add ipip tunnel

Author: drunkirishcoder

core/src/packets/icmp/v6/ndp/mod.rs

@@ -814,19 +814,19 @@ mod tests {
     /// ICMPv6 packet with invalid MTU-option length.
     #[rustfmt::skip]
     const INVALID_OPTION_LENGTH: [u8;78] = [
-        // ** ethernet Header
+    // ethernet Header
         0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
         0x86, 0xDD,
-        // ** IPv6 Header
+    // IPv6 Header
         0x60, 0x00, 0x00, 0x00,
         // payload length
         0x00, 0x18,
         0x3a,
         0xff,
         0xfe, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xd4, 0xf0, 0x45, 0xff, 0xfe, 0x0c, 0x66, 0x4b,
         0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
-        // ** ICMPv6 Header
+    // ICMPv6 Header
         // type
         0x86,
         // code

core/src/packets/ip/mod.rs

@@ -18,6 +18,7 @@
 
 //! Internet Protocol v4 and v6.
 
+pub mod tunnels;
 pub mod v4;
 pub mod v6;
 
@@ -61,17 +62,20 @@ pub mod ProtocolNumbers {
     /// User Datagram Protocol.
     pub const Udp: ProtocolNumber = ProtocolNumber(0x11);
 
+    /// IPv4 encapsulation.
+    pub const Ipv4: ProtocolNumber = ProtocolNumber(0x04);
+
     /// Routing Header for IPv6.
     pub const Ipv6Route: ProtocolNumber = ProtocolNumber(0x2B);
 
     /// Fragment Header for IPv6.
     pub const Ipv6Frag: ProtocolNumber = ProtocolNumber(0x2C);
 
-    /// Internet Control Message Protocol for IPv6.
-    pub const Icmpv6: ProtocolNumber = ProtocolNumber(0x3A);
-
     /// Internet Control Message Protocol for IPv4.
     pub const Icmpv4: ProtocolNumber = ProtocolNumber(0x01);
+
+    /// Internet Control Message Protocol for IPv6.
+    pub const Icmpv6: ProtocolNumber = ProtocolNumber(0x3A);
 }
 
 impl fmt::Display for ProtocolNumber {
@@ -82,10 +86,11 @@ impl fmt::Display for ProtocolNumber {
             match *self {
                 ProtocolNumbers::Tcp => "TCP".to_string(),
                 ProtocolNumbers::Udp => "UDP".to_string(),
+                ProtocolNumbers::Ipv4 => "IPv4".to_string(),
                 ProtocolNumbers::Ipv6Route => "IPv6 Route".to_string(),
                 ProtocolNumbers::Ipv6Frag => "IPv6 Frag".to_string(),
-                ProtocolNumbers::Icmpv6 => "ICMPv6".to_string(),
                 ProtocolNumbers::Icmpv4 => "ICMPv4".to_string(),
+                ProtocolNumbers::Icmpv6 => "ICMPv6".to_string(),
                 _ => format!("0x{:02x}", self.0),
             }
         )
@@ -272,10 +277,11 @@ mod tests {
     fn protocol_number_to_string() {
         assert_eq!("TCP", ProtocolNumbers::Tcp.to_string());
         assert_eq!("UDP", ProtocolNumbers::Udp.to_string());
+        assert_eq!("IPv4", ProtocolNumbers::Ipv4.to_string());
         assert_eq!("IPv6 Route", ProtocolNumbers::Ipv6Route.to_string());
         assert_eq!("IPv6 Frag", ProtocolNumbers::Ipv6Frag.to_string());
-        assert_eq!("ICMPv6", ProtocolNumbers::Icmpv6.to_string());
         assert_eq!("ICMPv4", ProtocolNumbers::Icmpv4.to_string());
+        assert_eq!("ICMPv6", ProtocolNumbers::Icmpv6.to_string());
         assert_eq!("0x00", ProtocolNumber::new(0).to_string());
     }
 }

core/src/packets/ip/tunnels/ipip.rs

@@ -0,0 +1,179 @@
+/*
+* Copyright 2019 Comcast Cable Communications Management, LLC
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*
+* SPDX-License-Identifier: Apache-2.0
+*/
+
+//! IPv4 in IPv4 tunnel.
+
+use crate::ensure;
+use crate::packets::ethernet::Ethernet;
+use crate::packets::ip::v4::Ipv4;
+use crate::packets::ip::ProtocolNumbers;
+use crate::packets::{Datalink, Packet, Tunnel};
+use anyhow::{anyhow, Result};
+use std::marker::PhantomData;
+
+/// [IPv4] encapsulation within IPv4 based on [IETF RFC 2003].
+///
+/// IP in IP tunnel connects two separate IPv4 networks. an outer IP header
+/// is inserted before the datagram's existing IP header, as follows:
+///
+///                                     +---------------------------+
+///                                     |                           |
+///                                     |      Outer IP Header      |
+///                                     |                           |
+/// +---------------------------+       +---------------------------+
+/// |                           |       |                           |
+/// |         IP Header         |       |         IP Header         |
+/// |                           |       |                           |
+/// +---------------------------+ ====> +---------------------------+
+/// |                           |       |                           |
+/// |                           |       |                           |
+/// |         IP Payload        |       |         IP Payload        |
+/// |                           |       |                           |
+/// |                           |       |                           |
+/// +---------------------------+       +---------------------------+
+///
+/// This tunnel only supports unicast packets.
+///
+/// [IPv4]: Ipv4
+/// [IETF RFC 2003]: https://datatracker.ietf.org/doc/html/rfc2003
+#[derive(Debug)]
+pub struct IpIp<E: Datalink = Ethernet> {
+    _phantom: PhantomData<E>,
+}
+
+impl<E: Datalink> Tunnel for IpIp<E> {
+    type Payload = Ipv4<E>;
+    type Delivery = Ipv4<E>;
+
+    /// Encapsulates the existing IPv4 packet by prepending an outer IPv4
+    /// packet.
+    ///
+    /// The DSCP and ECN options are copied from existing header to the new
+    /// outer header.
+    ///
+    /// # Remarks
+    ///
+    /// If the 'don't fragment' flag is set to true on the outer header, it
+    /// must not be unset. Otherwise, it may be set after tunnel encapsulation.
+    ///
+    /// # Errors
+    ///
+    /// Returns an error if the payload's time-to-live is `0`. The packet
+    /// should be discarded.
+    fn encap(payload: Self::Payload) -> Result<Self::Delivery> {
+        ensure!(payload.ttl() != 0, anyhow!("payload's TTL is 0."));
+
+        let dscp = payload.dscp();
+        let ecn = payload.ecn();
+        let dont_fragment = payload.dont_fragment();
+
+        let envelope = payload.deparse();
+        let mut delivery = envelope.push::<Self::Delivery>()?;
+        delivery.set_dscp(dscp);
+        delivery.set_ecn(ecn);
+        if dont_fragment {
+            delivery.set_dont_fragment();
+        }
+        delivery.set_protocol(ProtocolNumbers::Ipv4);
+        delivery.reconcile_all();
+
+        Ok(delivery)
+    }
+
+    /// Decapsulates the outer IPv4 packet and returns the original payload
+    /// IPv4 packet.
+    ///
+    /// # Errors
+    ///
+    /// Returns an error if the protocol is not set to `ProtocolNumbers::Ipv4`,
+    /// indicating the packet is not from an IpIp tunnel.
+    fn decap(delivery: Self::Delivery) -> Result<Self::Payload> {
+        ensure!(
+            delivery.protocol() == ProtocolNumbers::Ipv4,
+            anyhow!("not an IPIP tunnel.")
+        );
+
+        let envelope = delivery.remove()?;
+        envelope.parse::<Self::Payload>()
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::packets::ethernet::Ethernet;
+    use crate::packets::icmp::v4::EchoRequest;
+    use crate::packets::Mbuf;
+    use crate::testils::byte_arrays::IPIP_PACKET;
+
+    #[capsule::test]
+    fn encap_ipip_payload() {
+        let packet = Mbuf::new().unwrap();
+        let ethernet = packet.push::<Ethernet>().unwrap();
+        let ip4 = ethernet.push::<Ipv4>().unwrap();
+        let mut ip4 = ip4.push::<EchoRequest>().unwrap().deparse();
+        ip4.set_dscp(5);
+        ip4.set_ecn(1);
+        ip4.set_dont_fragment();
+        ip4.reconcile();
+        let payload_len = ip4.len();
+
+        let delivery = ip4.encap::<IpIp>().unwrap();
+        assert_eq!(5, delivery.dscp());
+        assert_eq!(1, delivery.ecn());
+        assert!(delivery.dont_fragment());
+        assert_eq!(payload_len + 20, delivery.len());
+    }
+
+    #[capsule::test]
+    fn encap_0ttl_payload() {
+        let packet = Mbuf::new().unwrap();
+        let ethernet = packet.push::<Ethernet>().unwrap();
+        let ip4 = ethernet.push::<Ipv4>().unwrap();
+        let mut ip4 = ip4.push::<EchoRequest>().unwrap().deparse();
+        ip4.set_ttl(0);
+        ip4.reconcile();
+
+        assert!(ip4.encap::<IpIp>().is_err());
+    }
+
+    #[capsule::test]
+    fn decap_ipip_delivery() {
+        let packet = Mbuf::from_bytes(&IPIP_PACKET).unwrap();
+        let ethernet = packet.parse::<Ethernet>().unwrap();
+        let delivery = ethernet.parse::<Ipv4>().unwrap();
+        let payload = delivery.decap::<IpIp>().unwrap();
+
+        assert_eq!("1.1.1.1", payload.src().to_string());
+        assert_eq!("2.2.2.2", payload.dst().to_string());
+
+        // parse the payload's payload to verify packet integrity
+        assert!(payload.parse::<EchoRequest>().is_ok());
+    }
+
+    #[capsule::test]
+    fn decap_not_ipip() {
+        let packet = Mbuf::new().unwrap();
+        let ethernet = packet.push::<Ethernet>().unwrap();
+        let ip4 = ethernet.push::<Ipv4>().unwrap();
+        let notipip = ip4.push::<EchoRequest>().unwrap().deparse();
+
+        // the protocol is icmpv4 not ipv4, not an ipip tunnel
+        assert!(notipip.decap::<IpIp>().is_err());
+    }
+}

core/src/packets/ip/tunnels/mod.rs

@@ -0,0 +1,23 @@
+/*
+* Copyright 2019 Comcast Cable Communications Management, LLC
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*
+* SPDX-License-Identifier: Apache-2.0
+*/
+
+//! Various IP in IP tunnels.
+
+mod ipip;
+
+pub use self::ipip::*;

core/src/packets/mod.rs

@@ -300,6 +300,30 @@ pub trait Packet {
         self.reconcile();
         self.envelope_mut().reconcile_all();
     }
+
+    /// Encapsulates the packet in a tunnel.
+    ///
+    /// Returns the delivery packet added by the tunnel. Once encapsulated,
+    /// the current packet and the current payload must not be modified.
+    /// The delivery packet treats the current packet as its opaque payload.
+    #[inline]
+    fn encap<T: Tunnel<Payload = Self>>(self) -> Result<T::Delivery>
+    where
+        Self: Sized,
+    {
+        T::encap(self)
+    }
+
+    /// Decapsulates the tunnel by removing the delivery packet.
+    ///
+    /// Returns the payload packet encapsulated in the tunnel.
+    #[inline]
+    fn decap<T: Tunnel<Delivery = Self>>(self) -> Result<T::Payload>
+    where
+        Self: Sized,
+    {
+        T::decap(self)
+    }
 }
 
 /// A trait datalink layer protocol can implement.
@@ -325,6 +349,39 @@ pub trait Datalink: Packet {
     fn set_protocol_type(&mut self, ether_type: EtherType);
 }
 
+/// A trait all tunnel protocols must implement.
+///
+/// This trait defines how the entry point should encapsulate the payload
+/// packet, and how the exit point should decapsulate the delivery packet.
+pub trait Tunnel {
+    /// The original packet type before entering the tunnel.
+    type Payload: Packet;
+
+    /// The packet type tunnel uses to deliver the datagram to the tunnel
+    /// exit point.
+    type Delivery: Packet;
+
+    /// Encapsulates the original packet and returns the new delivery packet.
+    ///  
+    /// Once encapsulated, the original packet and its payload becomes the
+    /// opaque payload of the newly prepended delivery packet. The original
+    /// packet cannot be parsed and manipulated until it's decapsulated. The
+    /// encapsulator must construct the payload packet in its entirety before
+    /// invoking this.
+    ///  
+    /// A tunnel protocol, for example GRE, may add multiple delivery packet
+    /// headers to the datagram. The return type should be the first
+    /// prepended packet type in the protocol stack.
+    fn encap(payload: Self::Payload) -> Result<Self::Delivery>;
+
+    /// Decapsulates the delivery packet and returns the original packet.
+    ///
+    /// Once decapsulated, the content of the delivery packet(s) are lost.
+    /// The decapsulator is responsible for caching the information before
+    /// invoking this.
+    fn decap(delivery: Self::Delivery) -> Result<Self::Payload>;
+}
+
 /// Immutable smart pointer to a struct.
 ///
 /// A smart pointer that prevents the struct from being modified. The main

core/src/testils/byte_arrays.rs

@@ -398,3 +398,40 @@ pub const ROUTER_SOLICIT_PACKET: [u8; 70] = [
     // source link-layer address option
     0x01, 0x01, 0x70, 0x3a, 0xcb, 0x1b, 0xf9, 0x7a
 ];
+
+/// IPv4 in IPv4 tunnel packet.
+#[rustfmt::skip]
+pub const IPIP_PACKET: [u8; 134] = [
+// ethernet header
+    0xc2, 0x01, 0x57, 0x75, 0x00, 0x00,
+    0xc2, 0x00, 0x57, 0x75, 0x00, 0x00,
+    0x08, 0x00,
+// delivery IPv4 header
+    0x45, 0x00,
+    0x00, 0x78,
+    0x00, 0x14, 0x00, 0x00,
+    0xff, 0x04, 0xa7, 0x6b,
+    0x0a, 0x00, 0x00, 0x01,
+    0x0a, 0x00, 0x00, 0x02,
+// payload IPv4 header
+    0x45, 0x00,
+    0x00, 0x64,
+    0x00, 0x14, 0x00, 0x00,
+    0xff, 0x01, 0xb5, 0x7f,
+    0x01, 0x01, 0x01, 0x01,
+    0x02, 0x02, 0x02, 0x02,
+// payload ICMPv4 header
+    0x08, 0x00,
+    0x43, 0x05,
+    // echo request payload data
+    0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x09, 0x3b, 0x38, 0xab, 0xcd, 0xab, 0xcd,
+    0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
+    0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
+    0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
+    0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
+    0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
+    0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
+    0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
+    0xab, 0xcd, 0xab, 0xcd
+];