From 833d4308fb4a9c2eeff3f48941a778e18c9fcf4f Mon Sep 17 00:00:00 2001 From: Evan Pratten Date: Wed, 2 Aug 2023 22:44:30 -0400 Subject: [PATCH] wip clat --- Cargo.toml | 9 +++- libs/interproto/src/protocols/ip.rs | 3 ++ libs/rtnl/Cargo.toml | 18 +++++--- libs/rtnl/README.md | 3 ++ libs/rtnl/src/ip.rs | 71 +++++++++++++++++++++++++++++ libs/rtnl/src/lib.rs | 22 +++++++++ libs/rtnl/src/link.rs | 31 +++++++++++++ libs/rtnl/src/route.rs | 41 +++++++++++++++++ src/protomask-clat.rs | 48 ++++++++++++++++--- 9 files changed, 231 insertions(+), 15 deletions(-) create mode 100644 libs/rtnl/README.md create mode 100644 libs/rtnl/src/ip.rs create mode 100644 libs/rtnl/src/lib.rs create mode 100644 libs/rtnl/src/link.rs create mode 100644 libs/rtnl/src/route.rs diff --git a/Cargo.toml b/Cargo.toml index 64d863a..c83dea3 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -41,7 +41,13 @@ exclude = ["/.github/", "/.vscode/"] # lazy_static = "1.4.0" [workspace] -members = ["libs/easy-tun", "libs/fast-nat", "libs/interproto", "libs/rfc6052"] +members = [ + "libs/easy-tun", + "libs/fast-nat", + "libs/interproto", + "libs/rfc6052", + "libs/rtnl", +] [[bin]] name = "protomask" @@ -61,6 +67,7 @@ easy-tun = { path = "libs/easy-tun" } fast-nat = { path = "libs/fast-nat" } interproto = { path = "libs/interproto" } rfc6052 = { path = "libs/rfc6052" } +rtnl = { path = "libs/rtnl", features = ["tokio"] } # External Dependencies tokio = { version = "1.29.1", features = ["macros", "rt-multi-thread"] } diff --git a/libs/interproto/src/protocols/ip.rs b/libs/interproto/src/protocols/ip.rs index 54d934c..b7c84e6 100644 --- a/libs/interproto/src/protocols/ip.rs +++ b/libs/interproto/src/protocols/ip.rs @@ -65,6 +65,7 @@ pub fn translate_ipv4_to_ipv6( ipv6_packet.set_hop_limit(ipv4_packet.get_ttl()); ipv6_packet.set_source(new_source); ipv6_packet.set_destination(new_destination); + ipv6_packet.set_payload_length(new_payload.len().try_into().unwrap()); // Copy the payload to the buffer ipv6_packet.set_payload(&new_payload); @@ -118,6 +119,7 @@ pub fn translate_ipv6_to_ipv4( // Set the header fields ipv4_packet.set_version(4); + ipv4_packet.set_header_length(5); ipv4_packet.set_ttl(ipv6_packet.get_hop_limit()); ipv4_packet.set_next_level_protocol(match ipv6_packet.get_next_header() { IpNextHeaderProtocols::Icmpv6 => IpNextHeaderProtocols::Icmp, @@ -125,6 +127,7 @@ pub fn translate_ipv6_to_ipv4( }); ipv4_packet.set_source(new_source); ipv4_packet.set_destination(new_destination); + ipv4_packet.set_total_length((Ipv4Packet::minimum_packet_size() + new_payload.len()).try_into().unwrap()); // Copy the payload to the buffer ipv4_packet.set_payload(&new_payload); diff --git a/libs/rtnl/Cargo.toml b/libs/rtnl/Cargo.toml index 7bbb9bb..7ab90d4 100644 --- a/libs/rtnl/Cargo.toml +++ b/libs/rtnl/Cargo.toml @@ -1,17 +1,21 @@ [package] -name = "rfc6052" -version = "1.0.0" +name = "rtnl" +version = "0.1.0" authors = ["Evan Pratten "] edition = "2021" -description = "Rust functions for interacting with RFC6052 IPv4-Embedded IPv6 Addresses" +description = "Slightly sane wrapper around rtnetlink" readme = "README.md" -homepage = "https://github.com/ewpratten/protomask/tree/master/libs/rfc6052" -documentation = "https://docs.rs/rfc6052" +homepage = "https://github.com/ewpratten/protomask/tree/master/libs/rtnl" +documentation = "https://docs.rs/rtnl" repository = "https://github.com/ewpratten/protomask" license = "GPL-3.0" keywords = [] categories = [] + [dependencies] -thiserror = "^1.0.44" -ipnet = "^2.8.0" \ No newline at end of file +tokio = { version = "1.29.1", optional = true, features = ["rt-multi-thread"] } +log = "0.4.19" +rtnetlink = "0.13.1" +futures = "0.3.28" +ipnet = "^2.8.0" diff --git a/libs/rtnl/README.md b/libs/rtnl/README.md new file mode 100644 index 0000000..b27c96d --- /dev/null +++ b/libs/rtnl/README.md @@ -0,0 +1,3 @@ +# RTNL + +A slightly sane wrapper around [`rtnetlink`](https://crates.io/crates/rtnetlink) diff --git a/libs/rtnl/src/ip.rs b/libs/rtnl/src/ip.rs new file mode 100644 index 0000000..ffae235 --- /dev/null +++ b/libs/rtnl/src/ip.rs @@ -0,0 +1,71 @@ +//! Utilities for manipulating the addresses assigned to links + +use std::net::IpAddr; + +use futures::TryStreamExt; +use rtnetlink::Handle; + +/// Add an IP address to a link +pub async fn addr_add( + ip_addr: IpAddr, + prefix_len: u8, + rt_handle: &Handle, + link_index: u32, +) -> Result<(), rtnetlink::Error> { + log::trace!("Adding address {} to link {}", ip_addr, link_index); + rt_handle + .address() + .add(link_index, ip_addr, prefix_len) + .execute() + .await + .map_err(|err| { + log::error!("Failed to add address {} to link {}", ip_addr, link_index); + log::error!("{}", err); + err + }) +} + +/// Remove an IP address from a link +pub async fn addr_del( + ip_addr: IpAddr, + prefix_len: u8, + rt_handle: &Handle, + link_index: u32, +) -> Result<(), rtnetlink::Error> { + log::trace!("Removing address {} from link {}", ip_addr, link_index); + + // Find the address message that matches the given address + if let Some(address_message) = rt_handle + .address() + .get() + .set_link_index_filter(link_index) + .set_address_filter(ip_addr) + .set_prefix_length_filter(prefix_len) + .execute() + .try_next() + .await + .map_err(|err| { + log::error!("Failed to find address {} on link {}", ip_addr, link_index); + log::error!("{}", err); + err + })? + { + // Delete the address + rt_handle + .address() + .del(address_message) + .execute() + .await + .map_err(|err| { + log::error!( + "Failed to remove address {} from link {}", + ip_addr, + link_index + ); + log::error!("{}", err); + err + })?; + } + + Ok(()) +} diff --git a/libs/rtnl/src/lib.rs b/libs/rtnl/src/lib.rs new file mode 100644 index 0000000..dbd29da --- /dev/null +++ b/libs/rtnl/src/lib.rs @@ -0,0 +1,22 @@ +#![doc = include_str!("../README.md")] +#![deny(clippy::pedantic)] +#![allow(clippy::module_name_repetitions)] +#![allow(clippy::missing_errors_doc)] +#![allow(clippy::missing_panics_doc)] +#![allow(clippy::missing_safety_doc)] + +pub mod link; +pub mod ip; +pub mod route; + +/// Get a handle on a new rtnetlink connection +#[cfg(feature="tokio")] +pub fn new_handle() -> Result { + let (rt_connection, rt_handle, _) = rtnetlink::new_connection().map_err(|err| { + log::error!("Failed to open rtnetlink connection"); + log::error!("{}", err); + err + })?; + tokio::spawn(rt_connection); + Ok(rt_handle) +} diff --git a/libs/rtnl/src/link.rs b/libs/rtnl/src/link.rs new file mode 100644 index 0000000..932f982 --- /dev/null +++ b/libs/rtnl/src/link.rs @@ -0,0 +1,31 @@ +//! Utilities for operating on a link/interface/device + +use futures::TryStreamExt; +use rtnetlink::Handle; + +/// Bring up a link by its link index +pub async fn link_up(rt_handle: &Handle, link_index: u32) -> Result<(), rtnetlink::Error> { + log::trace!("Bringing up link {}", link_index); + rt_handle.link().set(link_index).up().execute().await +} + +/// Bring down a link by its link index +pub async fn link_down(rt_handle: &Handle, link_index: u32) -> Result<(), rtnetlink::Error> { + log::trace!("Bringing down link {}", link_index); + rt_handle.link().set(link_index).down().execute().await +} + +/// Get the link index of a link by its name +pub async fn get_link_index( + rt_handle: &Handle, + link_name: &str, +) -> Result, rtnetlink::Error> { + Ok(rt_handle + .link() + .get() + .match_name(link_name.to_owned()) + .execute() + .try_next() + .await? + .map(|message| message.header.index)) +} diff --git a/libs/rtnl/src/route.rs b/libs/rtnl/src/route.rs new file mode 100644 index 0000000..225ef7e --- /dev/null +++ b/libs/rtnl/src/route.rs @@ -0,0 +1,41 @@ +//! Utilities for interacting with the routing table + +use ipnet::IpNet; +use rtnetlink::Handle; + +/// Add a route to a link +pub async fn route_add( + destination: IpNet, + rt_handle: &Handle, + link_index: u32, +) -> Result<(), rtnetlink::Error> { + log::trace!("Adding route {} to link {}", destination, link_index); + match destination { + IpNet::V4(destination) => rt_handle + .route() + .add() + .v4() + .output_interface(link_index) + .destination_prefix(destination.addr(), destination.prefix_len()) + .execute() + .await + .map_err(|err| { + log::error!("Failed to add route {} to link", destination); + log::error!("{}", err); + err + }), + IpNet::V6(destination) => rt_handle + .route() + .add() + .v6() + .output_interface(link_index) + .destination_prefix(destination.addr(), destination.prefix_len()) + .execute() + .await + .map_err(|err| { + log::error!("Failed to add route {} to link", destination); + log::error!("{}", err); + err + }), + } +} diff --git a/src/protomask-clat.rs b/src/protomask-clat.rs index c86744a..71d0067 100644 --- a/src/protomask-clat.rs +++ b/src/protomask-clat.rs @@ -7,7 +7,7 @@ use clap::Parser; use common::{logging::enable_logger, rfc6052::parse_network_specific_prefix}; use easy_tun::Tun; use interproto::protocols::ip::{translate_ipv4_to_ipv6, translate_ipv6_to_ipv4}; -use ipnet::Ipv6Net; +use ipnet::{IpNet, Ipv4Net, Ipv6Net}; use nix::unistd::Uid; use rfc6052::{embed_ipv4_addr_unchecked, extract_ipv4_addr_unchecked}; use std::{ @@ -48,7 +48,26 @@ pub async fn main() { } // Bring up a TUN interface + log::debug!("Creating new TUN interface"); let mut tun = Tun::new(&args.interface).unwrap(); + log::debug!("Created TUN interface: {}", tun.name()); + + // Configure the new interface + // - Bring up + // - Add IPv6 prefix as a route + // - Point IPv4 default route to the new interface + let rt_handle = rtnl::new_handle().unwrap(); + let tun_link_idx = rtnl::link::get_link_index(&rt_handle, tun.name()) + .await + .unwrap() + .unwrap(); + rtnl::link::link_up(&rt_handle, tun_link_idx).await.unwrap(); + rtnl::route::route_add(IpNet::V6(args.embed_prefix), &rt_handle, tun_link_idx) + .await + .unwrap(); + rtnl::route::route_add(IpNet::V4(Ipv4Net::default()), &rt_handle, tun_link_idx) + .await + .unwrap(); // Translate all incoming packets log::info!("Translating packets on {}", tun.name()); @@ -60,7 +79,7 @@ pub async fn main() { // Translate it based on the Layer 3 protocol number let layer_3_proto = buffer[0] >> 4; log::trace!("New packet with layer 3 protocol: {}", layer_3_proto); - let output = match layer_3_proto { + match match layer_3_proto { // IPv4 4 => translate_ipv4_to_ipv6( &buffer[..len], @@ -99,10 +118,25 @@ pub async fn main() { log::warn!("Unknown Layer 3 protocol: {}", proto); continue; } - } - .unwrap(); - - // Write the translated packet back to the TUN interface - tun.write(&output).unwrap(); + } { + Ok(data) => { + // Write the translated packet back to the TUN interface + tun.write(&data).unwrap(); + } + Err(error) => match error { + interproto::error::Error::PacketTooShort { expected, actual } => log::warn!( + "Got packet with length {} when expecting at least {} bytes", + actual, + expected + ), + interproto::error::Error::UnsupportedIcmpType(icmp_type) => { + log::warn!("Got a packet with an unsupported ICMP type: {}", icmp_type) + } + interproto::error::Error::UnsupportedIcmpv6Type(icmpv6_type) => log::warn!( + "Got a packet with an unsupported ICMPv6 type: {}", + icmpv6_type + ), + }, + }; } }