evan/protomask
1
Fork 0
Code

implement rfc6052 address embedding

Browse Source
This commit is contained in:
Evan Pratten 2023-08-02 18:51:20 -04:00
parent 87547f59b6
commit 7e6abe67bb
3 changed files with 163 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/common/mod.rs
View File

@ -1,3 +1,4 @@
//! Common code used across all protomask binaries
pub mod logging;
pub mod rfc6052;

116
src/common/rfc6052.rs Normal file
View File

@ -0,0 +1,116 @@
//! Utilities for interacting with [RFC6052](https://datatracker.ietf.org/doc/html/rfc6052) "IPv4-Embedded IPv6 Addresses"
use std::{
cmp::{max, min},
net::{Ipv4Addr, Ipv6Addr},
str::FromStr,
};
use ipnet::Ipv6Net;
/// Parses an [RFC6052 Section 2.2](https://datatracker.ietf.org/doc/html/rfc6052#section-2.2)-compliant IPv6 prefix from a string
pub fn parse_network_specific_prefix(string: &str) -> Result<Ipv6Net, String> {
// First, parse to an IPv6Net struct
let net = Ipv6Net::from_str(string).map_err(|err| err.to_string())?;
// Ensure the prefix length is one of the allowed lengths according to RFC6052 Section 2.2
if ![32, 40, 48, 56, 64, 96].contains(&net.prefix_len()) {
return Err("Prefix length must be one of 32, 40, 48, 56, 64, or 96".to_owned());
}
// Return the parsed network struct
Ok(net)
}
/// Embeds an IPv4 address into an IPv6 prefix
pub fn embed_to_ipv6(ipv4_addr: Ipv4Addr, ipv6_prefix: Ipv6Net) -> Ipv6Addr {
// Convert to integer types
let ipv4_addr = u32::from(ipv4_addr);
let prefix_len = ipv6_prefix.prefix_len() as i16;
let ipv6_prefix = u128::from(ipv6_prefix.addr());
// According to the RFC, the IPv4 address must be split on the boundary of bits 64..71.
// To accomplish this, we split the IPv4 address into two parts so we can separately mask
// and shift them into place on each side of the boundary
Ipv6Addr::from(
ipv6_prefix
| (((ipv4_addr as u128 & (0xffff_ffffu128 << (32 + min(0, prefix_len - 64)))) as u128)
<< (128 - prefix_len - 32))
| (((ipv4_addr as u128) << max(0, 128 - prefix_len - 32 - 8)) & 0x00ff_ffff_ffff_ffff),
)
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_embed_len_32() {
assert_eq!(
embed_to_ipv6(
"192.0.2.1".parse().unwrap(),
"64:ff9b::/32".parse().unwrap()
),
"64:ff9b:c000:0201::".parse::<Ipv6Addr>().unwrap()
);
}
#[test]
fn test_embed_len_40() {
assert_eq!(
embed_to_ipv6(
"192.0.2.1".parse().unwrap(),
"64:ff9b::/40".parse().unwrap(),
),
"64:ff9b:00c0:0002:0001::".parse::<Ipv6Addr>().unwrap()
);
}
#[test]
fn test_embed_len_48() {
assert_eq!(
embed_to_ipv6(
"192.0.2.1".parse().unwrap(),
"64:ff9b::/48".parse().unwrap(),
),
"64:ff9b:0000:c000:0002:0100::".parse::<Ipv6Addr>().unwrap()
);
}
#[test]
fn test_embed_len_56() {
assert_eq!(
embed_to_ipv6(
"192.0.2.1".parse().unwrap(),
"64:ff9b::/56".parse().unwrap(),
),
"64:ff9b:0000:00c0:0000:0201::".parse::<Ipv6Addr>().unwrap()
);
}
#[test]
fn test_embed_len_64() {
assert_eq!(
embed_to_ipv6(
"192.0.2.1".parse().unwrap(),
"64:ff9b::/64".parse().unwrap(),
),
"64:ff9b:0000:0000:00c0:0002:0100::"
.parse::<Ipv6Addr>()
.unwrap()
);
}
#[test]
fn test_embed_len_96() {
assert_eq!(
embed_to_ipv6(
"192.0.2.1".parse().unwrap(),
"64:ff9b::/96".parse().unwrap(),
),
"64:ff9b:0000:0000:0000:0000:c000:0201"
.parse::<Ipv6Addr>()
.unwrap()
);
}
}

48
src/protomask-clat.rs
View File

@ -4,10 +4,15 @@
//! IPv4 traffic to IPv6 traffic for transmission over an IPv6-only ISP network.
use clap::Parser;
use common::logging::enable_logger;
use common::{logging::enable_logger, rfc6052::parse_network_specific_prefix};
use easy_tun::Tun;
use interproto::protocols::ip::{translate_ipv4_to_ipv6, translate_ipv6_to_ipv4};
use ipnet::Ipv6Net;
use nix::unistd::Uid;
use std::{
io::{Read, Write},
net::Ipv4Addr,
};
mod common;
@ -15,7 +20,7 @@ mod common;
#[clap(author, version, about="IPv4 to IPv6 Customer-side transLATor (CLAT)", long_about = None)]
struct Args {
/// IPv6 prefix to embed IPv4 addresses in
#[clap(long="via", default_value_t = ("64:ff9b::/96").parse().unwrap())]
#[clap(long="via", default_value_t = ("64:ff9b::/96").parse().unwrap(), value_parser = parse_network_specific_prefix)]
embed_prefix: Ipv6Net,
/// Explicitly set the interface name to use
@ -44,8 +49,47 @@ pub async fn main() {
// Bring up a TUN interface
let mut tun = Tun::new(&args.interface).unwrap();
// Translate all incoming packets
log::info!("Translating packets on {}", tun.name());
let mut buffer = vec![0u8; 1500];
loop {
// Read a packet
let len = tun.read(&mut buffer).unwrap();
// Translate it based on the Layer 3 protocol number
let layer_3_proto = buffer[0] >> 4;
log::trace!("New packet with layer 3 protocol: {}", layer_3_proto);
let output = match layer_3_proto {
// IPv4
4 => {
// Get the IPv4 source and destination addresses
let ipv4_source =
u32::from_be_bytes([buffer[12], buffer[13], buffer[14], buffer[15]]);
let ipv4_destination =
u32::from_be_bytes([buffer[16], buffer[17], buffer[18], buffer[19]]);
// Create a new IPv6 source and destination address by embedding the IPv4 addresses into the clat prefix
let new_source = u128::from(args.embed_prefix.addr()) | (ipv4_source as u128);
let new_destination =
u128::from(args.embed_prefix.addr()) | (ipv4_destination as u128);
translate_ipv4_to_ipv6(&buffer[..len], new_source.into(), new_destination.into())
}
// IPv6
6 => translate_ipv6_to_ipv4(
&buffer[..len],
// NOTE: The new source and destination addresses are just the last
// 4 octets of the IPv6 source and destination addresses
Ipv4Addr::new(buffer[20], buffer[21], buffer[22], buffer[23]),
Ipv4Addr::new(buffer[36], buffer[37], buffer[38], buffer[39]),
),
// Unknown
proto => {
log::warn!("Unknown Layer 3 protocol: {}", proto);
continue;
}
}
.unwrap();
}
}