6in4.c 7.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347
  1. /*
  2. * 6in4 - tunnel client for automatic 6to4 or configured v6-in-v4 tunnels
  3. */
  4. #include <u.h>
  5. #include <libc.h>
  6. #include <ip.h>
  7. enum {
  8. IP_IPV6PROTO = 41,
  9. };
  10. int anysender;
  11. int gateway;
  12. uchar local6[IPaddrlen];
  13. uchar remote6[IPaddrlen];
  14. uchar remote4[IPaddrlen];
  15. uchar localmask[IPaddrlen];
  16. uchar localnet[IPaddrlen];
  17. uchar myip[IPaddrlen];
  18. /* magic anycast address from rfc3068 */
  19. uchar anycast6to4[IPv4addrlen] = { 192, 88, 99, 1 };
  20. static char *net = "/net";
  21. static int badipv4(uchar*);
  22. static int badipv6(uchar*);
  23. static void ip2tunnel(int, int);
  24. static void tunnel2ip(int, int);
  25. static void
  26. usage(void)
  27. {
  28. fprint(2, "usage: %s [-ag] [-x mtpt] [local6[/mask]] [remote4 [remote6]]\n",
  29. argv0);
  30. exits("Usage");
  31. }
  32. void
  33. main(int argc, char **argv)
  34. {
  35. int n, tunnel, ifc, cfd;
  36. char *p, *cl, *ir, *loc6;
  37. char buf[128], path[64];
  38. fmtinstall('I', eipfmt);
  39. fmtinstall('V', eipfmt);
  40. fmtinstall('M', eipfmt);
  41. ARGBEGIN {
  42. case 'a':
  43. anysender++;
  44. break;
  45. case 'g':
  46. gateway++;
  47. break;
  48. case 'x':
  49. net = EARGF(usage());
  50. break;
  51. default:
  52. usage();
  53. } ARGEND
  54. if (myipaddr(myip, net) < 0)
  55. sysfatal("can't find my ipv4 address on %s", net);
  56. if (argc < 1)
  57. loc6 = smprint("2002:%2.2x%2.2x:%2.2x%2.2x::1/48",
  58. myip[IPaddrlen - IPv4addrlen],
  59. myip[IPaddrlen - IPv4addrlen + 1],
  60. myip[IPaddrlen - IPv4addrlen + 2],
  61. myip[IPaddrlen - IPv4addrlen + 3]);
  62. else {
  63. loc6 = argv[0];
  64. argv++;
  65. argc--;
  66. }
  67. /* local v6 address (mask defaults to /128) */
  68. memcpy(localmask, IPallbits, sizeof localmask);
  69. p = strchr(loc6, '/');
  70. if (p != nil) {
  71. parseipmask(localmask, p);
  72. *p = 0;
  73. }
  74. parseip(local6, loc6);
  75. if (isv4(local6))
  76. usage();
  77. if (argc >= 1 && argv[0][0] == '/') {
  78. parseipmask(localmask, argv[0]);
  79. argv++;
  80. argc--;
  81. }
  82. /* remote v4 address (defaults to anycast 6to4) */
  83. if (argc >= 1) {
  84. parseip(remote4, argv[0]);
  85. if (!isv4(remote4))
  86. usage();
  87. argv++;
  88. argc--;
  89. } else {
  90. v4tov6(remote4, anycast6to4);
  91. anysender++;
  92. }
  93. /* remote v6 address (defaults to link-local w/ v4 as interface part) */
  94. if (argc >= 1) {
  95. parseip(remote6, argv[0]);
  96. if (isv4(remote4))
  97. usage();
  98. argv++;
  99. argc--;
  100. } else {
  101. remote6[0] = 0xFE; /* link local */
  102. remote6[1] = 0x80;
  103. memcpy(remote6 + IPv4off, remote4 + IPv4off, IPv4addrlen);
  104. }
  105. USED(argv);
  106. if (argc != 0)
  107. usage();
  108. maskip(local6, localmask, localnet);
  109. /*
  110. * open IPv6-in-IPv4 tunnel
  111. */
  112. p = seprint(buf, buf + sizeof buf, "ipmux!proto=%2.2x;dst=%V",
  113. IP_IPV6PROTO, myip + IPv4off);
  114. if (!anysender)
  115. seprint(p, buf + sizeof buf, ";src=%V", remote4 + IPv4off);
  116. tunnel = dial(buf, 0, 0, 0);
  117. if (tunnel < 0)
  118. sysfatal("can't make 6in4 tunnel with dial str %s: %r", buf);
  119. /*
  120. * open local IPv6 interface (as a packet interface)
  121. */
  122. cl = smprint("%s/ipifc/clone", net);
  123. cfd = open(cl, ORDWR); /* allocate a conversation */
  124. free(cl);
  125. n = 0;
  126. if (cfd < 0 || (n = read(cfd, buf, sizeof buf - 1)) <= 0)
  127. sysfatal("can't make packet interface: %r");
  128. buf[n] = 0;
  129. snprint(path, sizeof path, "%s/ipifc/%s/data", net, buf);
  130. ifc = open(path, ORDWR);
  131. if (ifc < 0 || fprint(cfd, "bind pkt") < 0)
  132. sysfatal("can't bind packet interface: %r");
  133. /* 1280 is MTU, apparently from rfc2460 */
  134. if (fprint(cfd, "add %I /128 %I 1280", local6, remote6) <= 0)
  135. sysfatal("can't set local ipv6 address: %r");
  136. close(cfd);
  137. if (gateway) {
  138. /* route global addresses through the tunnel to remote6 */
  139. ir = smprint("%s/iproute", net);
  140. cfd = open(ir, OWRITE);
  141. free(ir);
  142. if (cfd < 0 || fprint(cfd, "add 2000:: /3 %I", remote6) <= 0)
  143. sysfatal("can't set default global route: %r");
  144. }
  145. /* run the tunnel copying in the background */
  146. switch (rfork(RFPROC|RFNOWAIT|RFMEM|RFNOTEG)) {
  147. default:
  148. exits(nil);
  149. case 0:
  150. break;
  151. case -1:
  152. sysfatal("rfork");
  153. }
  154. switch (rfork(RFPROC|RFNOWAIT|RFMEM)) {
  155. default:
  156. tunnel2ip(tunnel, ifc);
  157. break;
  158. case 0:
  159. ip2tunnel(ifc, tunnel);
  160. break;
  161. case -1:
  162. sysfatal("rfork");
  163. }
  164. exits("tunnel gone");
  165. }
  166. typedef struct Iphdr Iphdr;
  167. typedef struct Ip6hdr Ip6hdr;
  168. struct Iphdr
  169. {
  170. uchar vihl; /* Version and header length */
  171. uchar tos; /* Type of service */
  172. uchar length[2]; /* packet length */
  173. uchar id[2]; /* Identification */
  174. uchar frag[2]; /* Fragment information */
  175. uchar ttl; /* Time to live */
  176. uchar proto; /* Protocol */
  177. uchar cksum[2]; /* Header checksum */
  178. uchar src[4]; /* Ip source (uchar ordering unimportant) */
  179. uchar dst[4]; /* Ip destination (uchar ordering unimportant) */
  180. };
  181. struct Ip6hdr {
  182. uchar vcf[4]; /* version:4, traffic class:8, flow label:20 */
  183. uchar ploadlen[2]; /* payload length: packet length - 40 */
  184. uchar proto; /* next header type */
  185. uchar ttl; /* hop limit */
  186. uchar src[IPaddrlen];
  187. uchar dst[IPaddrlen];
  188. };
  189. #define STFHDR (sizeof(Iphdr))
  190. static void
  191. ip2tunnel(int in, int out)
  192. {
  193. int n, m;
  194. char buf[64*1024];
  195. Iphdr *op;
  196. Ip6hdr *ip;
  197. op = (Iphdr*)buf;
  198. op->vihl = 0x45; /* v4, hdr is 5 longs? */
  199. memcpy(op->src, myip + IPv4off, sizeof op->src);
  200. op->proto = IP_IPV6PROTO;
  201. op->ttl = 100;
  202. /* get a V6 packet destined for the tunnel */
  203. while ((n = read(in, buf + STFHDR, sizeof buf - STFHDR)) > 0) {
  204. /* if not IPV6, drop it */
  205. ip = (Ip6hdr*)(buf + STFHDR);
  206. if ((ip->vcf[0]&0xF0) != 0x60)
  207. continue;
  208. /* check length: drop if too short, trim if too long */
  209. m = nhgets(ip->ploadlen) + sizeof(Ip6hdr);
  210. if (m > n)
  211. continue;
  212. if (m < n)
  213. n = m;
  214. /* drop if v6 source or destination address is naughty */
  215. if (badipv6(ip->src) ||
  216. (!equivip6(ip->dst, remote6) && badipv6(ip->dst))) {
  217. syslog(0, "6in4", "egress filtered %I -> %I",
  218. ip->src, ip->dst);
  219. continue;
  220. }
  221. /* send 6to4 packets (2002::) directly to ipv4 target */
  222. if (ip->dst[0] == 0x20 && ip->dst[1] == 0x02)
  223. memcpy(op->dst, ip->dst+2, sizeof op->dst);
  224. else
  225. memcpy(op->dst, remote4+IPv4off, sizeof op->dst);
  226. n += STFHDR;
  227. /* pass packet to the other end of the tunnel */
  228. if (write(out, op, n) != n) {
  229. syslog(0, "6in4", "error writing to tunnel (%r), giving up");
  230. break;
  231. }
  232. }
  233. }
  234. static void
  235. tunnel2ip(int in, int out)
  236. {
  237. int n, m;
  238. char buf[64*1024];
  239. uchar a[IPaddrlen];
  240. Ip6hdr *op;
  241. Iphdr *ip;
  242. for (;;) {
  243. /* get a packet from the tunnel */
  244. n = read(in, buf, sizeof buf);
  245. ip = (Iphdr*)(buf + IPaddrlen);
  246. n -= IPaddrlen;
  247. if (n <= 0) {
  248. syslog(0, "6in4", "error reading from tunnel (%r), giving up");
  249. break;
  250. }
  251. /* if not IPv4 nor IP protocol IPv6, drop it */
  252. if ((ip->vihl&0xF0) != 0x40 || ip->proto != IP_IPV6PROTO)
  253. continue;
  254. /* check length: drop if too short, trim if too long */
  255. m = nhgets(ip->length);
  256. if (m > n)
  257. continue;
  258. if (m < n)
  259. n = m;
  260. op = (Ip6hdr*)(buf + IPaddrlen + STFHDR);
  261. n -= STFHDR;
  262. /* don't relay: just accept packets for local host/subnet */
  263. /* (this blocks link-local and multicast addresses as well) */
  264. maskip(op->dst, localmask, a);
  265. if (!equivip6(a, localnet)) {
  266. syslog(0, "6in4", "ingress filtered %I -> %I",
  267. op->src, op->dst);
  268. continue;
  269. }
  270. /* pass V6 packet to the interface */
  271. write(out, op, n);
  272. }
  273. }
  274. static int
  275. badipv4(uchar *a)
  276. {
  277. switch (a[0]) {
  278. case 0: /* unassigned */
  279. case 10: /* private */
  280. case 127: /* loopback */
  281. return 1;
  282. case 172:
  283. return a[1] >= 16; /* 172.16.0.0/12 private */
  284. case 192:
  285. return a[1] == 168; /* 192.168.0.0/16 private */
  286. case 169:
  287. return a[1] == 254; /* 169.254.0.0/16 DHCP link-local */
  288. }
  289. /* 224.0.0.0/4 multicast, 240.0.0.0/4 reserved, broadcast */
  290. return a[0] >= 240;
  291. }
  292. static int
  293. badipv6(uchar *a)
  294. {
  295. int h = a[0]<<8 | a[1];
  296. if (h == 0 || /* compatible, mapped, loopback, unspecified ... */
  297. h >= 0xFE80) /* multicast, link-local or site-local */
  298. return 1;
  299. if (h == 0x2002 && /* 6to4 address */
  300. badipv4(a+2))
  301. return 1;
  302. return 0;
  303. }