error we understand, one level deep.
- // Translate the nested packet (the one that caused the error).
- clat_packet_len = ipv4_packet(out, pos + 1, payload, payload_size);
-
- // The pseudo-header checksum was calculated on the transport length of the original IPv4
- // packet that we were asked to translate. This transport length is 20 bytes smaller than it
- // needs to be, because the ICMP error contains an IPv4 header, which we will be translating to
- // an IPv6 header, which is 20 bytes longer. Fix it up here.
- // We only need to do this for ICMP->ICMPv6, not ICMPv6->ICMP, because ICMP does not use the
- // pseudo-header when calculating its checksum (as the IPv4 header has its own checksum).
- checksum = checksum + htons(20);
- } else if (icmp6_type == ICMP6_ECHO_REQUEST || icmp6_type == ICMP6_ECHO_REPLY) {
- // Ping packet.
- icmp6_targ->icmp6_id = icmp->un.echo.id;
- icmp6_targ->icmp6_seq = icmp->un.echo.sequence;
- out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload;
- out[CLAT_POS_PAYLOAD].iov_len = payload_size;
- clat_packet_len = CLAT_POS_PAYLOAD + 1;
- } else {
- // Unknown type/code. The type/code conversion functions have already logged an error.
- return 0;
- }
-
- icmp6_targ->icmp6_cksum = 0; // Checksum field must be 0 when calculating checksum.
- icmp6_targ->icmp6_cksum = packet_checksum(checksum, out, pos);
-
- return clat_packet_len;
-}
-
-/* function: icmp6_to_icmp
- * translate ipv6 icmp to ipv4 icmp
- * out - output packet
- * icmp6 - source packet icmp6 header
- * payload - icmp6 payload
- * payload_size - size of payload
- * returns: the highest position in the output clat_packet that's filled in
- */
-int icmp6_to_icmp(clat_packet out, clat_packet_index pos, const struct icmp6_hdr *icmp6,
- const uint8_t *payload, size_t payload_size) {
- struct icmphdr *icmp_targ = out[pos].iov_base;
- uint8_t icmp_type;
- int clat_packet_len;
-
- memset(icmp_targ, 0, sizeof(struct icmphdr));
-
- icmp_type = icmp6_to_icmp_type(icmp6->icmp6_type, icmp6->icmp6_code);
- icmp_targ->type = icmp_type;
- icmp_targ->code = icmp6_to_icmp_code(icmp6->icmp6_type, icmp6->icmp6_code);
-
- out[pos].iov_len = sizeof(struct icmphdr);
-
- if (pos == CLAT_POS_TRANSPORTHDR &&
- is_icmp6_error(icmp6->icmp6_type) &&
- icmp_type != ICMP_PARAMETERPROB) {
- // An ICMPv6 error we understand, one level deep.
- // Translate the nested packet (the one that caused the error).
- clat_packet_len = ipv6_packet(out, pos + 1, payload, payload_size);
- } else if (icmp_type == ICMP_ECHO || icmp_type == ICMP_ECHOREPLY) {
- // Ping packet.
- icmp_targ->un.echo.id = icmp6->icmp6_id;
- icmp_targ->un.echo.sequence = icmp6->icmp6_seq;
- out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload;
- out[CLAT_POS_PAYLOAD].iov_len = payload_size;
- clat_packet_len = CLAT_POS_PAYLOAD + 1;
- } else {
- // Unknown type/code. The type/code conversion functions have already logged an error.
- return 0;
- }
-
- icmp_targ->checksum = 0; // Checksum field must be 0 when calculating checksum.
- icmp_targ->checksum = packet_checksum(0, out, pos);
-
- return clat_packet_len;
-}
-
-/* function: generic_packet
- * takes a generic IP packet and sets it up for translation
- * out - output packet
- * pos - position in the output packet of the transport header
- * payload - pointer to IP payload
- * len - size of ip payload
- * returns: the highest position in the output clat_packet that's filled in
- */
-int generic_packet(clat_packet out, clat_packet_index pos, const uint8_t *payload, size_t len) {
- out[pos].iov_len = 0;
- out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload;
- out[CLAT_POS_PAYLOAD].iov_len = len;
-
- return CLAT_POS_PAYLOAD + 1;
-}
-
-/* function: udp_packet
- * takes a udp packet and sets it up for translation
- * out - output packet
- * udp - pointer to udp header in packet
- * old_sum - pseudo-header checksum of old header
- * new_sum - pseudo-header checksum of new header
- * len - size of ip payload
- */
-int udp_packet(clat_packet out, clat_packet_index pos, const struct udphdr *udp,
- uint32_t old_sum, uint32_t new_sum, size_t len) {
- const uint8_t *payload;
- size_t payload_size;
-
- if(len < sizeof(struct udphdr)) {
- logmsg_dbg(ANDROID_LOG_ERROR,"udp_packet/(too small)");
- return 0;
- }
-
- payload = (const uint8_t *) (udp + 1);
- payload_size = len - sizeof(struct udphdr);
-
- return udp_translate(out, pos, udp, old_sum, new_sum, payload, payload_size);
-}
-
-/* function: tcp_packet
- * takes a tcp packet and sets it up for translation
- * out - output packet
- * tcp - pointer to tcp header in packet
- * checksum - pseudo-header checksum
- * len - size of ip payload
- * returns: the highest position in the output clat_packet that's filled in
- */
-int tcp_packet(clat_packet out, clat_packet_index pos, const struct tcphdr *tcp,
- uint32_t old_sum, uint32_t new_sum, size_t len) {
- const uint8_t *payload;
- size_t payload_size, header_size;
-
- if(len < sizeof(struct tcphdr)) {
- logmsg_dbg(ANDROID_LOG_ERROR,"tcp_packet/(too small)");
- return 0;
- }
-
- if(tcp->doff < 5) {
- logmsg_dbg(ANDROID_LOG_ERROR,"tcp_packet/tcp header length set to less than 5: %x", tcp->doff);
- return 0;
- }
-
- if((size_t) tcp->doff*4 > len) {
- logmsg_dbg(ANDROID_LOG_ERROR,"tcp_packet/tcp header length set too large: %x", tcp->doff);
- return 0;
- }
-
- header_size = tcp->doff * 4;
- payload = ((const uint8_t *) tcp) + header_size;
- payload_size = len - header_size;
-
- return tcp_translate(out, pos, tcp, header_size, old_sum, new_sum, payload, payload_size);
-}
-
-/* function: udp_translate
- * common between ipv4/ipv6 - setup checksum and send udp packet
- * out - output packet
- * udp - udp header
- * old_sum - pseudo-header checksum of old header
- * new_sum - pseudo-header checksum of new header
- * payload - tcp payload
- * payload_size - size of payload
- * returns: the highest position in the output clat_packet that's filled in
- */
-int udp_translate(clat_packet out, clat_packet_index pos, const struct udphdr *udp,
- uint32_t old_sum, uint32_t new_sum, const uint8_t *payload, size_t payload_size) {
- struct udphdr *udp_targ = out[pos].iov_base;
-
- memcpy(udp_targ, udp, sizeof(struct udphdr));
-
- out[pos].iov_len = sizeof(struct udphdr);
- out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload;
- out[CLAT_POS_PAYLOAD].iov_len = payload_size;
-
- if (udp_targ->check) {
- udp_targ->check = ip_checksum_adjust(udp->check, old_sum, new_sum);
- } else {
- // Zero checksums are special. RFC 768 says, "An all zero transmitted checksum value means that
- // the transmitter generated no checksum (for debugging or for higher level protocols that
- // don't care)." However, in IPv6 zero UDP checksums were only permitted by RFC 6935 (2013). So
- // for safety we recompute it.
- udp_targ->check = 0; // Checksum field must be 0 when calculating checksum.
- udp_targ->check = packet_checksum(new_sum, out, pos);
- }
-
- // RFC 768: "If the computed checksum is zero, it is transmitted as all ones (the equivalent
- // in one's complement arithmetic)."
- if (!udp_targ->check) {
- udp_targ->check = 0xffff;
- }
-
- return CLAT_POS_PAYLOAD + 1;
-}
-
-/* function: tcp_translate
- * common between ipv4/ipv6 - setup checksum and send tcp packet
- * out - output packet
- * tcp - tcp header
- * header_size - size of tcp header including options
- * checksum - partial checksum covering ipv4/ipv6 header
- * payload - tcp payload
- * payload_size - size of payload
- * returns: the highest position in the output clat_packet that's filled in
- */
-int tcp_translate(clat_packet out, clat_packet_index pos, const struct tcphdr *tcp,
- size_t header_size, uint32_t old_sum, uint32_t new_sum,
- const uint8_t *payload, size_t payload_size) {
- struct tcphdr *tcp_targ = out[pos].iov_base;
- out[pos].iov_len = header_size;
-
- if (header_size > MAX_TCP_HDR) {
- // A TCP header cannot be more than MAX_TCP_HDR bytes long because it's a 4-bit field that
- // counts in 4-byte words. So this can never happen unless there is a bug in the caller.
- logmsg(ANDROID_LOG_ERROR, "tcp_translate: header too long %d > %d, truncating",
- header_size, MAX_TCP_HDR);
- header_size = MAX_TCP_HDR;
- }
-
- memcpy(tcp_targ, tcp, header_size);
-
- out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload;
- out[CLAT_POS_PAYLOAD].iov_len = payload_size;
-
- tcp_targ->check = ip_checksum_adjust(tcp->check, old_sum, new_sum);
-
- return CLAT_POS_PAYLOAD + 1;
-}
-
-// Weak symbol so we can override it in the unit test.
-void send_rawv6(int fd, clat_packet out, int iov_len) __attribute__((weak));
-
-void send_rawv6(int fd, clat_packet out, int iov_len) {
- // A send on a raw socket requires a destination address to be specified even if the socket's
- // protocol is IPPROTO_RAW. This is the address that will be used in routing lookups; the
- // destination address in the packet header only affects what appears on the wire, not where the
- // packet is sent to.
- static struct sockaddr_in6 sin6 = { AF_INET6, 0, 0, { { { 0, 0, 0, 0 } } }, 0 };
- static struct msghdr msg = {
- .msg_name = &sin6,
- .msg_namelen = sizeof(sin6),
- };
-
- msg.msg_iov = out,
- msg.msg_iovlen = iov_len,
- sin6.sin6_addr = ((struct ip6_hdr *) out[CLAT_POS_IPHDR].iov_base)->ip6_dst;
- sendmsg(fd, &msg, 0);
-}
-
-/* function: translate_packet
- * takes a packet, translates it, and writes it to fd
- * fd - fd to write translated packet to
- * to_ipv6 - true if translating to ipv6, false if translating to ipv4
- * packet - packet
- * packetsize - size of packet
- */
-void translate_packet(int fd, int to_ipv6, const uint8_t *packet, size_t packetsize) {
- int iov_len = 0;
-
- // Allocate buffers for all packet headers.
- struct tun_pi tun_targ;
- char iphdr[sizeof(struct ip6_hdr)];
- char fraghdr[sizeof(struct ip6_frag)];
- char transporthdr[MAX_TCP_HDR];
- char icmp_iphdr[sizeof(struct ip6_hdr)];
- char icmp_fraghdr[sizeof(struct ip6_frag)];
- char icmp_transporthdr[MAX_TCP_HDR];
-
- // iovec of the packets we'll send. This gets passed down to the translation functions.
- clat_packet out = {
- { &tun_targ, 0 }, // Tunnel header.
- { iphdr, 0 }, // IP header.
- { fraghdr, 0 }, // Fragment header.
- { transporthdr, 0 }, // Transport layer header.
- { icmp_iphdr, 0 }, // ICMP error inner IP header.
- { icmp_fraghdr, 0 }, // ICMP error fragmentation header.
- { icmp_transporthdr, 0 }, // ICMP error transport layer header.
- { NULL, 0 }, // Payload. No buffer, it's a pointer to the original payload.
- };
-
- if (to_ipv6) {
- iov_len = ipv4_packet(out, CLAT_POS_IPHDR, packet, packetsize);
- if (iov_len > 0) {
- send_rawv6(fd, out, iov_len);
- }
- } else {
- iov_len = ipv6_packet(out, CLAT_POS_IPHDR, packet, packetsize);
- if (iov_len > 0) {
- fill_tun_header(&tun_targ, ETH_P_IP);
- out[CLAT_POS_TUNHDR].iov_len = sizeof(tun_targ);
- send_tun(fd, out, iov_len);
- }
- }
-}
+++ /dev/null
-/*
- * Copyright 2011 Daniel Drown
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * translate.h - translate from one version of ip to another
- */
-#ifndef __TRANSLATE_H__
-#define __TRANSLATE_H__
-
-#include <netinet/in.h>
-#include <netinet/ip.h>
-#include <netinet/ip_icmp.h>
-#include <netinet/udp.h>
-#include <netinet/tcp.h>
-#include <netinet/ip6.h>
-#include <netinet/icmp6.h>
-#include <linux/icmp.h>
-#include <linux/if_tun.h>
-
-#include "clatd.h"
-
-#define MAX_TCP_HDR (15 * 4) // Data offset field is 4 bits and counts in 32-bit words.
-
-// Calculates the checksum over all the packet components starting from pos.
-uint16_t packet_checksum(uint32_t checksum, clat_packet packet, clat_packet_index pos);
-
-// Returns the total length of the packet components after pos.
-uint16_t packet_length(clat_packet packet, clat_packet_index pos);
-
-// Returns true iff the given IPv6 address is in the plat subnet.
-int is_in_plat_subnet(const struct in6_addr *addr6);
-
-// Functions to create tun, IPv4, and IPv6 headers.
-void fill_tun_header(struct tun_pi *tun_header, uint16_t proto);
-void fill_ip_header(struct iphdr *ip_targ, uint16_t payload_len, uint8_t protocol,
- const struct ip6_hdr *old_header);
-void fill_ip6_header(struct ip6_hdr *ip6, uint16_t payload_len, uint8_t protocol,
- const struct iphdr *old_header);
-
-// Translate and send packets.
-void translate_packet(int fd, int to_ipv6, const uint8_t *packet, size_t packetsize);
-
-// Translate IPv4 and IPv6 packets.
-int ipv4_packet(clat_packet out, clat_packet_index pos, const uint8_t *packet, size_t len);
-int ipv6_packet(clat_packet out, clat_packet_index pos, const uint8_t *packet, size_t len);
-
-// Deal with fragmented packets.
-size_t maybe_fill_frag_header(struct ip6_frag *frag_hdr, struct ip6_hdr *ip6_targ,
- const struct iphdr *old_header);
-uint8_t parse_frag_header(const struct ip6_frag *frag_hdr, struct iphdr *ip_targ);
-
-// Deal with fragmented packets.
-size_t maybe_fill_frag_header(struct ip6_frag *frag_hdr, struct ip6_hdr *ip6_targ,
- const struct iphdr *old_header);
-uint8_t parse_frag_header(const struct ip6_frag *frag_hdr, struct iphdr *ip_targ);
-
-// Translate ICMP packets.
-int icmp_to_icmp6(clat_packet out, clat_packet_index pos, const struct icmphdr *icmp,
- uint32_t checksum, const uint8_t *payload, size_t payload_size);
-int icmp6_to_icmp(clat_packet out, clat_packet_index pos, const struct icmp6_hdr *icmp6,
- const uint8_t *payload, size_t payload_size);
-
-// Translate generic IP packets.
-int generic_packet(clat_packet out, clat_packet_index pos, const uint8_t *payload, size_t len);
-
-// Translate TCP and UDP packets.
-int tcp_packet(clat_packet out, clat_packet_index pos, const struct tcphdr *tcp,
- uint32_t old_sum, uint32_t new_sum, size_t len);
-int udp_packet(clat_packet out, clat_packet_index pos, const struct udphdr *udp,
- uint32_t old_sum, uint32_t new_sum, size_t len);
-
-int tcp_translate(clat_packet out, clat_packet_index pos, const struct tcphdr *tcp,
- size_t header_size, uint32_t old_sum, uint32_t new_sum,
- const uint8_t *payload, size_t payload_size);
-int udp_translate(clat_packet out, clat_packet_index pos, const struct udphdr *udp,
- uint32_t old_sum, uint32_t new_sum,
- const uint8_t *payload, size_t payload_size);
-
-#endif /* __TRANSLATE_H__ */
+++ /dev/null
-/*
- * Copyright 2014 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * tun.c - tun device functions
- */
-#include <fcntl.h>
-#include <string.h>
-#include <unistd.h>
-#include <arpa/inet.h>
-#include <linux/if.h>
-#include <linux/if_tun.h>
-#include <sys/ioctl.h>
-#include <sys/uio.h>
-
-#include "clatd.h"
-
-/* function: tun_open
- * tries to open the tunnel device
- */
-int tun_open() {
- int fd;
-
- fd = open("/dev/tun", O_RDWR);
- if(fd < 0) {
- fd = open("/dev/net/tun", O_RDWR);
- }
-
- return fd;
-}
-
-/* function: tun_alloc
- * creates a tun interface and names it
- * dev - the name for the new tun device
- */
-int tun_alloc(char *dev, int fd) {
- struct ifreq ifr;
- int err;
-
- memset(&ifr, 0, sizeof(ifr));
-
- ifr.ifr_flags = IFF_TUN;
- if( *dev ) {
- strncpy(ifr.ifr_name, dev, IFNAMSIZ);
- ifr.ifr_name[IFNAMSIZ-1] = '\0';
- }
-
- if( (err = ioctl(fd, TUNSETIFF, (void *) &ifr)) < 0 ){
- close(fd);
- return err;
- }
- strcpy(dev, ifr.ifr_name);
- return 0;
-}
-
-/* function: set_nonblocking
- * sets a filedescriptor to non-blocking mode
- * fd - the filedescriptor
- * returns: 0 on success, -1 on failure
- */
-int set_nonblocking(int fd) {
- int flags = fcntl(fd, F_GETFL);
- if (flags == -1) {
- return flags;
- }
- return fcntl(fd, F_SETFL, flags | O_NONBLOCK);
-}
-
-/* function: send_tun
- * sends a clat_packet to a tun interface
- * fd - the tun filedescriptor
- * out - the packet to send
- * iov_len - the number of entries in the clat_packet
- * returns: number of bytes read on success, -1 on failure
- */
-int send_tun(int fd, clat_packet out, int iov_len) {
- return writev(fd, out, iov_len);
-}
+++ /dev/null
-/*
- * Copyright 2014 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * tun.h - tun device functions
- */
-#ifndef __TUN_H__
-#define __TUN_H__
-
-#include <linux/if.h>
-
-#include "clatd.h"
-#include "ring.h"
-
-struct tun_data {
- char device4[IFNAMSIZ];
- int read_fd6, write_fd6, fd4;
- struct packet_ring ring;
-};
-
-int tun_open();
-int tun_alloc(char *dev, int fd);
-int send_tun(int fd, clat_packet out, int iov_len);
-int set_nonblocking(int fd);
-
-#endif