2013-08-06 15:20:48 +01:00
|
|
|
#include <string.h>
|
|
|
|
|
#include <assert.h>
|
|
|
|
|
|
|
|
|
|
#include "util.h"
|
|
|
|
|
#include "rlocs.h"
|
2013-08-06 14:34:53 +01:00
|
|
|
#include "packet.h"
|
|
|
|
|
|
|
|
|
|
// shamelessly copied from:
|
|
|
|
|
// http://www.roman10.net/how-to-calculate-iptcpudp-checksumpart-2-implementation/
|
|
|
|
|
unsigned short compute_checksum(unsigned short *addr, unsigned int count) {
|
|
|
|
|
|
|
|
|
|
unsigned long sum = 0;
|
|
|
|
|
|
|
|
|
|
while (count > 1) {
|
|
|
|
|
sum += * addr++;
|
|
|
|
|
count -= 2;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//if any bytes left, pad the bytes and add
|
|
|
|
|
if(count > 0) {
|
|
|
|
|
sum += ((*addr)&htons(0xFF00));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Fold sum to 16 bits: add carrier to result
|
|
|
|
|
while (sum>>16) {
|
|
|
|
|
sum = (sum & 0xffff) + (sum >> 16);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//one's complement
|
|
|
|
|
sum = ~sum;
|
|
|
|
|
|
|
|
|
|
return ((unsigned short)sum);
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2013-08-09 03:11:15 +01:00
|
|
|
void compute_ip_checksum(struct iphdr *pkt)
|
2013-08-06 14:34:53 +01:00
|
|
|
{
|
|
|
|
|
pkt->check = 0x0000;
|
|
|
|
|
pkt->check = compute_checksum( (unsigned short*) pkt, pkt->ihl * 4 );
|
|
|
|
|
}
|
2013-08-06 15:20:48 +01:00
|
|
|
|
2013-08-15 00:09:23 +01:00
|
|
|
int build_wrapped_ipv4_packet( struct peer_context *pctx, struct packet *pkt, struct rsp_data *out )
|
2013-08-06 15:20:48 +01:00
|
|
|
{
|
2013-08-09 03:11:15 +01:00
|
|
|
struct iphdr *wrap_hdr = (struct iphdr *) out->scratch;
|
|
|
|
|
uint16_t wrap_hdr_size = sizeof( struct iphdr );
|
2013-08-06 15:20:48 +01:00
|
|
|
|
2013-08-09 03:11:15 +01:00
|
|
|
ssize_t enc_size;
|
|
|
|
|
size_t orig_data_size = ntohs( pkt->hdr.ip.tot_len );
|
|
|
|
|
size_t bytes_to_encrypt = orig_data_size > 512 ? 512 : orig_data_size;
|
2013-08-06 15:20:48 +01:00
|
|
|
|
2013-08-09 03:11:15 +01:00
|
|
|
debug( "Wrapping an IPv4 packet" );
|
|
|
|
|
debug( "wrap_hdr_size: %u, orig_data_size: %zu, bytes_to_encrypt: %zu", wrap_hdr_size, orig_data_size, bytes_to_encrypt );
|
|
|
|
|
|
|
|
|
|
// Areas in scratch we'll be using later
|
|
|
|
|
// We use two bytes to store the size of the encrypted blob
|
|
|
|
|
uint16_t *pkt_enc_size = (uint16_t *) (out->scratch + wrap_hdr_size );
|
|
|
|
|
unsigned char * pkt_enc_data = out->scratch + wrap_hdr_size + 2;
|
|
|
|
|
|
|
|
|
|
// Keep track of the total size of the data in out as we go
|
|
|
|
|
uint16_t out_len = 0;
|
|
|
|
|
|
|
|
|
|
out->count = 0;
|
2013-08-06 15:20:48 +01:00
|
|
|
|
|
|
|
|
memset( wrap_hdr, 0, wrap_hdr_size );
|
|
|
|
|
|
|
|
|
|
wrap_hdr->version = 0x04;
|
|
|
|
|
wrap_hdr->ihl = wrap_hdr_size / 4;
|
|
|
|
|
wrap_hdr->ttl = IPDEFTTL;
|
|
|
|
|
wrap_hdr->protocol = IPPROTO_HIDE_EID;
|
2013-08-09 03:11:15 +01:00
|
|
|
wrap_hdr->frag_off = htons( IP_DF ); // DF bit set
|
2013-08-15 00:09:23 +01:00
|
|
|
wrap_hdr->saddr = pctx->x->addr.ip4.s_addr;
|
|
|
|
|
wrap_hdr->daddr = pctx->y->addr.ip4.s_addr;
|
2013-08-09 03:11:15 +01:00
|
|
|
// FIXME: Do we need to set an ID ?
|
2013-08-06 15:20:48 +01:00
|
|
|
|
2013-08-09 03:11:15 +01:00
|
|
|
// iovec 0: encapsulating IP header.
|
2013-08-06 15:20:48 +01:00
|
|
|
out->iovs[0].iov_base = wrap_hdr;
|
|
|
|
|
out->iovs[0].iov_len = wrap_hdr_size;
|
2013-08-09 03:11:15 +01:00
|
|
|
out_len += wrap_hdr_size;
|
|
|
|
|
out->count++;
|
2013-08-06 15:20:48 +01:00
|
|
|
|
2013-08-09 03:11:15 +01:00
|
|
|
|
|
|
|
|
// Encrypt the first 512 or so bytes of the data. FIXME: introspect and
|
|
|
|
|
// calculate exactly how many bytes for TCP, UDP, etc. to do as little work
|
|
|
|
|
// as we can get away with, here. fragments > 0 don't need encrypting at all
|
|
|
|
|
enc_size = rlocs_encrypt(
|
2013-08-15 00:09:23 +01:00
|
|
|
pctx,
|
2013-08-09 03:11:15 +01:00
|
|
|
(unsigned char *)&pkt->hdr, bytes_to_encrypt,
|
|
|
|
|
pkt_enc_data, IP_MAXPACKET - wrap_hdr_size - 2
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if ( enc_size < 0 ) {
|
|
|
|
|
debug( "Failed to encrypt, dropping packet" );
|
2013-08-06 15:20:48 +01:00
|
|
|
return 0;
|
|
|
|
|
}
|
2013-08-09 03:11:15 +01:00
|
|
|
debug( "enc_size: %li", enc_size );
|
2013-08-06 15:20:48 +01:00
|
|
|
|
2013-08-09 03:11:15 +01:00
|
|
|
*pkt_enc_size = htons( enc_size );
|
2013-08-06 15:20:48 +01:00
|
|
|
|
2013-08-09 03:11:15 +01:00
|
|
|
// iovec 1: encrypted portion of encpasulated packet
|
|
|
|
|
out->iovs[1].iov_base = pkt_enc_size;
|
|
|
|
|
out->iovs[1].iov_len = enc_size + 2;
|
|
|
|
|
out_len += enc_size + 2;
|
|
|
|
|
out->count++;
|
2013-08-06 15:20:48 +01:00
|
|
|
|
2013-08-09 03:11:15 +01:00
|
|
|
debug( "iovs[0]: %p, %zu", out->iovs[0].iov_base, out->iovs[0].iov_len );
|
|
|
|
|
debug( "iovs[1]: %p, %zu", out->iovs[1].iov_base, out->iovs[1].iov_len );
|
|
|
|
|
|
|
|
|
|
// iovec 2: unencrypted remains of encapsulated packet, if present
|
|
|
|
|
if ( bytes_to_encrypt < orig_data_size ) {
|
|
|
|
|
out->iovs[2].iov_base = ((char *) pkt) + bytes_to_encrypt;
|
|
|
|
|
out->iovs[2].iov_len = orig_data_size - bytes_to_encrypt;
|
|
|
|
|
out_len += orig_data_size - bytes_to_encrypt;
|
|
|
|
|
out->count++;
|
|
|
|
|
debug( "iovs[2]: %p, %zu", out->iovs[2].iov_base, out->iovs[2].iov_len );
|
2013-08-09 03:55:54 +01:00
|
|
|
debug( "pkt: %p", pkt );
|
2013-08-06 15:20:48 +01:00
|
|
|
}
|
2013-08-09 03:11:15 +01:00
|
|
|
|
|
|
|
|
wrap_hdr->tot_len = htons( out_len );
|
|
|
|
|
compute_ip_checksum( wrap_hdr );
|
|
|
|
|
|
|
|
|
|
debug( "Finished wrapping IPv4 packet" );
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void build_icmp_too_big( uint16_t max_mtu, struct in_addr *rloc_src, struct packet *pkt, struct rsp_data *out )
|
|
|
|
|
{
|
|
|
|
|
struct iphdr *ip = (struct iphdr*) out->scratch;
|
|
|
|
|
struct icmphdr *icmp = (struct icmphdr *) ( out->scratch + sizeof( struct iphdr ) );
|
|
|
|
|
uint16_t icmp_size = sizeof( struct icmphdr ) + ( pkt->hdr.ip.ihl * 4 ) + 8;
|
|
|
|
|
|
|
|
|
|
debug( "Building ICMP Too Big packet" );
|
|
|
|
|
|
|
|
|
|
memset( out->scratch, 0, sizeof( struct iphdr ) + sizeof( struct icmphdr ) );
|
|
|
|
|
|
|
|
|
|
ip->version = 4;
|
|
|
|
|
ip->ihl = sizeof( struct iphdr ) / 4;
|
|
|
|
|
ip->ttl = IPDEFTTL;
|
|
|
|
|
ip->protocol = IPPROTO_ICMP;
|
|
|
|
|
ip->saddr = rloc_src->s_addr;
|
|
|
|
|
ip->daddr = pkt->hdr.ip.saddr;
|
2013-08-06 15:20:48 +01:00
|
|
|
|
2013-08-09 03:11:15 +01:00
|
|
|
icmp->type = ICMP_DEST_UNREACH;
|
|
|
|
|
icmp->code = ICMP_FRAG_NEEDED;
|
|
|
|
|
icmp->un.frag.mtu = htons( max_mtu );
|
2013-08-06 15:20:48 +01:00
|
|
|
|
2013-08-09 03:11:15 +01:00
|
|
|
out->iovs[0].iov_base = out->scratch;
|
|
|
|
|
out->iovs[0].iov_len = sizeof( struct iphdr ) + icmp_size;
|
|
|
|
|
|
|
|
|
|
memcpy( ((char *)icmp) + sizeof( struct icmphdr ), pkt, icmp_size - sizeof( struct icmphdr ) );
|
|
|
|
|
|
|
|
|
|
//out->iovs[1].iov_base = pkt;
|
|
|
|
|
//out->iovs[1].iov_len = ( pkt->hdr.ip.ihl * 4 ) + 8;
|
|
|
|
|
|
|
|
|
|
ip->tot_len = htons( out->iovs[0].iov_len );
|
2013-08-06 15:20:48 +01:00
|
|
|
|
2013-08-09 03:11:15 +01:00
|
|
|
icmp->checksum = compute_checksum( (unsigned short *)icmp, icmp_size );
|
|
|
|
|
compute_ip_checksum( ip );
|
|
|
|
|
out->count = 1;
|
2013-08-08 00:48:02 +01:00
|
|
|
|
2013-08-09 03:11:15 +01:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2013-08-15 00:09:23 +01:00
|
|
|
struct peer_context *packet_peer_context( struct rlocs *reg, struct packet *pkt, int wrapping )
|
2013-08-09 03:11:15 +01:00
|
|
|
{
|
2013-08-15 00:09:23 +01:00
|
|
|
char bad_eid_txt[128] = {0};
|
|
|
|
|
struct rloc *src_rloc = NULL, *dst_rloc = NULL;
|
|
|
|
|
struct in_addr *ip4_src = (struct in_addr*) &pkt->hdr.ip.saddr;
|
|
|
|
|
struct in_addr *ip4_dst = (struct in_addr*) &pkt->hdr.ip.daddr;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
switch( pkt->hdr.ip.version ) {
|
|
|
|
|
case 0x04: // ipv4
|
|
|
|
|
src_rloc = rloc_find_for_ipv4( reg, ip4_src );
|
|
|
|
|
if ( src_rloc == NULL ) {
|
|
|
|
|
inet_ntop( AF_INET, ip4_src, bad_eid_txt, 128 );
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dst_rloc = rloc_find_for_ipv4( reg, (struct in_addr *)&pkt->hdr.ip.daddr );
|
|
|
|
|
if ( dst_rloc == NULL ) {
|
|
|
|
|
inet_ntop( AF_INET, ip4_dst, bad_eid_txt, 128 );
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case 0x06: // ipv6
|
|
|
|
|
src_rloc = rloc_find_for_ipv6( reg, &pkt->hdr.ip6.ip6_src );
|
|
|
|
|
if ( src_rloc == NULL) {
|
|
|
|
|
inet_ntop( AF_INET6, &pkt->hdr.ip6.ip6_src, bad_eid_txt, 128 );
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dst_rloc = rloc_find_for_ipv6( reg, &pkt->hdr.ip6.ip6_dst );
|
|
|
|
|
if (dst_rloc == NULL ) {
|
|
|
|
|
inet_ntop( AF_INET6, &pkt->hdr.ip6.ip6_dst, bad_eid_txt, 128 );
|
|
|
|
|
}
|
|
|
|
|
break;
|
2013-08-06 15:20:48 +01:00
|
|
|
}
|
2013-08-09 03:11:15 +01:00
|
|
|
|
2013-08-15 00:09:23 +01:00
|
|
|
if ( src_rloc == NULL ) {
|
|
|
|
|
warn( "Couldn't find source RLOC for %s, discarding packet", bad_eid_txt );
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( dst_rloc == NULL ) {
|
|
|
|
|
warn( "Couldn't find destination RLOC for %s, discarding packet", bad_eid_txt );
|
|
|
|
|
return NULL;
|
2013-08-06 15:20:48 +01:00
|
|
|
}
|
2013-08-09 03:11:15 +01:00
|
|
|
|
2013-08-15 00:09:23 +01:00
|
|
|
if ( wrapping ) { // when wrapping, src=x, dst=y
|
|
|
|
|
return rlocs_get_peer_ctx( reg, src_rloc, dst_rloc );
|
|
|
|
|
} else { // when unwrapping, src=y, dst=x
|
|
|
|
|
return rlocs_get_peer_ctx( reg, dst_rloc, src_rloc );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int wrap_ipv4_packet_in_ipv4( struct peer_context *pctx, struct packet *pkt, struct rsp_data *frag1, struct rsp_data *frag2 )
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
uint16_t max_size = pctx->path_mtu;
|
2013-08-09 03:11:15 +01:00
|
|
|
uint16_t pkt_tot_len = ntohs( pkt->hdr.ip.tot_len );
|
|
|
|
|
uint16_t pkt_hdr_len = pkt->hdr.ip.ihl * 4;
|
2013-08-06 15:20:48 +01:00
|
|
|
|
2013-08-09 03:11:15 +01:00
|
|
|
int num_packets = 1;
|
|
|
|
|
|
|
|
|
|
// fragmentation is needed.
|
|
|
|
|
if ( pkt_tot_len > max_size - WRAP_OVERHEAD ) {
|
|
|
|
|
debug( "Packet needs fragmenting" );
|
|
|
|
|
// DF bit set, so return ICMP Too Big
|
|
|
|
|
if ( ntohs( pkt->hdr.ip.frag_off ) & IP_DF ) {
|
2013-08-15 00:09:23 +01:00
|
|
|
build_icmp_too_big( max_size, &pctx->x->addr.ip4, pkt, frag1 );
|
2013-08-09 03:11:15 +01:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
num_packets = 2;
|
2013-08-06 15:20:48 +01:00
|
|
|
|
2013-08-09 03:11:15 +01:00
|
|
|
// good enough, it's getting encrypted and only needs to be unique for
|
|
|
|
|
// a short period of time
|
|
|
|
|
uint16_t frag_id = (uint16_t) rand();
|
|
|
|
|
|
|
|
|
|
// Must be an 8-byte offset
|
|
|
|
|
uint16_t frag_off = ( pkt_tot_len - pkt_hdr_len ) / 2;
|
|
|
|
|
frag_off += frag_off%8;
|
|
|
|
|
uint16_t frag2_size = pkt_tot_len - pkt_hdr_len - frag_off;
|
|
|
|
|
|
|
|
|
|
if ( pkt_hdr_len > sizeof( struct iphdr ) ) {
|
|
|
|
|
warn( "FIXME: options specified with IP header are not handled correctly during fragmentation yet" );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// wrap_ipv4_packet only touches scratch upto IP_MAXPACKET. We allocate
|
|
|
|
|
// double that.
|
|
|
|
|
struct packet *pkt2 = (struct packet *) frag2->scratch + IP_MAXPACKET;
|
|
|
|
|
|
|
|
|
|
pkt->hdr.ip.tot_len = htons( pkt_hdr_len + frag_off );
|
|
|
|
|
pkt->hdr.ip.id = htons( frag_id );
|
|
|
|
|
pkt->hdr.ip.frag_off = htons( 0 | IP_MF );
|
|
|
|
|
|
|
|
|
|
memcpy( pkt2, pkt, pkt_hdr_len );
|
|
|
|
|
|
2013-08-09 03:55:54 +01:00
|
|
|
pkt2->hdr.ip.tot_len = frag2_size;
|
2013-08-09 03:11:15 +01:00
|
|
|
pkt2->hdr.ip.frag_off = htons( frag_off / 8 );
|
|
|
|
|
memcpy( ((char *)pkt2) + pkt_hdr_len, ((char*)pkt)+pkt_hdr_len, frag2_size );
|
|
|
|
|
|
2013-08-09 03:55:54 +01:00
|
|
|
// Need to recompute these
|
|
|
|
|
compute_ip_checksum( &pkt->hdr.ip );
|
|
|
|
|
compute_ip_checksum( &pkt2->hdr.ip );
|
|
|
|
|
|
2013-08-15 00:09:23 +01:00
|
|
|
if ( !build_wrapped_ipv4_packet( pctx, pkt2, frag2 ) ) {
|
2013-08-09 03:11:15 +01:00
|
|
|
debug( "Couldn't wrap packet 2 of 2 ");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-08-15 00:09:23 +01:00
|
|
|
if ( !build_wrapped_ipv4_packet( pctx, pkt, frag1 ) ) {
|
2013-08-09 03:11:15 +01:00
|
|
|
debug( "Couldn't wrap packet 1 of %i", num_packets );
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return num_packets;
|
2013-08-06 15:20:48 +01:00
|
|
|
}
|
|
|
|
|
|
2013-08-15 00:09:23 +01:00
|
|
|
int wrap_ipv6_packet_in_ipv4(struct peer_context *pctx, struct packet *pkt, struct rsp_data *frag1, struct rsp_data *frag2)
|
2013-08-06 15:20:48 +01:00
|
|
|
{
|
2013-08-15 00:09:23 +01:00
|
|
|
warn( "STUB: wrap_ipv6_packet_in_ipv4" );
|
2013-08-06 15:20:48 +01:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2013-08-15 00:09:23 +01:00
|
|
|
int wrap_ipv4_packet_in_ipv6(struct peer_context *pctx, struct packet *pkt, struct rsp_data *frag1, struct rsp_data *frag2)
|
|
|
|
|
{
|
|
|
|
|
warn( "STUB: wrap_ipv4_packet_in_ipv6" );
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2013-08-06 15:20:48 +01:00
|
|
|
|
2013-08-15 00:09:23 +01:00
|
|
|
int wrap_ipv6_packet_in_ipv6(struct peer_context *pctx, struct packet *pkt, struct rsp_data *frag1, struct rsp_data *frag2)
|
|
|
|
|
{
|
|
|
|
|
warn( "STUB: wrap_ipv6_packet_in_ipv6" );
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2013-08-06 15:20:48 +01:00
|
|
|
|
2013-08-15 00:09:23 +01:00
|
|
|
int wrap_packet( struct rlocs *reg, struct packet *pkt, struct rsp_data *frag1, struct rsp_data *frag2 )
|
|
|
|
|
{
|
|
|
|
|
struct peer_context *pctx = packet_peer_context( reg, pkt, 1 );
|
|
|
|
|
|
|
|
|
|
if ( pctx == NULL ) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int result = 0;
|
|
|
|
|
|
|
|
|
|
switch ( pctx->x->family ) {
|
|
|
|
|
case AF_INET:
|
|
|
|
|
switch ( pkt->hdr.ip.version ) {
|
|
|
|
|
case 0x04: // ipv4
|
|
|
|
|
result = wrap_ipv4_packet_in_ipv4( pctx, pkt, frag1, frag2 );
|
|
|
|
|
break;
|
|
|
|
|
case 0x06: // ipv6
|
|
|
|
|
result = wrap_ipv6_packet_in_ipv4( pctx, pkt, frag1, frag2 );
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case AF_INET6:
|
|
|
|
|
switch ( pkt->hdr.ip.version ) {
|
|
|
|
|
case 0x04: // ipv4
|
|
|
|
|
result = wrap_ipv4_packet_in_ipv6( pctx, pkt, frag1, frag2 );
|
|
|
|
|
break;
|
|
|
|
|
case 0x06: // ipv6
|
|
|
|
|
result = wrap_ipv6_packet_in_ipv6( pctx, pkt, frag1, frag2 );
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
warn( "Unknown family of peer context: %i", pctx->x->family );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
int unwrap_ipv4_packet( struct peer_context *pctx, struct packet *pkt, struct rsp_data *out )
|
2013-08-06 15:20:48 +01:00
|
|
|
{
|
2013-08-06 18:44:13 +01:00
|
|
|
out->count = 2;
|
|
|
|
|
assert( out->count < MAX_IOVS );
|
|
|
|
|
|
|
|
|
|
// first, check this is actually a hide-eid packet.
|
|
|
|
|
if ( pkt->hdr.ip.protocol != IPPROTO_HIDE_EID ) {
|
|
|
|
|
warn( "expected IP protocol %u, not %u", IPPROTO_HIDE_EID, pkt->hdr.ip.protocol );
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
uint16_t hdr_size = pkt->hdr.ip.ihl * 4;
|
|
|
|
|
uint16_t encrypted_size = ntohs( *((uint16_t*)pkt + ( hdr_size / 2 )) );
|
|
|
|
|
info( "encrypted_size: %u", encrypted_size );
|
|
|
|
|
|
|
|
|
|
// iovec 0: decrypted data. This should be an IP header.
|
|
|
|
|
unsigned char *encrypted_data = ((unsigned char *)pkt) + hdr_size + 2;
|
|
|
|
|
unsigned char *scratch = &out->scratch[0];
|
|
|
|
|
|
2013-08-15 00:09:23 +01:00
|
|
|
int decrypted_size = rlocs_decrypt( pctx, encrypted_data, encrypted_size, scratch, IP_MAXPACKET );
|
2013-08-06 18:44:13 +01:00
|
|
|
|
|
|
|
|
if ( decrypted_size < 0 ) {
|
|
|
|
|
warn( "Failed to decrypt packet!" );
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
info( "decrypted_size: %u", decrypted_size );
|
|
|
|
|
|
|
|
|
|
out->iovs[0].iov_base = scratch;
|
|
|
|
|
out->iovs[0].iov_len = decrypted_size;
|
|
|
|
|
|
|
|
|
|
// iovec 1: never-encrypted part
|
2013-08-09 03:55:54 +01:00
|
|
|
out->iovs[1].iov_base = encrypted_data + encrypted_size;
|
2013-08-06 18:44:13 +01:00
|
|
|
out->iovs[1].iov_len = ntohs( pkt->hdr.ip.tot_len ) - hdr_size - encrypted_size;
|
|
|
|
|
|
|
|
|
|
if ( out->iovs[0].iov_len + out->iovs[1].iov_len > IP_MAXPACKET ) {
|
|
|
|
|
warn( "Unwrapped packet is too large, dropping it" );
|
|
|
|
|
warn( "iovs[0] is %zu, iovs[1] is %zu", out->iovs[0].iov_len, out->iovs[1].iov_len );
|
|
|
|
|
warn( "hdr_size = %u, encrypted_size = %u, tot_len = %u", hdr_size, encrypted_size, ntohs( pkt->hdr.ip.tot_len ) );
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2013-08-15 00:09:23 +01:00
|
|
|
debug( "Finished unwrapping IPv4 packet" );
|
2013-08-06 18:44:13 +01:00
|
|
|
return 1;
|
2013-08-06 15:20:48 +01:00
|
|
|
}
|
|
|
|
|
|
2013-08-15 00:09:23 +01:00
|
|
|
int unwrap_ipv6_packet(struct peer_context *pctx, struct packet *pkt, struct rsp_data *out)
|
2013-08-06 15:20:48 +01:00
|
|
|
{
|
|
|
|
|
warn( "STUB: unwrap_ipv6_packet" );
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2013-08-15 00:09:23 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
int unwrap_packet( struct rlocs *reg, struct packet *pkt, struct rsp_data *out )
|
|
|
|
|
{
|
|
|
|
|
int result;
|
|
|
|
|
struct peer_context *pctx = packet_peer_context( reg, pkt, 0 );
|
|
|
|
|
|
|
|
|
|
if ( pctx == NULL ) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch ( pkt->hdr.ip.version ) {
|
|
|
|
|
case 0x04:
|
|
|
|
|
result = unwrap_ipv4_packet( pctx, pkt, out );
|
|
|
|
|
break;
|
|
|
|
|
case 0x06:
|
|
|
|
|
result = unwrap_ipv6_packet( pctx, pkt, out );
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
warn( "Couldn't unwrap packet with version %i, discarding", pkt->hdr.ip.version );
|
|
|
|
|
result = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
