6in4.c 9.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441
  1. /*
  2. * 6in4 - tunnel client for automatic 6to4 or configured v6-in-v4 tunnels.
  3. * see rfc3056.
  4. */
  5. #include <u.h>
  6. #include <libc.h>
  7. #include <ip.h>
  8. enum {
  9. IP_IPV6PROTO = 41, /* IPv4 protocol number for IPv6 */
  10. V6to4pfx = 0x2002,
  11. };
  12. typedef struct Iphdr Iphdr;
  13. struct Iphdr
  14. {
  15. uchar vihl; /* Version and header length */
  16. uchar tos; /* Type of service */
  17. uchar length[2]; /* packet length */
  18. uchar id[2]; /* Identification */
  19. uchar frag[2]; /* Fragment information */
  20. uchar ttl; /* Time to live */
  21. uchar proto; /* Protocol */
  22. uchar cksum[2]; /* Header checksum */
  23. uchar src[4]; /* Ip source (uchar ordering unimportant) */
  24. uchar dst[4]; /* Ip destination (uchar ordering unimportant) */
  25. uchar payload[];
  26. };
  27. #define STFHDR offsetof(Iphdr, payload[0])
  28. int anysender;
  29. int gateway;
  30. int debug;
  31. uchar local6[IPaddrlen];
  32. uchar remote6[IPaddrlen];
  33. uchar remote4[IPaddrlen];
  34. uchar localmask[IPaddrlen];
  35. uchar localnet[IPaddrlen];
  36. uchar myip[IPaddrlen];
  37. /* magic anycast address from rfc3068 */
  38. uchar anycast6to4[IPv4addrlen] = { 192, 88, 99, 1 };
  39. static char *net = "/net";
  40. static int badipv4(uchar*);
  41. static int badipv6(uchar*);
  42. static void ip2tunnel(int, int);
  43. static void tunnel2ip(int, int);
  44. static void
  45. usage(void)
  46. {
  47. fprint(2, "usage: %s [-ag] [-x mtpt] [local6[/mask]] [remote4 [remote6]]\n",
  48. argv0);
  49. exits("Usage");
  50. }
  51. static char *
  52. defv6addr(void)
  53. {
  54. uchar *ipv4 = &myip[IPaddrlen - IPv4addrlen];
  55. return smprint("%ux:%2.2x%2.2x:%2.2x%2.2x::1/48", V6to4pfx,
  56. ipv4[0], ipv4[1], ipv4[2], ipv4[3]);
  57. }
  58. /* process non-option arguments */
  59. static void
  60. procargs(int argc, char **argv)
  61. {
  62. char *p, *loc6;
  63. if (argc < 1)
  64. loc6 = defv6addr();
  65. else if (strcmp(argv[0], "-") == 0) {
  66. loc6 = defv6addr();
  67. argv++;
  68. argc--;
  69. } else {
  70. loc6 = *argv++;
  71. argc--;
  72. }
  73. /* local v6 address (mask defaults to /128) */
  74. memcpy(localmask, IPallbits, sizeof localmask);
  75. p = strchr(loc6, '/');
  76. if (p != nil) {
  77. parseipmask(localmask, p);
  78. *p = 0;
  79. }
  80. if (parseip(local6, loc6) == -1)
  81. sysfatal("bad local v6 address %s", loc6);
  82. if (isv4(local6))
  83. usage();
  84. if (argc >= 1 && argv[0][0] == '/') {
  85. parseipmask(localmask, *argv++);
  86. argc--;
  87. }
  88. if (debug)
  89. fprint(2, "local6 %I %M\n", local6, localmask);
  90. /* remote v4 address (defaults to anycast 6to4) */
  91. if (argc >= 1) {
  92. if (parseip(remote4, *argv++) == -1)
  93. sysfatal("bad remote v4 address %s", argv[-1]);
  94. argc--;
  95. if (!isv4(remote4))
  96. usage();
  97. } else {
  98. v4tov6(remote4, anycast6to4);
  99. anysender++;
  100. }
  101. if (debug)
  102. fprint(2, "remote4 %I\n", remote4);
  103. /* remote v6 address (defaults to link-local w/ v4 as interface part) */
  104. if (argc >= 1) {
  105. if (parseip(remote6, *argv++) == -1)
  106. sysfatal("bad remote v6 address %s", argv[-1]);
  107. argc--;
  108. } else {
  109. remote6[0] = 0xFE; /* link local */
  110. remote6[1] = 0x80;
  111. memcpy(remote6 + IPv4off, remote4 + IPv4off, IPv4addrlen);
  112. }
  113. USED(argv);
  114. if (argc != 0)
  115. usage();
  116. maskip(local6, localmask, localnet);
  117. if (debug)
  118. fprint(2, "localnet %I remote6 %I\n", localnet, remote6);
  119. }
  120. static void
  121. setup(int *v6net, int *tunp)
  122. {
  123. int n, cfd;
  124. char *p, *cl, *ir;
  125. char buf[128], path[64];
  126. /*
  127. * gain access to IPv6-in-IPv4 packets
  128. */
  129. p = seprint(buf, buf + sizeof buf, "%s/ipmux!proto=%2.2x",
  130. net, IP_IPV6PROTO);
  131. if (1)
  132. seprint(p, buf + sizeof buf, ";dst=%V", myip + IPv4off);
  133. if (!anysender)
  134. seprint(p, buf + sizeof buf, ";src=%V", remote4 + IPv4off);
  135. *tunp = dial(buf, 0, 0, 0);
  136. if (*tunp < 0)
  137. sysfatal("can't access ipv6-in-ipv4 with dial str %s: %r", buf);
  138. if (debug)
  139. fprint(2, "dialed %s for v6-in-v4 access\n", buf);
  140. /*
  141. * open local IPv6 interface (as a packet interface)
  142. */
  143. cl = smprint("%s/ipifc/clone", net);
  144. cfd = open(cl, ORDWR); /* allocate a conversation */
  145. n = 0;
  146. if (cfd < 0 || (n = read(cfd, buf, sizeof buf - 1)) <= 0)
  147. sysfatal("can't make packet interface %s: %r", cl);
  148. if (debug)
  149. fprint(2, "cloned %s as local v6 interface\n", cl);
  150. free(cl);
  151. buf[n] = 0;
  152. snprint(path, sizeof path, "%s/ipifc/%s/data", net, buf);
  153. *v6net = open(path, ORDWR);
  154. if (*v6net < 0 || fprint(cfd, "bind pkt") < 0)
  155. sysfatal("can't bind packet interface: %r");
  156. /* 1280 is MTU, apparently from rfc2460 */
  157. if (fprint(cfd, "add %I /128 %I 1280", local6, remote6) <= 0)
  158. sysfatal("can't set local ipv6 address: %r");
  159. close(cfd);
  160. if (debug)
  161. fprint(2, "opened & bound %s as local v6 interface\n", path);
  162. if (gateway) {
  163. /* route global addresses through the tunnel to remote6 */
  164. ir = smprint("%s/iproute", net);
  165. cfd = open(ir, OWRITE);
  166. if (cfd >= 0 && debug)
  167. fprint(2, "injected 2000::/3 %I into %s\n", remote6, ir);
  168. free(ir);
  169. if (cfd < 0 || fprint(cfd, "add 2000:: /3 %I", remote6) <= 0)
  170. sysfatal("can't set default global route: %r");
  171. }
  172. }
  173. static void
  174. runtunnel(int v6net, int tunnel)
  175. {
  176. /* run the tunnel copying in the background */
  177. switch (rfork(RFPROC|RFNOWAIT|RFMEM|RFNOTEG)) {
  178. case -1:
  179. sysfatal("rfork");
  180. default:
  181. exits(nil);
  182. case 0:
  183. break;
  184. }
  185. switch (rfork(RFPROC|RFNOWAIT|RFMEM)) {
  186. case -1:
  187. sysfatal("rfork");
  188. default:
  189. tunnel2ip(tunnel, v6net);
  190. break;
  191. case 0:
  192. ip2tunnel(v6net, tunnel);
  193. break;
  194. }
  195. exits("tunnel gone");
  196. }
  197. void
  198. main(int argc, char **argv)
  199. {
  200. int tunnel, v6net;
  201. fmtinstall('I', eipfmt);
  202. fmtinstall('V', eipfmt);
  203. fmtinstall('M', eipfmt);
  204. ARGBEGIN {
  205. case 'a':
  206. anysender++;
  207. break;
  208. case 'd':
  209. debug++;
  210. break;
  211. case 'g':
  212. gateway++;
  213. break;
  214. case 'x':
  215. net = EARGF(usage());
  216. break;
  217. default:
  218. usage();
  219. } ARGEND
  220. if (myipaddr(myip, net) < 0)
  221. sysfatal("can't find my ipv4 address on %s", net);
  222. if (!isv4(myip))
  223. sysfatal("my ip, %I, is not a v4 address", myip);
  224. procargs(argc, argv);
  225. setup(&v6net, &tunnel);
  226. runtunnel(v6net, tunnel);
  227. }
  228. /*
  229. * based on libthread's threadsetname, but drags in less library code.
  230. * actually just sets the arguments displayed.
  231. */
  232. void
  233. procsetname(char *fmt, ...)
  234. {
  235. int fd;
  236. char *cmdname;
  237. char buf[128];
  238. va_list arg;
  239. va_start(arg, fmt);
  240. cmdname = vsmprint(fmt, arg);
  241. va_end(arg);
  242. if (cmdname == nil)
  243. return;
  244. snprint(buf, sizeof buf, "#p/%d/args", getpid());
  245. if((fd = open(buf, OWRITE)) >= 0){
  246. write(fd, cmdname, strlen(cmdname)+1);
  247. close(fd);
  248. }
  249. free(cmdname);
  250. }
  251. /*
  252. * encapsulate v6 packets from the packet interface in v4 ones
  253. * and send them into the tunnel.
  254. */
  255. static void
  256. ip2tunnel(int in, int out)
  257. {
  258. int n, m;
  259. char buf[64*1024];
  260. Iphdr *op;
  261. Ip6hdr *ip;
  262. if (anysender)
  263. procsetname("v6 %I -> tunnel", local6);
  264. else
  265. procsetname("v6 %I -> tunnel %I %I", local6, remote4, remote6);
  266. /* populate v4 header */
  267. op = (Iphdr*)buf;
  268. op->vihl = IP_VER4 | 5; /* hdr is 5 longs? */
  269. memcpy(op->src, myip + IPv4off, sizeof op->src);
  270. op->proto = IP_IPV6PROTO;
  271. op->ttl = 100;
  272. /* get a V6 packet destined for the tunnel */
  273. while ((n = read(in, buf + STFHDR, sizeof buf - STFHDR)) > 0) {
  274. /* if not IPV6, drop it */
  275. ip = (Ip6hdr*)(buf + STFHDR);
  276. if ((ip->vcf[0] & 0xF0) != IP_VER6)
  277. continue;
  278. /* check length: drop if too short, trim if too long */
  279. m = nhgets(ip->ploadlen) + IPV6HDR_LEN;
  280. if (m > n)
  281. continue;
  282. if (m < n)
  283. n = m;
  284. /* drop if v6 source or destination address is naughty */
  285. if (badipv6(ip->src) ||
  286. (!equivip6(ip->dst, remote6) && badipv6(ip->dst))) {
  287. syslog(0, "6in4", "egress filtered %I -> %I",
  288. ip->src, ip->dst);
  289. continue;
  290. }
  291. if (debug > 1)
  292. fprint(2, "v6 to tunnel %I -> %I\n", ip->src, ip->dst);
  293. /* send 6to4 packets directly to ipv4 target */
  294. if ((ip->dst[0]<<8 | ip->dst[1]) == V6to4pfx)
  295. memcpy(op->dst, ip->dst+2, sizeof op->dst);
  296. else
  297. memcpy(op->dst, remote4+IPv4off, sizeof op->dst);
  298. n += STFHDR;
  299. /* pass packet to the other end of the tunnel */
  300. if (write(out, op, n) != n) {
  301. syslog(0, "6in4", "error writing to tunnel (%r), giving up");
  302. break;
  303. }
  304. }
  305. }
  306. /*
  307. * decapsulate v6 packets from v4 ones from the tunnel
  308. * and forward them to the packet interface
  309. */
  310. static void
  311. tunnel2ip(int in, int out)
  312. {
  313. int n, m;
  314. char buf[64*1024];
  315. uchar a[IPaddrlen];
  316. Ip6hdr *op;
  317. Iphdr *ip;
  318. if (anysender)
  319. procsetname("tunnel -> v6 %I", local6);
  320. else
  321. procsetname("tunnel %I %I -> v6 %I", remote4, remote6, local6);
  322. for (;;) {
  323. /* get a packet from the tunnel */
  324. n = read(in, buf, sizeof buf);
  325. ip = (Iphdr*)(buf + IPaddrlen);
  326. n -= IPaddrlen;
  327. if (n <= 0) {
  328. syslog(0, "6in4", "error reading from tunnel (%r), giving up");
  329. break;
  330. }
  331. /* if not IPv4 nor IPv4 protocol IPv6, drop it */
  332. if ((ip->vihl & 0xF0) != IP_VER4 || ip->proto != IP_IPV6PROTO)
  333. continue;
  334. /* check length: drop if too short, trim if too long */
  335. m = nhgets(ip->length);
  336. if (m > n)
  337. continue;
  338. if (m < n)
  339. n = m;
  340. op = (Ip6hdr*)(buf + IPaddrlen + STFHDR);
  341. n -= STFHDR;
  342. /*
  343. * don't relay: just accept packets for local host/subnet
  344. * (this blocks link-local and multicast addresses as well)
  345. */
  346. maskip(op->dst, localmask, a);
  347. if (!equivip6(a, localnet)) {
  348. syslog(0, "6in4", "ingress filtered %I -> %I",
  349. op->src, op->dst);
  350. continue;
  351. }
  352. if (debug > 1)
  353. fprint(2, "tunnel to v6 %I -> %I\n", op->src, op->dst);
  354. /* pass V6 packet to the interface */
  355. if (write(out, op, n) != n) {
  356. syslog(0, "6in4", "error writing to packet interface (%r), giving up");
  357. break;
  358. }
  359. }
  360. }
  361. static int
  362. badipv4(uchar *a)
  363. {
  364. switch (a[0]) {
  365. case 0: /* unassigned */
  366. case 10: /* private */
  367. case 127: /* loopback */
  368. return 1;
  369. case 172:
  370. return a[1] >= 16; /* 172.16.0.0/12 private */
  371. case 192:
  372. return a[1] == 168; /* 192.168.0.0/16 private */
  373. case 169:
  374. return a[1] == 254; /* 169.254.0.0/16 DHCP link-local */
  375. }
  376. /* 224.0.0.0/4 multicast, 240.0.0.0/4 reserved, broadcast */
  377. return a[0] >= 240;
  378. }
  379. /*
  380. * 0x0000/16 prefix = v4 compatible, v4 mapped, loopback, unspecified...
  381. * site-local is now deprecated, rfc3879
  382. */
  383. static int
  384. badipv6(uchar *a)
  385. {
  386. int h = a[0]<<8 | a[1];
  387. return h == 0 || ISIPV6MCAST(a) || ISIPV6LINKLOCAL(a) ||
  388. h == V6to4pfx && badipv4(a+2);
  389. }