add ip6in4 tunnel

drunkirishcoder · drunkirishcoder · commit 0626f2266440 · 2022-01-08T22:14:29.000-05:00
diff --git a/core/src/packets/ip/mod.rs b/core/src/packets/ip/mod.rs
@@ -65,6 +65,9 @@ pub mod ProtocolNumbers {
     /// IPv4 encapsulation.
     pub const Ipv4: ProtocolNumber = ProtocolNumber(0x04);
 
+    /// IPv6 encapsulation.
+    pub const Ipv6: ProtocolNumber = ProtocolNumber(0x29);
+
     /// Routing Header for IPv6.
     pub const Ipv6Route: ProtocolNumber = ProtocolNumber(0x2B);
 
@@ -87,6 +90,7 @@ impl fmt::Display for ProtocolNumber {
                 ProtocolNumbers::Tcp => "TCP".to_string(),
                 ProtocolNumbers::Udp => "UDP".to_string(),
                 ProtocolNumbers::Ipv4 => "IPv4".to_string(),
+                ProtocolNumbers::Ipv6 => "IPv6".to_string(),
                 ProtocolNumbers::Ipv6Route => "IPv6 Route".to_string(),
                 ProtocolNumbers::Ipv6Frag => "IPv6 Frag".to_string(),
                 ProtocolNumbers::Icmpv4 => "ICMPv4".to_string(),
@@ -278,6 +282,7 @@ mod tests {
         assert_eq!("TCP", ProtocolNumbers::Tcp.to_string());
         assert_eq!("UDP", ProtocolNumbers::Udp.to_string());
         assert_eq!("IPv4", ProtocolNumbers::Ipv4.to_string());
+        assert_eq!("IPv6", ProtocolNumbers::Ipv6.to_string());
         assert_eq!("IPv6 Route", ProtocolNumbers::Ipv6Route.to_string());
         assert_eq!("IPv6 Frag", ProtocolNumbers::Ipv6Frag.to_string());
         assert_eq!("ICMPv4", ProtocolNumbers::Icmpv4.to_string());
diff --git a/core/src/packets/ip/tunnels/ip6in4.rs b/core/src/packets/ip/tunnels/ip6in4.rs
@@ -0,0 +1,172 @@
+/*
+* Copyright 2019 Comcast Cable Communications Management, LLC
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*
+* SPDX-License-Identifier: Apache-2.0
+*/
+
+//! IPv6 in IPv4 tunnel.
+
+use crate::ensure;
+use crate::packets::ethernet::{EtherTypes, Ethernet};
+use crate::packets::ip::v4::Ipv4;
+use crate::packets::ip::v6::Ipv6;
+use crate::packets::ip::ProtocolNumbers;
+use crate::packets::{Datalink, Packet, Tunnel};
+use anyhow::{anyhow, Result};
+use std::marker::PhantomData;
+
+/// [IPv6] encapsulation within [IPv4] based on [IETF RFC 4213].
+///
+/// An IPv4 compatibility mechanisms designed to be employed by IPv6 hosts
+/// and routers that need to interoperate with IPv4 hosts and utilize IPv4
+/// routing infrastructures.
+///
+///                                              +-------------+
+///                                              |    IPv4     |
+///                                              |   Header    |
+///              +-------------+                 +-------------+
+///              |    IPv6     |                 |    IPv6     |
+///              |   Header    |                 |   Header    |
+///              +-------------+                 +-------------+
+///              |  Transport  |                 |  Transport  |
+///              |   Layer     |      ===>       |   Layer     |
+///              |   Header    |                 |   Header    |
+///              +-------------+                 +-------------+
+///              |             |                 |             |
+///              ~    Data     ~                 ~    Data     ~
+///              |             |                 |             |
+///              +-------------+                 +-------------+
+///
+/// [IPv6]: Ipv6
+/// [IPv4]: Ipv4
+/// [IETF RFC 4213]: https://datatracker.ietf.org/doc/html/rfc4213
+#[derive(Debug)]
+pub struct Ip6in4<E: Datalink = Ethernet> {
+    _phantom: PhantomData<E>,
+}
+
+impl<E: Datalink> Tunnel for Ip6in4<E> {
+    type Payload = Ipv6<E>;
+    type Delivery = Ipv4<E>;
+
+    /// Encapsulates the existing IPv6 packet by prepending an outer IPv4
+    /// packet.
+    ///
+    /// The DSCP and ECN options are copied from existing header to the new
+    /// outer header.
+    ///
+    /// # Errors
+    ///
+    /// Returns an error if the payload's hop limit is `0`. The packet should
+    /// be discarded.
+    fn encap(payload: Self::Payload) -> Result<Self::Delivery> {
+        ensure!(
+            payload.hop_limit() != 0,
+            anyhow!("payload's hop limit is 0.")
+        );
+
+        let dscp = payload.dscp();
+        let ecn = payload.ecn();
+
+        let envelope = payload.deparse();
+        let mut delivery = envelope.push::<Self::Delivery>()?;
+        delivery.set_dscp(dscp);
+        delivery.set_ecn(ecn);
+        delivery.set_protocol(ProtocolNumbers::Ipv6);
+        delivery.reconcile_all();
+
+        Ok(delivery)
+    }
+
+    /// Decapsulates the outer IPv4 packet and returns the original payload
+    /// IPv6 packet.
+    ///
+    /// # Errors
+    ///
+    /// Returns an error if the protocol is not set to `ProtocolNumbers::Ipv6`,
+    /// indicating the packet is not from an Ip6in4 tunnel.
+    fn decap(delivery: Self::Delivery) -> Result<Self::Payload> {
+        ensure!(
+            delivery.protocol() == ProtocolNumbers::Ipv6,
+            anyhow!("not an Ip6in4 tunnel.")
+        );
+
+        let mut envelope = delivery.remove()?;
+        envelope.set_protocol_type(EtherTypes::Ipv6);
+        envelope.parse::<Self::Payload>()
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::packets::ethernet::Ethernet;
+    use crate::packets::icmp::v6::EchoRequest;
+    use crate::packets::Mbuf;
+    use crate::testils::byte_arrays::{IP6IN4_PACKET, IPIP_PACKET};
+
+    #[capsule::test]
+    fn encap_ip6in4_payload() {
+        let packet = Mbuf::new().unwrap();
+        let ethernet = packet.push::<Ethernet>().unwrap();
+        let ip6 = ethernet.push::<Ipv6>().unwrap();
+        let mut ip6 = ip6.push::<EchoRequest>().unwrap().deparse();
+        ip6.set_dscp(5);
+        ip6.set_ecn(1);
+        ip6.reconcile();
+        let payload_len = ip6.len();
+
+        let delivery = ip6.encap::<Ip6in4>().unwrap();
+        assert_eq!(5, delivery.dscp());
+        assert_eq!(1, delivery.ecn());
+        assert_eq!(payload_len + 20, delivery.len());
+    }
+
+    #[capsule::test]
+    fn encap_0_hop_limit_payload() {
+        let packet = Mbuf::new().unwrap();
+        let ethernet = packet.push::<Ethernet>().unwrap();
+        let ip6 = ethernet.push::<Ipv6>().unwrap();
+        let mut ip6 = ip6.push::<EchoRequest>().unwrap().deparse();
+        ip6.set_hop_limit(0);
+        ip6.reconcile();
+
+        assert!(ip6.encap::<Ip6in4>().is_err());
+    }
+
+    #[capsule::test]
+    fn decap_ip6in4_delivery() {
+        let packet = Mbuf::from_bytes(&IP6IN4_PACKET).unwrap();
+        let ethernet = packet.parse::<Ethernet>().unwrap();
+        let delivery = ethernet.parse::<Ipv4>().unwrap();
+        let payload = delivery.decap::<Ip6in4>().unwrap();
+
+        assert_eq!("2001:db8:0:1::1", payload.src().to_string());
+        assert_eq!("2001:db8:0:1::2", payload.dst().to_string());
+
+        // parse the payload's payload to verify packet integrity
+        assert!(payload.parse::<EchoRequest>().is_ok());
+    }
+
+    #[capsule::test]
+    fn decap_not_ip6in4() {
+        let packet = Mbuf::from_bytes(&IPIP_PACKET).unwrap();
+        let ethernet = packet.parse::<Ethernet>().unwrap();
+        let not6in4 = ethernet.parse::<Ipv4>().unwrap();
+
+        // not an ip6in4 tunnel
+        assert!(not6in4.decap::<Ip6in4>().is_err());
+    }
+}
diff --git a/core/src/packets/ip/tunnels/ipip.rs b/core/src/packets/ip/tunnels/ipip.rs
@@ -105,7 +105,7 @@ impl<E: Datalink> Tunnel for IpIp<E> {
     fn decap(delivery: Self::Delivery) -> Result<Self::Payload> {
         ensure!(
             delivery.protocol() == ProtocolNumbers::Ipv4,
-            anyhow!("not an IPIP tunnel.")
+            anyhow!("not an IpIp tunnel.")
         );
 
         let envelope = delivery.remove()?;
@@ -119,7 +119,7 @@ mod tests {
     use crate::packets::ethernet::Ethernet;
     use crate::packets::icmp::v4::EchoRequest;
     use crate::packets::Mbuf;
-    use crate::testils::byte_arrays::IPIP_PACKET;
+    use crate::testils::byte_arrays::{IP6IN4_PACKET, IPIP_PACKET};
 
     #[capsule::test]
     fn encap_ipip_payload() {
@@ -141,7 +141,7 @@ mod tests {
     }
 
     #[capsule::test]
-    fn encap_0ttl_payload() {
+    fn encap_0_ttl_payload() {
         let packet = Mbuf::new().unwrap();
         let ethernet = packet.push::<Ethernet>().unwrap();
         let ip4 = ethernet.push::<Ipv4>().unwrap();
@@ -168,12 +168,11 @@ mod tests {
 
     #[capsule::test]
     fn decap_not_ipip() {
-        let packet = Mbuf::new().unwrap();
-        let ethernet = packet.push::<Ethernet>().unwrap();
-        let ip4 = ethernet.push::<Ipv4>().unwrap();
-        let notipip = ip4.push::<EchoRequest>().unwrap().deparse();
+        let packet = Mbuf::from_bytes(&IP6IN4_PACKET).unwrap();
+        let ethernet = packet.parse::<Ethernet>().unwrap();
+        let notipip = ethernet.parse::<Ipv4>().unwrap();
 
-        // the protocol is icmpv4 not ipv4, not an ipip tunnel
+        // not an ipip tunnel
         assert!(notipip.decap::<IpIp>().is_err());
     }
 }
diff --git a/core/src/packets/ip/tunnels/mod.rs b/core/src/packets/ip/tunnels/mod.rs
@@ -18,6 +18,8 @@
 
 //! Various IP in IP tunnels.
 
+mod ip6in4;
 mod ipip;
 
+pub use self::ip6in4::*;
 pub use self::ipip::*;
diff --git a/core/src/testils/byte_arrays.rs b/core/src/testils/byte_arrays.rs
@@ -424,14 +424,40 @@ pub const IPIP_PACKET: [u8; 134] = [
     0x08, 0x00,
     0x43, 0x05,
     // echo request payload data
-    0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x09, 0x3b, 0x38, 0xab, 0xcd, 0xab, 0xcd,
-    0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
-    0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
-    0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
-    0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
-    0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
-    0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
-    0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
-    0xab, 0xcd, 0xab, 0xcd
+    0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x3b, 0x38, 0xab, 0xcd, 0xab, 0xcd,
+    0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
+    0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
+    0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
+    0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd
+];
+
+/// IPv6 in IPv4 tunnel packet.
+#[rustfmt::skip]
+pub const IP6IN4_PACKET: [u8; 134] = [
+// ethernet header
+    0xc2, 0x01, 0x42, 0x02, 0x00, 0x00,
+    0xc2, 0x00, 0x42, 0x02, 0x00, 0x00,
+    0x08, 0x00,
+// delivery IPv4 header
+    0x45, 0x00,
+    0x00, 0x78,
+    0x00, 0x09, 0x00, 0x00,
+    0xff, 0x29, 0xa7, 0x51,
+    0x0a, 0x00, 0x00, 0x01,
+    0x0a, 0x00, 0x00, 0x02,
+// payload IPv6 header
+    0x60, 0x00, 0x00, 0x00,
+    0x00, 0x3c,
+    0x3a,
+    0x40,
+    0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+    0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+// payload ICMPv6 header
+    0x80, 0x00,
+    0x7e, 0x8f,
+    // echo request payload data
+    0x18, 0xdc, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
+    0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
+    0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33
 ];
