cleanup

2023-07-19 15:27:03 -04:00 · 2023-07-19 15:27:03 -04:00 · a2b6a77d82
commit a2b6a77d82
parent c6db02c80a
6 changed files with 54 additions and 44 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -1,3 +1,3 @@
+/protomask-tun/target
 /target
-!/target/x86_64-unknown-linux-musl/release/protomask
-/.github
+!/target/x86_64-unknown-linux-musl/release/protomask
--- a/7
+++ b/7
@ -1,7 +0,0 @@
-FROM alpine:latest
-
-# Copy the binary from the builder container
-COPY ./target/x86_64-unknown-linux-musl/release/protomask /usr/local/bin/protomask
-
-# NOTE: We expect the config file to be mounted at /etc/protomask.toml
-ENTRYPOINT ["/usr/local/bin/protomask", "/etc/protomask.toml"]
--- a/19
+++ b/19
@ -1,9 +1,16 @@
-SRC=$(wildcard src/*.rs) $(wildcard src/**/*.rs) $(wildcard src/**/**/*.rs) Cargo.toml
+# All sources used to build the protomask binary
+SRC = Cargo.toml $(shell find src/ -type f -name '*.rs') $(shell find protomask-tun/src/ -type f -name '*.rs')

-target/debug/protomask: $(SRC)
-	cross build --target x86_64-unknown-linux-musl
-	sudo setcap cap_net_admin=eip $@
+# Used to auto-version things
+GIT_HASH ?= $(shell git log --format="%h" -n 1)

-target/release/protomask: $(SRC)
+# Release binary for x64
+target/x86_64-unknown-linux-musl/release/protomask: $(SRC)
 	cross build --target x86_64-unknown-linux-musl --release
-	sudo setcap cap_net_admin=eip $@
+#	sudo setcap cap_net_admin=eip $@
+
+# Release binary for aarch64
+target/aarch64-unknown-linux-musl/release/protomask: $(SRC)
+	cross build --target aarch64-unknown-linux-musl --release
+#	sudo setcap cap_net_admin=eip $@
+
--- a/scripts/build_release_packages.sh
+++ b/scripts/build_release_packages.sh
@ -1,10 +0,0 @@
-#! /bin/bash
-# Builds everything needed for a new release
-set -ex
-
-# Build RPM
-cargo rpm build
-
-# Build Docker image
-cross build --release --target x86_64-unknown-linux-musl
-docker build -t ewpratten/protomask:latest .
--- a/src/nat/error.rs
+++ b/src/nat/error.rs
@ -0,0 +1,15 @@
+#[derive(Debug, thiserror::Error)]
+pub enum Nat64Error {
+    #[error(transparent)]
+    TableError(#[from] super::table::TableError),
+    #[error(transparent)]
+    TunError(#[from] protomask_tun::Error),
+    #[error(transparent)]
+    IoError(#[from] std::io::Error),
+    #[error(transparent)]
+    PacketHandlingError(#[from] crate::packet::error::PacketError),
+    #[error(transparent)]
+    PacketReceiveError(#[from] tokio::sync::broadcast::error::RecvError),
+    #[error(transparent)]
+    PacketSendError(#[from] tokio::sync::mpsc::error::SendError<Vec<u8>>),
+}
--- a/src/nat/mod.rs
+++ b/src/nat/mod.rs
@ -4,6 +4,7 @@ use crate::packet::{
 };

 use self::{
+    error::Nat64Error,
    table::Nat64Table,
    utils::{embed_address, extract_address},
 };
@ -13,29 +14,12 @@ use std::{
    net::{IpAddr, Ipv4Addr, Ipv6Addr},
    time::Duration,
 };
-use tokio::sync::{broadcast, mpsc};
+use tokio::sync::broadcast;

+mod error;
 mod table;
 mod utils;

-#[derive(Debug, thiserror::Error)]
-pub enum Nat64Error {
-    #[error(transparent)]
-    TableError(#[from] table::TableError),
-    #[error(transparent)]
-    TunError(#[from] protomask_tun::Error),
-    #[error(transparent)]
-    IoError(#[from] std::io::Error),
-    // #[error(transparent)]
-    // XlatError(#[from] xlat::PacketTranslationError),
-    #[error(transparent)]
-    PacketHandlingError(#[from] crate::packet::error::PacketError),
-    #[error(transparent)]
-    PacketReceiveError(#[from] broadcast::error::RecvError),
-    #[error(transparent)]
-    PacketSendError(#[from] mpsc::error::SendError<Vec<u8>>),
-}
-
 pub struct Nat64 {
    table: Nat64Table,
    interface: TunDevice,
@ -116,11 +100,32 @@ impl Nat64 {
                            // Parse the packet
                            let packet: Ipv6Packet<Vec<u8>> = packet.try_into()?;

+                            // Drop packets "coming from" the NAT64 prefix
+                            if self.ipv6_nat_prefix.contains(&packet.source_address) {
+                                log::warn!(
+                                    "Dropping packet \"from\" NAT64 prefix: {} -> {}",
+                                    packet.source_address,
+                                    packet.destination_address
+                                );
+                                continue;
+                            }
+
                            // Get the new source and dest addresses
                            let new_source =
                                self.table.get_or_assign_ipv4(packet.source_address)?;
                            let new_destination = extract_address(packet.destination_address);

+                            // Drop packets destined for private IPv4 addresses
+                            if new_destination.is_private() {
+                                log::warn!(
+                                    "Dropping packet destined for private IPv4 address: {} -> {} ({})",
+                                    packet.source_address,
+                                    packet.destination_address,
+                                    new_destination
+                                );
+                                continue;
+                            }
+
                            // Spawn a task to process the packet
                            tokio::spawn(async move {
                                let output =