evan/protomask
1
Fork 0
Code

Implement metrics in interproto

Browse Source
This commit is contained in:
Evan Pratten 2023-08-03 16:58:44 -04:00
parent f69625c9b0
commit f2b2be54c8
12 changed files with 556 additions and 254 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Cargo.toml
View File

@ -47,6 +47,7 @@ members = [
"libs/interproto",
"libs/rfc6052",
"libs/rtnl",
"libs/protomask-metrics",
]
[[bin]]
@ -65,9 +66,10 @@ path = "src/protomask-6over4.rs"
# Internal dependencies
easy-tun = { path = "libs/easy-tun" }
fast-nat = { path = "libs/fast-nat" }
interproto = { path = "libs/interproto" }
interproto = { path = "libs/interproto", features = ["metrics"] }
rfc6052 = { path = "libs/rfc6052" }
rtnl = { path = "libs/rtnl", features = ["tokio"] }
protomask-metrics = { path = "libs/protomask-metrics" }
# External Dependencies
tokio = { version = "1.29.1", features = ["macros", "rt-multi-thread"] }

5
libs/interproto/Cargo.toml
View File

@ -12,7 +12,12 @@ license = "GPL-3.0"
keywords = []
categories = []
[features]
default = []
metrics = ["protomask-metrics"]
[dependencies]
protomask-metrics = { path = "../protomask-metrics", optional = true }
log = "^0.4"
pnet = "0.34.0"
thiserror = "^1.0.44"

33
libs/interproto/src/protocols/icmp/mod.rs
View File

@ -20,6 +20,8 @@ pub fn translate_icmp_to_icmpv6(
new_source: Ipv6Addr,
new_destination: Ipv6Addr,
) -> Result<Vec<u8>> {
// This scope is used to collect packet drop metrics
{
// Access the ICMP packet data in a safe way
let icmp_packet = IcmpPacket::new(icmp_packet).ok_or(Error::PacketTooShort {
expected: IcmpPacket::minimum_packet_size(),
@ -71,8 +73,21 @@ pub fn translate_icmp_to_icmpv6(
&new_destination,
));
// Track the translated packet
#[cfg(feature = "metrics")]
protomask_metrics::metric!(PACKET_COUNTER, PROTOCOL_ICMP, STATUS_TRANSLATED).inc();
// Return the translated packet
Ok(output_buffer)
}
.map_err(|error| {
// Track the dropped packet
#[cfg(feature = "metrics")]
protomask_metrics::metric!(PACKET_COUNTER, PROTOCOL_ICMP, STATUS_DROPPED).inc();
// Pass the error through
error
})
}
/// Translate an ICMPv6 packet to ICMP. This will make a best guess at the ICMP type and code since there is no 1:1 mapping.
@ -81,6 +96,8 @@ pub fn translate_icmpv6_to_icmp(
new_source: Ipv4Addr,
new_destination: Ipv4Addr,
) -> Result<Vec<u8>> {
// This scope is used to collect packet drop metrics
{
// Access the ICMPv6 packet data in a safe way
let icmpv6_packet = Icmpv6Packet::new(icmpv6_packet).ok_or(Error::PacketTooShort {
expected: Icmpv6Packet::minimum_packet_size(),
@ -114,7 +131,8 @@ pub fn translate_icmpv6_to_icmp(
let mut output_buffer = vec![0u8; Icmpv6Packet::minimum_packet_size() + payload.len()];
// NOTE: There is no way this can fail since we are creating the buffer with explicitly enough space.
let mut icmp_packet = unsafe { MutableIcmpPacket::new(&mut output_buffer).unwrap_unchecked() };
let mut icmp_packet =
unsafe { MutableIcmpPacket::new(&mut output_buffer).unwrap_unchecked() };
// Set the header fields
icmp_packet.set_icmp_type(icmp_type);
@ -126,6 +144,19 @@ pub fn translate_icmpv6_to_icmp(
// Calculate the checksum
icmp_packet.set_checksum(icmp::checksum(&icmp_packet.to_immutable()));
// Track the translated packet
#[cfg(feature = "metrics")]
protomask_metrics::metric!(PACKET_COUNTER, PROTOCOL_ICMPV6, STATUS_TRANSLATED).inc();
// Return the translated packet
Ok(output_buffer)
}
.map_err(|error| {
// Track the dropped packet
#[cfg(feature = "metrics")]
protomask_metrics::metric!(PACKET_COUNTER, PROTOCOL_ICMPV6, STATUS_DROPPED).inc();
// Pass the error through
error
})
}

36
libs/interproto/src/protocols/ip.rs
View File

@ -20,6 +20,8 @@ pub fn translate_ipv4_to_ipv6(
new_source: Ipv6Addr,
new_destination: Ipv6Addr,
) -> Result<Vec<u8>> {
// This scope is used to collect packet drop metrics
{
// Access the IPv4 packet data in a safe way
let ipv4_packet = Ipv4Packet::new(ipv4_packet).ok_or(Error::PacketTooShort {
expected: Ipv4Packet::minimum_packet_size(),
@ -55,7 +57,8 @@ pub fn translate_ipv4_to_ipv6(
let mut output_buffer = vec![0u8; Ipv6Packet::minimum_packet_size() + new_payload.len()];
// NOTE: There is no way this can fail since we are creating the buffer with explicitly enough space.
let mut ipv6_packet = unsafe { MutableIpv6Packet::new(&mut output_buffer).unwrap_unchecked() };
let mut ipv6_packet =
unsafe { MutableIpv6Packet::new(&mut output_buffer).unwrap_unchecked() };
// Set the header fields
ipv6_packet.set_version(6);
@ -71,8 +74,21 @@ pub fn translate_ipv4_to_ipv6(
// Copy the payload to the buffer
ipv6_packet.set_payload(&new_payload);
// Track the translated packet
#[cfg(feature = "metrics")]
protomask_metrics::metric!(PACKET_COUNTER, PROTOCOL_IPV4, STATUS_TRANSLATED).inc();
// Return the buffer
Ok(output_buffer)
}
.map_err(|error| {
// Track the dropped packet
#[cfg(feature = "metrics")]
protomask_metrics::metric!(PACKET_COUNTER, PROTOCOL_IPV4, STATUS_DROPPED).inc();
// Pass the error through
error
})
}
/// Translates an IPv6 packet into an IPv4 packet. The packet payload will be translated recursively as needed.
@ -81,6 +97,8 @@ pub fn translate_ipv6_to_ipv4(
new_source: Ipv4Addr,
new_destination: Ipv4Addr,
) -> Result<Vec<u8>> {
// This scope is used to collect packet drop metrics
{
// Access the IPv6 packet data in a safe way
let ipv6_packet = Ipv6Packet::new(ipv6_packet).ok_or(Error::PacketTooShort {
expected: Ipv6Packet::minimum_packet_size(),
@ -116,7 +134,8 @@ pub fn translate_ipv6_to_ipv4(
let mut output_buffer = vec![0u8; Ipv4Packet::minimum_packet_size() + new_payload.len()];
// NOTE: There is no way this can fail since we are creating the buffer with explicitly enough space.
let mut ipv4_packet = unsafe { MutableIpv4Packet::new(&mut output_buffer).unwrap_unchecked() };
let mut ipv4_packet =
unsafe { MutableIpv4Packet::new(&mut output_buffer).unwrap_unchecked() };
// Set the header fields
ipv4_packet.set_version(4);
@ -140,6 +159,19 @@ pub fn translate_ipv6_to_ipv4(
// Calculate the checksum
ipv4_packet.set_checksum(ipv4::checksum(&ipv4_packet.to_immutable()));
// Track the translated packet
#[cfg(feature = "metrics")]
protomask_metrics::metric!(PACKET_COUNTER, PROTOCOL_IPV6, STATUS_TRANSLATED).inc();
// Return the buffer
Ok(output_buffer)
}
.map_err(|error| {
// Track the dropped packet
#[cfg(feature = "metrics")]
protomask_metrics::metric!(PACKET_COUNTER, PROTOCOL_IPV6, STATUS_DROPPED).inc();
// Pass the error through
error
})
}

30
libs/interproto/src/protocols/tcp.rs
View File

@ -10,6 +10,8 @@ pub fn recalculate_tcp_checksum_ipv6(
new_source: Ipv6Addr,
new_destination: Ipv6Addr,
) -> Result<Vec<u8>> {
// This scope is used to collect packet drop metrics
{
// Clone the packet so we can modify it
let mut tcp_packet_buffer = tcp_packet.to_vec();
@ -28,8 +30,21 @@ pub fn recalculate_tcp_checksum_ipv6(
&new_destination,
));
// Track the translated packet
#[cfg(feature = "metrics")]
protomask_metrics::metric!(PACKET_COUNTER, PROTOCOL_TCP, STATUS_TRANSLATED).inc();
// Return the translated packet
Ok(tcp_packet_buffer)
}
.map_err(|error| {
// Track the dropped packet
#[cfg(feature = "metrics")]
protomask_metrics::metric!(PACKET_COUNTER, PROTOCOL_TCP, STATUS_DROPPED).inc();
// Pass the error through
error
})
}
/// Re-calculates a TCP packet's checksum with a new IPv4 pseudo-header.
@ -38,6 +53,8 @@ pub fn recalculate_tcp_checksum_ipv4(
new_source: Ipv4Addr,
new_destination: Ipv4Addr,
) -> Result<Vec<u8>> {
// This scope is used to collect packet drop metrics
{
// Clone the packet so we can modify it
let mut tcp_packet_buffer = tcp_packet.to_vec();
@ -56,8 +73,21 @@ pub fn recalculate_tcp_checksum_ipv4(
&new_destination,
));
// Track the translated packet
#[cfg(feature = "metrics")]
protomask_metrics::metric!(PACKET_COUNTER, PROTOCOL_TCP, STATUS_TRANSLATED).inc();
// Return the translated packet
Ok(tcp_packet_buffer)
}
.map_err(|error| {
// Track the dropped packet
#[cfg(feature = "metrics")]
protomask_metrics::metric!(PACKET_COUNTER, PROTOCOL_TCP, STATUS_DROPPED).inc();
// Pass the error through
error
})
}
#[cfg(test)]

30
libs/interproto/src/protocols/udp.rs
View File

@ -10,6 +10,8 @@ pub fn recalculate_udp_checksum_ipv6(
new_source: Ipv6Addr,
new_destination: Ipv6Addr,
) -> Result<Vec<u8>> {
// This scope is used to collect packet drop metrics
{
// Clone the packet so we can modify it
let mut udp_packet_buffer = udp_packet.to_vec();
@ -28,8 +30,21 @@ pub fn recalculate_udp_checksum_ipv6(
&new_destination,
));
// Track the translated packet
#[cfg(feature = "metrics")]
protomask_metrics::metric!(PACKET_COUNTER, PROTOCOL_UDP, STATUS_TRANSLATED).inc();
// Return the translated packet
Ok(udp_packet_buffer)
}
.map_err(|error| {
// Track the dropped packet
#[cfg(feature = "metrics")]
protomask_metrics::metric!(PACKET_COUNTER, PROTOCOL_UDP, STATUS_DROPPED).inc();
// Pass the error through
error
})
}
/// Re-calculates a UDP packet's checksum with a new IPv4 pseudo-header.
@ -38,6 +53,8 @@ pub fn recalculate_udp_checksum_ipv4(
new_source: Ipv4Addr,
new_destination: Ipv4Addr,
) -> Result<Vec<u8>> {
// This scope is used to collect packet drop metrics
{
// Clone the packet so we can modify it
let mut udp_packet_buffer = udp_packet.to_vec();
@ -56,8 +73,21 @@ pub fn recalculate_udp_checksum_ipv4(
&new_destination,
));
// Track the translated packet
#[cfg(feature = "metrics")]
protomask_metrics::metric!(PACKET_COUNTER, PROTOCOL_UDP, STATUS_TRANSLATED).inc();
// Return the translated packet
Ok(udp_packet_buffer)
}
.map_err(|error| {
// Track the dropped packet
#[cfg(feature = "metrics")]
protomask_metrics::metric!(PACKET_COUNTER, PROTOCOL_UDP, STATUS_DROPPED).inc();
// Pass the error through
error
})
}
#[cfg(test)]

18
libs/protomask-metrics/Cargo.toml Normal file
View File

@ -0,0 +1,18 @@
[package]
name = "protomask-metrics"
version = "0.1.0"
authors = ["Evan Pratten <ewpratten@gmail.com>"]
edition = "2021"
description = "Internal metrics library used by protomask"
readme = "README.md"
homepage = "https://github.com/ewpratten/protomask/tree/master/libs/protomask-metrics"
documentation = "https://docs.rs/protomask-metrics"
repository = "https://github.com/ewpratten/protomask"
license = "GPL-3.0"
keywords = []
categories = []
[dependencies]
log = "^0.4"
prometheus = "0.13.3"
lazy_static = "1.4.0"

1
libs/protomask-metrics/README.md Normal file
View File

@ -0,0 +1 @@
**`protomask-metrics` is exclusively for use in `protomask` and is not intended to be used on its own.**

10
libs/protomask-metrics/src/lib.rs Normal file
View File

@ -0,0 +1,10 @@
#![doc = include_str!("../README.md")]
#![deny(clippy::pedantic)]
#![allow(clippy::module_name_repetitions)]
#![allow(clippy::missing_errors_doc)]
#![allow(clippy::missing_panics_doc)]
pub mod metrics;
#[macro_use]
pub mod macros;

10
libs/protomask-metrics/src/macros.rs Normal file
View File

@ -0,0 +1,10 @@
/// A short-hand way to access one of the metrics in `protomask_metrics::metrics`
#[macro_export]
macro_rules! metric {
// Accept and name and multiple labels
($metric_name: ident, $($label_name: ident),+) => {
protomask_metrics::metrics::$metric_name.with_label_values(&[$(protomask_metrics::metrics::label_values::$label_name),+])
};
}

30
libs/protomask-metrics/src/metrics.rs Normal file
View File

@ -0,0 +1,30 @@
use lazy_static::lazy_static;
pub mod label_values {
/// IPv4 protocol
pub const PROTOCOL_IPV4: &str = "ipv4";
/// IPv6 protocol
pub const PROTOCOL_IPV6: &str = "ipv6";
/// ICMP protocol
pub const PROTOCOL_ICMP: &str = "icmp";
/// ICMPv6 protocol
pub const PROTOCOL_ICMPV6: &str = "icmpv6";
/// TCP protocol
pub const PROTOCOL_TCP: &str = "tcp";
/// UDP protocol
pub const PROTOCOL_UDP: &str = "udp";
/// Dropped status
pub const STATUS_DROPPED: &str = "dropped";
/// Translated status
pub const STATUS_TRANSLATED: &str = "translated";
}
lazy_static! {
/// Counter for the number of packets processed
pub static ref PACKET_COUNTER: prometheus::IntCounterVec = prometheus::register_int_counter_vec!(
"protomask_packets",
"Number of packets processed",
&["protocol", "status"]
).unwrap();
}

113
src/protomask.rs
View File

@ -1,9 +1,15 @@
use std::path::PathBuf;
use clap::Parser;
use common::{logging::enable_logger, rfc6052::parse_network_specific_prefix};
use ipnet::{Ipv4Net, Ipv6Net};
use easy_tun::Tun;
use fast_nat::CrossProtocolNetworkAddressTable;
use interproto::protocols::ip::{translate_ipv4_to_ipv6, translate_ipv6_to_ipv4};
use ipnet::{IpNet, Ipv4Net, Ipv6Net};
use nix::unistd::Uid;
use std::{
io::{BufRead, Read, Write},
net::{Ipv4Addr, Ipv6Addr},
path::PathBuf,
};
mod common;
@ -34,6 +40,15 @@ struct Args {
verbose: bool,
}
impl Args {
pub fn get_static_reservations(
&self,
) -> Result<Vec<(Ipv6Addr, Ipv4Addr)>, Box<dyn std::error::Error>> {
log::warn!("Static reservations are not yet implemented");
Ok(Vec::new())
}
}
#[derive(clap::Args)]
#[group(required = true, multiple = false)]
struct PoolArgs {
@ -47,8 +62,22 @@ struct PoolArgs {
}
impl PoolArgs {
pub fn prefixes(&self) -> Result<Vec<Ipv4Net>, std::io::Error> {
todo!()
/// Read all pool prefixes from the chosen source
pub fn prefixes(&self) -> Result<Vec<Ipv4Net>, Box<dyn std::error::Error>> {
match self.pool_prefixes.len() > 0 {
true => Ok(self.pool_prefixes.clone()),
false => {
let mut prefixes = Vec::new();
let file = std::fs::File::open(self.pool_file.as_ref().unwrap())?;
let reader = std::io::BufReader::new(file);
for line in reader.lines() {
let line = line?;
let prefix = line.parse::<Ipv4Net>()?;
prefixes.push(prefix);
}
Ok(prefixes)
}
}
}
}
@ -65,4 +94,78 @@ pub async fn main() {
log::error!("This program must be run as root");
std::process::exit(1);
}
// Bring up a TUN interface
log::debug!("Creating new TUN interface");
let mut tun = Tun::new(&args.interface).unwrap();
log::debug!("Created TUN interface: {}", tun.name());
// Get the interface index
let rt_handle = rtnl::new_handle().unwrap();
let tun_link_idx = rtnl::link::get_link_index(&rt_handle, tun.name())
.await
.unwrap()
.unwrap();
// Bring the interface up
rtnl::link::link_up(&rt_handle, tun_link_idx).await.unwrap();
// Add a route for the translation prefix
log::debug!(
"Adding route for {} to {}",
args.translation_prefix,
tun.name()
);
rtnl::route::route_add(IpNet::V6(args.translation_prefix), &rt_handle, tun_link_idx)
.await
.unwrap();
// Add a route for each NAT pool prefix
for pool_prefix in args.pool.prefixes().unwrap() {
log::debug!("Adding route for {} to {}", pool_prefix, tun.name());
rtnl::route::route_add(IpNet::V4(pool_prefix), &rt_handle, tun_link_idx)
.await
.unwrap();
}
// Set up the address table
let mut addr_table = CrossProtocolNetworkAddressTable::default();
for (v6_addr, v4_addr) in args.get_static_reservations().unwrap() {
addr_table.insert_indefinite(v4_addr, v6_addr);
}
// Translate all incoming packets
log::info!("Translating packets on {}", tun.name());
let mut buffer = vec![0u8; 1500];
// loop {
// // Read a packet
// let len = tun.read(&mut buffer).unwrap();
// // Translate it based on the Layer 3 protocol number
// if let Some(output) = handle_packet(
// &buffer[..len],
// // IPv4 -> IPv6
// |packet, source, dest| {
// // translate_ipv4_to_ipv6(
// // packet,
// // unsafe { embed_ipv4_addr_unchecked(*source, args.embed_prefix) },
// // unsafe { embed_ipv4_addr_unchecked(*dest, args.embed_prefix) },
// // )
// todo!()
// },
// // IPv6 -> IPv4
// |packet, source, dest| {
// // translate_ipv6_to_ipv4(
// // packet,
// // unsafe { extract_ipv4_addr_unchecked(*source, args.embed_prefix.prefix_len()) },
// // unsafe { extract_ipv4_addr_unchecked(*dest, args.embed_prefix.prefix_len()) },
// // )
// todo!()
// },
// ) {
// // Write the packet if we get one back from the handler functions
// tun.write_all(&output).unwrap();
// }
// }
}