resolved conflicts for merge of e50d5767 to klp-modular-dev-plus-aosp
Change-Id: Id1c0debfcbbfd76641368b481afc8b96cd822705
diff --git a/Android.mk b/Android.mk
index ec1eeb7..35bc498 100644
--- a/Android.mk
+++ b/Android.mk
@@ -3,16 +3,18 @@
LOCAL_SRC_FILES:=clatd.c dump.c checksum.c translate.c icmp.c ipv4.c ipv6.c config.c dns64.c logging.c getaddr.c getroute.c netlink_callbacks.c netlink_msg.c setif.c setroute.c mtu.c
-LOCAL_CFLAGS := -Wall -Werror -Wno-unused-parameter
-LOCAL_C_INCLUDES := external/libnl-headers
-LOCAL_STATIC_LIBRARIES := libnl_2
+LOCAL_CFLAGS := -Wall -Werror -Wunused-parameter
+LOCAL_C_INCLUDES := external/libnl/include
+LOCAL_STATIC_LIBRARIES := libnl
LOCAL_SHARED_LIBRARIES := libcutils liblog
+# The clat daemon.
LOCAL_MODULE := clatd
include $(BUILD_EXECUTABLE)
+# The configuration file.
include $(CLEAR_VARS)
LOCAL_MODULE := clatd.conf
@@ -21,3 +23,16 @@
LOCAL_SRC_FILES := $(LOCAL_MODULE)
include $(BUILD_PREBUILT)
+
+
+# Unit tests.
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := clatd_test
+LOCAL_CFLAGS := -Wall -Werror -Wunused-parameter
+LOCAL_SRC_FILES := clatd_test.cpp dump.c checksum.c translate.c icmp.c ipv4.c ipv6.c logging.c
+LOCAL_MODULE_TAGS := eng tests
+LOCAL_SHARED_LIBRARIES := liblog
+LOCAL_MODULE_PATH := $(TARGET_OUT)/bin
+
+include $(BUILD_NATIVE_TEST)
diff --git a/clatd.c b/clatd.c
index 3ab2371..63c4d6d 100644
--- a/clatd.c
+++ b/clatd.c
@@ -51,6 +51,9 @@
#define DEVICENAME6 "clat"
#define DEVICENAME4 "clat4"
+/* 40 bytes IPv6 header - 20 bytes IPv4 header + 8 bytes fragment header */
+#define MTU_DELTA 28
+
int forwarding_fd = -1;
volatile sig_atomic_t running = 1;
@@ -271,8 +274,9 @@
Global_Clatd_Config.mtu = 1280;
}
- if(Global_Clatd_Config.ipv4mtu <= 0 || (Global_Clatd_Config.ipv4mtu > Global_Clatd_Config.mtu - 20)) {
- Global_Clatd_Config.ipv4mtu = Global_Clatd_Config.mtu-20;
+ if(Global_Clatd_Config.ipv4mtu <= 0 ||
+ Global_Clatd_Config.ipv4mtu > Global_Clatd_Config.mtu - MTU_DELTA) {
+ Global_Clatd_Config.ipv4mtu = Global_Clatd_Config.mtu - MTU_DELTA;
logmsg(ANDROID_LOG_WARN,"ipv4mtu now set to = %d",Global_Clatd_Config.ipv4mtu);
}
@@ -298,7 +302,7 @@
*/
void read_packet(int active_fd, const struct tun_data *tunnel) {
ssize_t readlen;
- char packet[PACKETLEN];
+ uint8_t packet[PACKETLEN];
// in case something ignores the packet length
memset(packet, 0, PACKETLEN);
diff --git a/clatd_test.cpp b/clatd_test.cpp
new file mode 100644
index 0000000..ba78898
--- /dev/null
+++ b/clatd_test.cpp
@@ -0,0 +1,672 @@
+/*
+ * Copyright 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * clatd_test.cpp - unit tests for clatd
+ */
+
+#include <iostream>
+
+#include <stdio.h>
+#include <arpa/inet.h>
+#include <sys/uio.h>
+
+#include <gtest/gtest.h>
+
+extern "C" {
+#include "checksum.h"
+#include "translate.h"
+#include "config.h"
+#include "clatd.h"
+}
+
+// For convenience.
+#define ARRAYSIZE(x) sizeof((x)) / sizeof((x)[0])
+
+// Default translation parameters.
+static const char kIPv4LocalAddr[] = "192.0.0.4";
+static const char kIPv6LocalAddr[] = "2001:db8:0:b11::464";
+static const char kIPv6PlatSubnet[] = "64:ff9b::";
+
+// Test packet portions. Defined as macros because it's easy to concatenate them to make packets.
+#define IPV4_HEADER(p, c1, c2) \
+ 0x45, 0x00, 0, 41, /* Version=4, IHL=5, ToS=0x80, len=41 */ \
+ 0x00, 0x00, 0x40, 0x00, /* ID=0x0000, flags=IP_DF, offset=0 */ \
+ 55, (p), (c1), (c2), /* TTL=55, protocol=p, checksum=c1,c2 */ \
+ 192, 0, 0, 4, /* Src=192.0.0.4 */ \
+ 8, 8, 8, 8, /* Dst=8.8.8.8 */
+#define IPV4_UDP_HEADER IPV4_HEADER(IPPROTO_UDP, 0x73, 0xb0)
+#define IPV4_ICMP_HEADER IPV4_HEADER(IPPROTO_ICMP, 0x73, 0xc0)
+
+#define IPV6_HEADER(p) \
+ 0x60, 0x00, 0, 0, /* Version=6, tclass=0x00, flowlabel=0 */ \
+ 0, 21, (p), 55, /* plen=11, nxthdr=p, hlim=55 */ \
+ 0x20, 0x01, 0x0d, 0xb8, /* Src=2001:db8:0:b11::464 */ \
+ 0x00, 0x00, 0x0b, 0x11, \
+ 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x04, 0x64, \
+ 0x00, 0x64, 0xff, 0x9b, /* Dst=64:ff9b::8.8.8.8 */ \
+ 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00, \
+ 0x08, 0x08, 0x08, 0x08,
+#define IPV6_UDP_HEADER IPV6_HEADER(IPPROTO_UDP)
+#define IPV6_ICMPV6_HEADER IPV6_HEADER(IPPROTO_ICMPV6)
+
+#define UDP_LEN 21
+#define UDP_HEADER \
+ 0xc8, 0x8b, 0, 53, /* Port 51339->53 */ \
+ 0x00, UDP_LEN, 0, 0, /* Length 21, checksum empty for now */
+
+#define PAYLOAD 'H', 'e', 'l', 'l', 'o', ' ', 0x4e, 0xb8, 0x96, 0xe7, 0x95, 0x8c, 0x00
+
+#define IPV4_PING \
+ 0x08, 0x00, 0x88, 0xd0, /* Type 8, code 0, checksum 0x88d0 */ \
+ 0xd0, 0x0d, 0x00, 0x03, /* ID=0xd00d, seq=3 */
+
+#define IPV6_PING \
+ 0x80, 0x00, 0xc3, 0x42, /* Type 128, code 0, checksum 0xc342 */ \
+ 0xd0, 0x0d, 0x00, 0x03, /* ID=0xd00d, seq=3 */
+
+// Macros to return pseudo-headers from packets.
+#define IPV4_PSEUDOHEADER(ip, tlen) \
+ ip[12], ip[13], ip[14], ip[15], /* Source address */ \
+ ip[16], ip[17], ip[18], ip[19], /* Destination address */ \
+ 0, ip[9], /* 0, protocol */ \
+ ((tlen) >> 16) & 0xff, (tlen) & 0xff, /* Transport length */
+
+#define IPV6_PSEUDOHEADER(ip6, protocol, tlen) \
+ ip6[8], ip6[9], ip6[10], ip6[11], /* Source address */ \
+ ip6[12], ip6[13], ip6[14], ip6[15], \
+ ip6[16], ip6[17], ip6[18], ip6[19], \
+ ip6[20], ip6[21], ip6[22], ip6[23], \
+ ip6[24], ip6[25], ip6[26], ip6[27], /* Destination address */ \
+ ip6[28], ip6[29], ip6[30], ip6[31], \
+ ip6[32], ip6[33], ip6[34], ip6[35], \
+ ip6[36], ip6[37], ip6[38], ip6[39], \
+ ((tlen) >> 24) & 0xff, /* Transport length */ \
+ ((tlen) >> 16) & 0xff, \
+ ((tlen) >> 8) & 0xff, \
+ (tlen) & 0xff, \
+ 0, 0, 0, (protocol),
+
+// A fragmented DNS request.
+static const uint8_t kIPv4Frag1[] = {
+ 0x45, 0x00, 0x00, 0x24, 0xfe, 0x47, 0x20, 0x00, 0x40, 0x11,
+ 0x8c, 0x6d, 0xc0, 0x00, 0x00, 0x04, 0x08, 0x08, 0x08, 0x08,
+ 0x14, 0x5d, 0x00, 0x35, 0x00, 0x29, 0x68, 0xbb, 0x50, 0x47,
+ 0x01, 0x00, 0x00, 0x01, 0x00, 0x00
+};
+static const uint8_t kIPv4Frag2[] = {
+ 0x45, 0x00, 0x00, 0x24, 0xfe, 0x47, 0x20, 0x02, 0x40, 0x11,
+ 0x8c, 0x6b, 0xc0, 0x00, 0x00, 0x04, 0x08, 0x08, 0x08, 0x08,
+ 0x00, 0x00, 0x00, 0x00, 0x04, 0x69, 0x70, 0x76, 0x34, 0x06,
+ 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65
+};
+static const uint8_t kIPv4Frag3[] = {
+ 0x45, 0x00, 0x00, 0x1d, 0xfe, 0x47, 0x00, 0x04, 0x40, 0x11,
+ 0xac, 0x70, 0xc0, 0x00, 0x00, 0x04, 0x08, 0x08, 0x08, 0x08,
+ 0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x01, 0x00, 0x01
+};
+static const uint8_t *kIPv4Fragments[] = { kIPv4Frag1, kIPv4Frag2, kIPv4Frag3 };
+static const size_t kIPv4FragLengths[] = { sizeof(kIPv4Frag1), sizeof(kIPv4Frag2),
+ sizeof(kIPv4Frag3) };
+
+static const uint8_t kIPv6Frag1[] = {
+ 0x60, 0x00, 0x00, 0x00, 0x00, 0x18, 0x2c, 0x40, 0x20, 0x01,
+ 0x0d, 0xb8, 0x00, 0x00, 0x0b, 0x11, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x04, 0x64, 0x00, 0x64, 0xff, 0x9b, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x08, 0x08, 0x08,
+ 0x11, 0x00, 0x00, 0x01, 0x00, 0x00, 0xfe, 0x47, 0x14, 0x5d,
+ 0x00, 0x35, 0x00, 0x29, 0xeb, 0x91, 0x50, 0x47, 0x01, 0x00,
+ 0x00, 0x01, 0x00, 0x00
+};
+
+static const uint8_t kIPv6Frag2[] = {
+ 0x60, 0x00, 0x00, 0x00, 0x00, 0x18, 0x2c, 0x40, 0x20, 0x01,
+ 0x0d, 0xb8, 0x00, 0x00, 0x0b, 0x11, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x04, 0x64, 0x00, 0x64, 0xff, 0x9b, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x08, 0x08, 0x08,
+ 0x11, 0x00, 0x00, 0x11, 0x00, 0x00, 0xfe, 0x47, 0x00, 0x00,
+ 0x00, 0x00, 0x04, 0x69, 0x70, 0x76, 0x34, 0x06, 0x67, 0x6f,
+ 0x6f, 0x67, 0x6c, 0x65
+};
+
+static const uint8_t kIPv6Frag3[] = {
+ 0x60, 0x00, 0x00, 0x00, 0x00, 0x11, 0x2c, 0x40, 0x20, 0x01,
+ 0x0d, 0xb8, 0x00, 0x00, 0x0b, 0x11, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x04, 0x64, 0x00, 0x64, 0xff, 0x9b, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x08, 0x08, 0x08,
+ 0x11, 0x00, 0x00, 0x20, 0x00, 0x00, 0xfe, 0x47, 0x03, 0x63,
+ 0x6f, 0x6d, 0x00, 0x00, 0x01, 0x00, 0x01
+};
+static const uint8_t *kIPv6Fragments[] = { kIPv6Frag1, kIPv6Frag2, kIPv6Frag3 };
+static const size_t kIPv6FragLengths[] = { sizeof(kIPv6Frag1), sizeof(kIPv6Frag2),
+ sizeof(kIPv6Frag3) };
+
+static const uint8_t kReassembledIPv4[] = {
+ 0x45, 0x00, 0x00, 0x3d, 0xfe, 0x47, 0x00, 0x00, 0x40, 0x11,
+ 0xac, 0x54, 0xc0, 0x00, 0x00, 0x04, 0x08, 0x08, 0x08, 0x08,
+ 0x14, 0x5d, 0x00, 0x35, 0x00, 0x29, 0x68, 0xbb, 0x50, 0x47,
+ 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x04, 0x69, 0x70, 0x76, 0x34, 0x06, 0x67, 0x6f, 0x6f, 0x67,
+ 0x6c, 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x01, 0x00,
+ 0x01
+};
+
+// Expected checksums.
+static const uint32_t kUdpPartialChecksum = 0xd5c8;
+static const uint32_t kPayloadPartialChecksum = 0x31e9c;
+static const uint16_t kUdpV4Checksum = 0xd0c7;
+static const uint16_t kUdpV6Checksum = 0xa74a;
+
+uint8_t ip_version(const uint8_t *packet) {
+ uint8_t version = packet[0] >> 4;
+ return version;
+}
+
+int is_ipv4_fragment(struct iphdr *ip) {
+ // A packet is a fragment if its fragment offset is nonzero or if the MF flag is set.
+ return ntohs(ip->frag_off) & (IP_OFFMASK | IP_MF);
+}
+
+int is_ipv6_fragment(struct ip6_hdr *ip6, size_t len) {
+ if (ip6->ip6_nxt != IPPROTO_FRAGMENT) {
+ return 0;
+ }
+ struct ip6_frag *frag = (struct ip6_frag *) (ip6 + 1);
+ return len >= sizeof(*ip6) + sizeof(*frag) &&
+ (frag->ip6f_offlg & (IP6F_OFF_MASK | IP6F_MORE_FRAG));
+}
+
+int ipv4_fragment_offset(struct iphdr *ip) {
+ return ntohs(ip->frag_off) & IP_OFFMASK;
+}
+
+int ipv6_fragment_offset(struct ip6_frag *frag) {
+ return ntohs((frag->ip6f_offlg & IP6F_OFF_MASK) >> 3);
+}
+
+void check_packet(const uint8_t *packet, size_t len, const char *msg) {
+ void *payload;
+ size_t payload_length = 0;
+ uint32_t pseudo_checksum = 0;
+ uint8_t protocol = 0;
+ int version = ip_version(packet);
+ switch (version) {
+ case 4: {
+ struct iphdr *ip = (struct iphdr *) packet;
+ ASSERT_GE(len, sizeof(*ip)) << msg << ": IPv4 packet shorter than IPv4 header\n";
+ EXPECT_EQ(5, ip->ihl) << msg << ": Unsupported IP header length\n";
+ EXPECT_EQ(len, ntohs(ip->tot_len)) << msg << ": Incorrect IPv4 length\n";
+ EXPECT_EQ(0, ip_checksum(ip, sizeof(*ip))) << msg << ": Incorrect IP checksum\n";
+ protocol = ip->protocol;
+ payload = ip + 1;
+ if (!is_ipv4_fragment(ip)) {
+ payload_length = len - sizeof(*ip);
+ pseudo_checksum = ipv4_pseudo_header_checksum(ip, payload_length);
+ }
+ ASSERT_TRUE(protocol == IPPROTO_TCP || protocol == IPPROTO_UDP || protocol == IPPROTO_ICMP)
+ << msg << ": Unsupported IPv4 protocol " << protocol << "\n";
+ break;
+ }
+ case 6: {
+ struct ip6_hdr *ip6 = (struct ip6_hdr *) packet;
+ ASSERT_GE(len, sizeof(*ip6)) << msg << ": IPv6 packet shorter than IPv6 header\n";
+ EXPECT_EQ(len - sizeof(*ip6), htons(ip6->ip6_plen)) << msg << ": Incorrect IPv6 length\n";
+
+ if (ip6->ip6_nxt == IPPROTO_FRAGMENT) {
+ struct ip6_frag *frag = (struct ip6_frag *) (ip6 + 1);
+ ASSERT_GE(len, sizeof(*ip6) + sizeof(*frag))
+ << msg << ": IPv6 fragment: short fragment header\n";
+ protocol = frag->ip6f_nxt;
+ payload = frag + 1;
+ // Even though the packet has a Fragment header, it might not be a fragment.
+ if (!is_ipv6_fragment(ip6, len)) {
+ payload_length = len - sizeof(*ip6) - sizeof(*frag);
+ }
+ } else {
+ // Since there are no extension headers except Fragment, this must be the payload.
+ protocol = ip6->ip6_nxt;
+ payload = ip6 + 1;
+ payload_length = len - sizeof(*ip6);
+ }
+ ASSERT_TRUE(protocol == IPPROTO_TCP || protocol == IPPROTO_UDP || protocol == IPPROTO_ICMPV6)
+ << msg << ": Unsupported IPv6 next header " << protocol;
+ if (payload_length) {
+ pseudo_checksum = ipv6_pseudo_header_checksum(ip6, payload_length, protocol);
+ }
+ break;
+ }
+ default:
+ FAIL() << msg << ": Unsupported IP version " << version << "\n";
+ return;
+ }
+
+ // If we understand the payload, verify the checksum.
+ if (payload_length) {
+ uint16_t checksum;
+ switch(protocol) {
+ case IPPROTO_UDP:
+ case IPPROTO_TCP:
+ case IPPROTO_ICMPV6:
+ checksum = ip_checksum_finish(ip_checksum_add(pseudo_checksum, payload, payload_length));
+ break;
+ case IPPROTO_ICMP:
+ checksum = ip_checksum(payload, payload_length);
+ break;
+ default:
+ checksum = 0; // Don't check.
+ break;
+ }
+ EXPECT_EQ(0, checksum) << msg << ": Incorrect transport checksum\n";
+ }
+
+ if (protocol == IPPROTO_UDP) {
+ struct udphdr *udp = (struct udphdr *) payload;
+ EXPECT_NE(0, udp->check) << msg << ": UDP checksum 0 should be 0xffff";
+ // If this is not a fragment, check the UDP length field.
+ if (payload_length) {
+ EXPECT_EQ(payload_length, ntohs(udp->len)) << msg << ": Incorrect UDP length\n";
+ }
+ }
+}
+
+void reassemble_packet(const uint8_t **fragments, const size_t lengths[], int numpackets,
+ uint8_t *reassembled, size_t *reassembled_len, const char *msg) {
+ struct iphdr *ip = NULL;
+ struct ip6_hdr *ip6 = NULL;
+ int total_length, pos = 0;
+ uint8_t protocol;
+ uint8_t version = ip_version(fragments[0]);
+
+ for (int i = 0; i < numpackets; i++) {
+ const uint8_t *packet = fragments[i];
+ int len = lengths[i];
+ int headersize, payload_offset;
+
+ ASSERT_EQ(ip_version(packet), version) << msg << ": Inconsistent fragment versions\n";
+ check_packet(packet, len, "Fragment sanity check");
+
+ switch (version) {
+ case 4: {
+ struct iphdr *ip_orig = (struct iphdr *) packet;
+ headersize = sizeof(*ip_orig);
+ ASSERT_TRUE(is_ipv4_fragment(ip_orig))
+ << msg << ": IPv4 fragment #" << i + 1 << " not a fragment\n";
+ ASSERT_EQ(pos, ipv4_fragment_offset(ip_orig) * 8 + ((i != 0) ? sizeof(*ip): 0))
+ << msg << ": IPv4 fragment #" << i + 1 << ": inconsistent offset\n";
+
+ headersize = sizeof(*ip_orig);
+ payload_offset = headersize;
+ if (pos == 0) {
+ ip = (struct iphdr *) reassembled;
+ }
+ break;
+ }
+ case 6: {
+ struct ip6_hdr *ip6_orig = (struct ip6_hdr *) packet;
+ struct ip6_frag *frag = (struct ip6_frag *) (ip6_orig + 1);
+ ASSERT_TRUE(is_ipv6_fragment(ip6_orig, len))
+ << msg << ": IPv6 fragment #" << i + 1 << " not a fragment\n";
+ ASSERT_EQ(pos, ipv6_fragment_offset(frag) * 8 + ((i != 0) ? sizeof(*ip6): 0))
+ << msg << ": IPv6 fragment #" << i + 1 << ": inconsistent offset\n";
+
+ headersize = sizeof(*ip6_orig);
+ payload_offset = sizeof(*ip6_orig) + sizeof(*frag);
+ if (pos == 0) {
+ ip6 = (struct ip6_hdr *) reassembled;
+ protocol = frag->ip6f_nxt;
+ }
+ break;
+ }
+ default:
+ FAIL() << msg << ": Invalid IP version << " << version;
+ }
+
+ // If this is the first fragment, copy the header.
+ if (pos == 0) {
+ ASSERT_LT(headersize, (int) *reassembled_len) << msg << ": Reassembly buffer too small\n";
+ memcpy(reassembled, packet, headersize);
+ total_length = headersize;
+ pos += headersize;
+ }
+
+ // Copy the payload.
+ int payload_length = len - payload_offset;
+ total_length += payload_length;
+ ASSERT_LT(total_length, (int) *reassembled_len) << msg << ": Reassembly buffer too small\n";
+ memcpy(reassembled + pos, packet + payload_offset, payload_length);
+ pos += payload_length;
+ }
+
+
+ // Fix up the reassembled headers to reflect fragmentation and length (and IPv4 checksum).
+ ASSERT_EQ(total_length, pos) << msg << ": Reassembled packet length incorrect\n";
+ if (ip) {
+ ip->frag_off &= ~htons(IP_MF);
+ ip->tot_len = htons(total_length);
+ ip->check = 0;
+ ip->check = ip_checksum(ip, sizeof(*ip));
+ ASSERT_FALSE(is_ipv4_fragment(ip)) << msg << ": reassembled IPv4 packet is a fragment!\n";
+ }
+ if (ip6) {
+ ip6->ip6_nxt = protocol;
+ ip6->ip6_plen = htons(total_length - sizeof(*ip6));
+ ASSERT_FALSE(is_ipv6_fragment(ip6, ip6->ip6_plen))
+ << msg << ": reassembled IPv6 packet is a fragment!\n";
+ }
+
+ *reassembled_len = total_length;
+}
+
+void check_data_matches(const uint8_t *expected, const uint8_t *actual, size_t len, const char *msg) {
+ if (memcmp(expected, actual, len)) {
+ // Hex dump, 20 bytes per line, one space between bytes (1 byte = 3 chars), indented by 4.
+ int hexdump_len = len * 3 + (len / 20 + 1) * 5;
+ char expected_hexdump[hexdump_len], actual_hexdump[hexdump_len];
+ unsigned pos = 0;
+ for (unsigned i = 0; i < len; i++) {
+ if (i % 20 == 0) {
+ sprintf(expected_hexdump + pos, "\n ");
+ sprintf(actual_hexdump + pos, "\n ");
+ pos += 4;
+ }
+ sprintf(expected_hexdump + pos, " %02x", expected[i]);
+ sprintf(actual_hexdump + pos, " %02x", actual[i]);
+ pos += 3;
+ }
+ FAIL() << msg << ": Translated packet doesn't match"
+ << "\n Expected:" << (char *) expected_hexdump
+ << "\n Actual:" << (char *) actual_hexdump << "\n";
+ }
+}
+
+void fix_udp_checksum(uint8_t* packet) {
+ uint32_t pseudo_checksum;
+ uint8_t version = ip_version(packet);
+ struct udphdr *udp;
+ switch (version) {
+ case 4: {
+ struct iphdr *ip = (struct iphdr *) packet;
+ udp = (struct udphdr *) (ip + 1);
+ pseudo_checksum = ipv4_pseudo_header_checksum(ip, ntohs(udp->len));
+ break;
+ }
+ case 6: {
+ struct ip6_hdr *ip6 = (struct ip6_hdr *) packet;
+ udp = (struct udphdr *) (ip6 + 1);
+ pseudo_checksum = ipv6_pseudo_header_checksum(ip6, ntohs(udp->len), IPPROTO_UDP);
+ break;
+ }
+ default:
+ FAIL() << "unsupported IP version" << version << "\n";
+ return;
+ }
+
+ udp->check = 0;
+ udp->check = ip_checksum_finish(ip_checksum_add(pseudo_checksum, udp, ntohs(udp->len)));
+}
+
+void do_translate_packet(const uint8_t *original, size_t original_len, uint8_t *out, size_t *outlen,
+ const char *msg) {
+ int fds[2];
+ if (socketpair(AF_UNIX, SOCK_DGRAM | SOCK_NONBLOCK, 0, fds)) {
+ abort();
+ }
+ struct tun_data tunnel = {
+ "clat", "clat4",
+ fds[0], fds[1]
+ };
+ struct tun_pi tun_header = { 0, 0 };
+
+ char foo[512];
+ snprintf(foo, sizeof(foo), "%s: Invalid original packet", msg);
+ check_packet(original, original_len, foo);
+
+ int read_fd;
+ uint16_t expected_proto;
+ int version = ip_version(original);
+ switch (version) {
+ case 4:
+ tun_header.proto = htons(ETH_P_IP);
+ expected_proto = htons(ETH_P_IPV6);
+ read_fd = fds[1];
+ break;
+ case 6:
+ tun_header.proto = htons(ETH_P_IPV6);
+ expected_proto = htons(ETH_P_IP);
+ read_fd = fds[0];
+ break;
+ default:
+ FAIL() << msg << ": Unsupported IP version " << version << "\n";
+ break;
+ }
+
+ translate_packet(&tunnel, &tun_header, original, original_len);
+
+ struct tun_pi new_tun_header;
+ struct iovec iov[] = {
+ { &new_tun_header, sizeof(new_tun_header) },
+ { out, *outlen }
+ };
+ int len = readv(read_fd, iov, 2);
+ if (len > (int) sizeof(new_tun_header)) {
+ ASSERT_LT((size_t) len, *outlen) << msg << ": Translated packet buffer too small\n";
+ EXPECT_EQ(expected_proto, new_tun_header.proto) << msg << "Unexpected tun proto\n";
+ *outlen = len - sizeof(new_tun_header);
+ } else {
+ FAIL() << msg << ": Packet was not translated";
+ *outlen = 0;
+ }
+}
+
+void check_translated_packet(const uint8_t *original, size_t original_len,
+ const uint8_t *expected, size_t expected_len, const char *msg) {
+ uint8_t translated[MAXMTU];
+ size_t translated_len = sizeof(translated);
+ do_translate_packet(original, original_len, translated, &translated_len, msg);
+ EXPECT_EQ(expected_len, translated_len) << msg << ": Translated packet length incorrect\n";
+ check_data_matches(expected, translated, translated_len, msg);
+}
+
+void check_fragment_translation(const uint8_t *original[], const size_t original_lengths[],
+ const uint8_t *expected[], const size_t expected_lengths[],
+ int numfragments, const char *msg) {
+ for (int i = 0; i < numfragments; i++) {
+ // Check that each of the fragments translates as expected.
+ char frag_msg[512];
+ snprintf(frag_msg, sizeof(frag_msg), "%s: fragment #%d", msg, i + 1);
+ check_translated_packet(original[i], original_lengths[i],
+ expected[i], expected_lengths[i], frag_msg);
+ }
+
+ // Sanity check that reassembling the original and translated fragments produces valid packets.
+ uint8_t reassembled[MAXMTU];
+ size_t reassembled_len = sizeof(reassembled);
+ reassemble_packet(original, original_lengths, numfragments, reassembled, &reassembled_len, msg);
+ check_packet(reassembled, reassembled_len, msg);
+
+ uint8_t translated[MAXMTU];
+ size_t translated_len = sizeof(translated);
+ do_translate_packet(reassembled, reassembled_len, translated, &translated_len, msg);
+ check_packet(translated, translated_len, msg);
+}
+
+struct clat_config Global_Clatd_Config;
+
+class ClatdTest : public ::testing::Test {
+ protected:
+ virtual void SetUp() {
+ inet_pton(AF_INET, kIPv4LocalAddr, &Global_Clatd_Config.ipv4_local_subnet);
+ inet_pton(AF_INET6, kIPv6PlatSubnet, &Global_Clatd_Config.plat_subnet);
+ inet_pton(AF_INET6, kIPv6LocalAddr, &Global_Clatd_Config.ipv6_local_subnet);
+ }
+};
+
+TEST_F(ClatdTest, Sanitycheck) {
+ // Sanity checks the data.
+ uint8_t v4_header[] = { IPV4_UDP_HEADER };
+ ASSERT_EQ(sizeof(struct iphdr), sizeof(v4_header)) << "Test IPv4 header: incorrect length\n";
+
+ uint8_t v6_header[] = { IPV6_UDP_HEADER };
+ ASSERT_EQ(sizeof(struct ip6_hdr), sizeof(v6_header)) << "Test IPv6 header: incorrect length\n";
+
+ uint8_t udp_header[] = { UDP_HEADER };
+ ASSERT_EQ(sizeof(struct udphdr), sizeof(udp_header)) << "Test UDP header: incorrect length\n";
+
+ // Sanity checks check_packet.
+ struct udphdr *udp;
+ uint8_t v4_udp_packet[] = { IPV4_UDP_HEADER UDP_HEADER PAYLOAD };
+ udp = (struct udphdr *) (v4_udp_packet + sizeof(struct iphdr));
+ fix_udp_checksum(v4_udp_packet);
+ ASSERT_EQ(kUdpV4Checksum, udp->check) << "UDP/IPv4 packet checksum sanity check\n";
+ check_packet(v4_udp_packet, sizeof(v4_udp_packet), "UDP/IPv4 packet sanity check");
+
+ uint8_t v6_udp_packet[] = { IPV6_UDP_HEADER UDP_HEADER PAYLOAD };
+ udp = (struct udphdr *) (v6_udp_packet + sizeof(struct ip6_hdr));
+ fix_udp_checksum(v6_udp_packet);
+ ASSERT_EQ(kUdpV6Checksum, udp->check) << "UDP/IPv6 packet checksum sanity check\n";
+ check_packet(v6_udp_packet, sizeof(v6_udp_packet), "UDP/IPv6 packet sanity check");
+
+ uint8_t ipv4_ping[] = { IPV4_ICMP_HEADER IPV4_PING PAYLOAD };
+ check_packet(ipv4_ping, sizeof(ipv4_ping), "IPv4 ping sanity check");
+
+ uint8_t ipv6_ping[] = { IPV6_ICMPV6_HEADER IPV6_PING PAYLOAD };
+ check_packet(ipv6_ping, sizeof(ipv6_ping), "IPv6 ping sanity check");
+
+ // Sanity checks reassemble_packet.
+ uint8_t reassembled[MAXMTU];
+ size_t total_length = sizeof(reassembled);
+ reassemble_packet(kIPv4Fragments, kIPv4FragLengths, ARRAYSIZE(kIPv4Fragments),
+ reassembled, &total_length, "Reassembly sanity check");
+ check_packet(reassembled, total_length, "IPv4 Reassembled packet is valid");
+ ASSERT_EQ(sizeof(kReassembledIPv4), total_length) << "IPv4 reassembly sanity check: length\n";
+ ASSERT_TRUE(!is_ipv4_fragment((struct iphdr *) reassembled))
+ << "Sanity check: reassembled packet is a fragment!\n";
+ check_data_matches(kReassembledIPv4, reassembled, total_length, "IPv4 reassembly sanity check");
+
+ total_length = sizeof(reassembled);
+ reassemble_packet(kIPv6Fragments, kIPv6FragLengths, ARRAYSIZE(kIPv6Fragments),
+ reassembled, &total_length, "IPv6 reassembly sanity check");
+ ASSERT_TRUE(!is_ipv6_fragment((struct ip6_hdr *) reassembled, total_length))
+ << "Sanity check: reassembled packet is a fragment!\n";
+ check_packet(reassembled, total_length, "IPv6 Reassembled packet is valid");
+}
+
+TEST_F(ClatdTest, PseudoChecksum) {
+ uint32_t pseudo_checksum;
+
+ uint8_t v4_header[] = { IPV4_UDP_HEADER };
+ uint8_t v4_pseudo_header[] = { IPV4_PSEUDOHEADER(v4_header, UDP_LEN) };
+ pseudo_checksum = ipv4_pseudo_header_checksum((struct iphdr *) v4_header, UDP_LEN);
+ EXPECT_EQ(ip_checksum_finish(pseudo_checksum),
+ ip_checksum(v4_pseudo_header, sizeof(v4_pseudo_header)))
+ << "ipv4_pseudo_header_checksum incorrect\n";
+
+ uint8_t v6_header[] = { IPV6_UDP_HEADER };
+ uint8_t v6_pseudo_header[] = { IPV6_PSEUDOHEADER(v6_header, IPPROTO_UDP, UDP_LEN) };
+ pseudo_checksum = ipv6_pseudo_header_checksum((struct ip6_hdr *) v6_header, UDP_LEN, IPPROTO_UDP);
+ EXPECT_EQ(ip_checksum_finish(pseudo_checksum),
+ ip_checksum(v6_pseudo_header, sizeof(v6_pseudo_header)))
+ << "ipv6_pseudo_header_checksum incorrect\n";
+}
+
+TEST_F(ClatdTest, TransportChecksum) {
+ uint8_t udphdr[] = { UDP_HEADER };
+ uint8_t payload[] = { PAYLOAD };
+ EXPECT_EQ(kUdpPartialChecksum, ip_checksum_add(0, udphdr, sizeof(udphdr)))
+ << "UDP partial checksum\n";
+ EXPECT_EQ(kPayloadPartialChecksum, ip_checksum_add(0, payload, sizeof(payload)))
+ << "Payload partial checksum\n";
+
+ uint8_t ip[] = { IPV4_UDP_HEADER };
+ uint8_t ip6[] = { IPV6_UDP_HEADER };
+ uint32_t ipv4_pseudo_sum = ipv4_pseudo_header_checksum((struct iphdr *) ip, UDP_LEN);
+ uint32_t ipv6_pseudo_sum = ipv6_pseudo_header_checksum((struct ip6_hdr *) ip6, UDP_LEN,
+ IPPROTO_UDP);
+
+ EXPECT_EQ(0x3ad0, ipv4_pseudo_sum) << "IPv4 pseudo-checksum sanity check\n";
+ EXPECT_EQ(0x2644b, ipv6_pseudo_sum) << "IPv6 pseudo-checksum sanity check\n";
+ EXPECT_EQ(
+ kUdpV4Checksum,
+ ip_checksum_finish(ipv4_pseudo_sum + kUdpPartialChecksum + kPayloadPartialChecksum))
+ << "Unexpected UDP/IPv4 checksum\n";
+ EXPECT_EQ(
+ kUdpV6Checksum,
+ ip_checksum_finish(ipv6_pseudo_sum + kUdpPartialChecksum + kPayloadPartialChecksum))
+ << "Unexpected UDP/IPv6 checksum\n";
+
+ EXPECT_EQ(kUdpV6Checksum,
+ ip_checksum_adjust(kUdpV4Checksum, ipv4_pseudo_sum, ipv6_pseudo_sum))
+ << "Adjust IPv4/UDP checksum to IPv6\n";
+ EXPECT_EQ(kUdpV4Checksum,
+ ip_checksum_adjust(kUdpV6Checksum, ipv6_pseudo_sum, ipv4_pseudo_sum))
+ << "Adjust IPv6/UDP checksum to IPv4\n";
+}
+
+TEST_F(ClatdTest, AdjustChecksum) {
+ struct checksum_data {
+ uint16_t checksum;
+ uint32_t old_hdr_sum;
+ uint32_t new_hdr_sum;
+ uint16_t result;
+ } DATA[] = {
+ { 0x1423, 0xb8ec, 0x2d757, 0xf5b5 },
+ { 0xf5b5, 0x2d757, 0xb8ec, 0x1423 },
+ { 0xdd2f, 0x5555, 0x3285, 0x0000 },
+ { 0x1215, 0x5560, 0x15560 + 20, 0x1200 },
+ { 0xd0c7, 0x3ad0, 0x2644b, 0xa74a },
+ };
+ unsigned i, failed = 0;
+
+ for (i = 0; i < ARRAYSIZE(DATA); i++) {
+ struct checksum_data *data = DATA + i;
+ uint16_t result = ip_checksum_adjust(data->checksum, data->old_hdr_sum, data->new_hdr_sum);
+ EXPECT_EQ(result, data->result)
+ << "Incorrect checksum" << std::showbase << std::hex
+ << "\n Expected: " << data->result
+ << "\n Actual: " << result
+ << "\n checksum=" << data->checksum
+ << " old_sum=" << data->old_hdr_sum << " new_sum=" << data->new_hdr_sum << "\n";
+ }
+}
+
+TEST_F(ClatdTest, Translate) {
+ uint8_t udp_ipv4[] = { IPV4_UDP_HEADER UDP_HEADER PAYLOAD };
+ uint8_t udp_ipv6[] = { IPV6_UDP_HEADER UDP_HEADER PAYLOAD };
+ fix_udp_checksum(udp_ipv4);
+ fix_udp_checksum(udp_ipv6);
+ check_translated_packet(udp_ipv4, sizeof(udp_ipv4), udp_ipv6, sizeof(udp_ipv6),
+ "UDP/IPv4 -> UDP/IPv6 translation");
+ check_translated_packet(udp_ipv6, sizeof(udp_ipv6), udp_ipv4, sizeof(udp_ipv4),
+ "UDP/IPv6 -> UDP/IPv4 translation");
+
+ uint8_t ipv4_ping[] = { IPV4_ICMP_HEADER IPV4_PING PAYLOAD };
+ uint8_t ipv6_ping[] = { IPV6_ICMPV6_HEADER IPV6_PING PAYLOAD };
+ check_translated_packet(ipv4_ping, sizeof(ipv4_ping), ipv6_ping, sizeof(ipv6_ping),
+ "ICMP->ICMPv6 translation");
+ check_translated_packet(ipv6_ping, sizeof(ipv6_ping), ipv4_ping, sizeof(ipv4_ping),
+ "ICMPv6->ICMP translation");
+}
+
+TEST_F(ClatdTest, Fragmentation) {
+ int len, i;
+ check_fragment_translation(kIPv4Fragments, kIPv4FragLengths,
+ kIPv6Fragments, kIPv6FragLengths,
+ ARRAYSIZE(kIPv4Fragments), "IPv4->IPv6 fragment translation");
+
+ check_fragment_translation(kIPv6Fragments, kIPv6FragLengths,
+ kIPv4Fragments, kIPv4FragLengths,
+ ARRAYSIZE(kIPv6Fragments), "IPv6->IPv4 fragment translation");
+}
diff --git a/dump.c b/dump.c
index 94e4796..0fda4e7 100644
--- a/dump.c
+++ b/dump.c
@@ -130,7 +130,8 @@
}
/* print udp header */
-void dump_udp_generic(const struct udphdr *udp, uint32_t temp_checksum, const char *payload, size_t payload_size) {
+void dump_udp_generic(const struct udphdr *udp, uint32_t temp_checksum,
+ const uint8_t *payload, size_t payload_size) {
uint16_t my_checksum;
temp_checksum = ip_checksum_add(temp_checksum, udp, sizeof(struct udphdr));
@@ -145,14 +146,16 @@
}
/* print ipv4/udp header */
-void dump_udp(const struct udphdr *udp, const struct iphdr *ip, const char *payload, size_t payload_size) {
+void dump_udp(const struct udphdr *udp, const struct iphdr *ip,
+ const uint8_t *payload, size_t payload_size) {
uint32_t temp_checksum;
temp_checksum = ipv4_pseudo_header_checksum(ip, sizeof(*udp) + payload_size);
dump_udp_generic(udp, temp_checksum, payload, payload_size);
}
/* print ipv6/udp header */
-void dump_udp6(const struct udphdr *udp, const struct ip6_hdr *ip6, const char *payload, size_t payload_size) {
+void dump_udp6(const struct udphdr *udp, const struct ip6_hdr *ip6,
+ const uint8_t *payload, size_t payload_size) {
uint32_t temp_checksum;
temp_checksum = ipv6_pseudo_header_checksum(ip6, sizeof(*udp) + payload_size, IPPROTO_UDP);
dump_udp_generic(udp, temp_checksum, payload, payload_size);
@@ -200,7 +203,9 @@
}
/* print ipv4/tcp header */
-void dump_tcp(const struct tcphdr *tcp, const struct iphdr *ip, const char *payload, size_t payload_size, const char *options, size_t options_size) {
+void dump_tcp(const struct tcphdr *tcp, const struct iphdr *ip,
+ const uint8_t *payload, size_t payload_size,
+ const char *options, size_t options_size) {
uint32_t temp_checksum;
temp_checksum = ipv4_pseudo_header_checksum(ip, sizeof(*tcp) + options_size + payload_size);
@@ -208,7 +213,9 @@
}
/* print ipv6/tcp header */
-void dump_tcp6(const struct tcphdr *tcp, const struct ip6_hdr *ip6, const char *payload, size_t payload_size, const char *options, size_t options_size) {
+void dump_tcp6(const struct tcphdr *tcp, const struct ip6_hdr *ip6,
+ const uint8_t *payload, size_t payload_size,
+ const char *options, size_t options_size) {
uint32_t temp_checksum;
temp_checksum = ipv6_pseudo_header_checksum(ip6, sizeof(*tcp) + options_size + payload_size, IPPROTO_TCP);
@@ -216,12 +223,13 @@
}
/* generic hex dump */
-void logcat_hexdump(const char *info, const char *data, size_t len) {
+void logcat_hexdump(const char *info, const uint8_t *data, size_t len) {
char output[PACKETLEN*3+2];
size_t i;
+ output[0] = '\0';
for(i = 0; i < len && i < PACKETLEN; i++) {
- snprintf(output + i*3, 4, " %02x", (uint8_t)data[i]);
+ snprintf(output + i*3, 4, " %02x", data[i]);
}
output[len*3+3] = '\0';
diff --git a/dump.h b/dump.h
index 9cb040c..bb41b3b 100644
--- a/dump.h
+++ b/dump.h
@@ -20,15 +20,21 @@
void dump_ip(struct iphdr *header);
void dump_icmp(struct icmphdr *icmp);
-void dump_udp(const struct udphdr *udp, const struct iphdr *ip, const char *payload, size_t payload_size);
-void dump_tcp(const struct tcphdr *tcp, const struct iphdr *ip, const char *payload, size_t payload_size, const char *options, size_t options_size);
+void dump_udp(const struct udphdr *udp, const struct iphdr *ip,
+ const uint8_t *payload, size_t payload_size);
+void dump_tcp(const struct tcphdr *tcp, const struct iphdr *ip,
+ const uint8_t *payload, size_t payload_size,
+ const char *options, size_t options_size);
void dump_ip6(struct ip6_hdr *header);
void dump_icmp6(struct icmp6_hdr *icmp6);
-void dump_udp6(const struct udphdr *udp, const struct ip6_hdr *ip6, const char *payload, size_t payload_size);
-void dump_tcp6(const struct tcphdr *tcp, const struct ip6_hdr *ip6, const char *payload, size_t payload_size, const char *options, size_t options_size);
+void dump_udp6(const struct udphdr *udp, const struct ip6_hdr *ip6,
+ const uint8_t *payload, size_t payload_size);
+void dump_tcp6(const struct tcphdr *tcp, const struct ip6_hdr *ip6,
+ const uint8_t *payload, size_t payload_size,
+ const char *options, size_t options_size);
-void logcat_hexdump(const char *info, const char *data, size_t len);
+void logcat_hexdump(const char *info, const uint8_t *data, size_t len);
void dump_iovec(const struct iovec *iov, int iov_len);
#endif /* __DUMP_H__ */
diff --git a/getaddr.c b/getaddr.c
index fb761f0..5cae78b 100644
--- a/getaddr.c
+++ b/getaddr.c
@@ -85,7 +85,9 @@
* err - netlink message
* arg - (struct target) info for which address we're looking for
*/
-static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err, void *arg) {
+static int error_handler(__attribute__((unused)) struct sockaddr_nl *nla,
+ __attribute__((unused)) struct nlmsgerr *err,
+ __attribute__((unused)) void *arg) {
return NL_OK;
}
diff --git a/getroute.c b/getroute.c
index 5f9475e..a615a4f 100644
--- a/getroute.c
+++ b/getroute.c
@@ -90,7 +90,8 @@
* err - netlink message
* arg - (int *) storage for the error number
*/
-static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err, void *arg) {
+static int error_handler(__attribute__((unused)) struct sockaddr_nl *nla,
+ struct nlmsgerr *err, void *arg) {
int *retval = arg;
if(err->error < 0) { // error_handler called even on no error (NLMSG_ERROR reply type used)
*retval = err->error;
diff --git a/ipv4.c b/ipv4.c
index e2636b4..4b0db39 100644
--- a/ipv4.c
+++ b/ipv4.c
@@ -31,9 +31,9 @@
* len - size of ip payload
* returns: the highest position in the output clat_packet that's filled in
*/
-int icmp_packet(clat_packet out, int pos, const struct icmphdr *icmp, uint32_t checksum,
- size_t len) {
- const char *payload;
+int icmp_packet(clat_packet out, clat_packet_index pos, const struct icmphdr *icmp,
+ uint32_t checksum, size_t len) {
+ const uint8_t *payload;
size_t payload_size;
if(len < sizeof(struct icmphdr)) {
@@ -41,7 +41,7 @@
return 0;
}
- payload = (const char *) (icmp + 1);
+ payload = (const uint8_t *) (icmp + 1);
payload_size = len - sizeof(struct icmphdr);
return icmp_to_icmp6(out, pos, icmp, checksum, payload, payload_size);
@@ -54,12 +54,13 @@
* len - size of packet
* returns: the highest position in the output clat_packet that's filled in
*/
-int ipv4_packet(clat_packet out, int pos, const char *packet, size_t len) {
+int ipv4_packet(clat_packet out, clat_packet_index pos, const uint8_t *packet, size_t len) {
const struct iphdr *header = (struct iphdr *) packet;
struct ip6_hdr *ip6_targ = (struct ip6_hdr *) out[pos].iov_base;
- uint16_t frag_flags;
+ struct ip6_frag *frag_hdr;
+ size_t frag_hdr_len;
uint8_t nxthdr;
- const char *next_header;
+ const uint8_t *next_header;
size_t len_left;
uint32_t old_sum, new_sum;
int iov_len;
@@ -69,12 +70,6 @@
return 0;
}
- frag_flags = ntohs(header->frag_off);
- if(frag_flags & IP_MF) { // this could theoretically be supported, but isn't
- logmsg_dbg(ANDROID_LOG_ERROR, "ip_packet/more fragments set, dropping");
- return 0;
- }
-
if(header->ihl < 5) {
logmsg_dbg(ANDROID_LOG_ERROR, "ip_packet/ip header length set to less than 5: %x", header->ihl);
return 0;
@@ -111,20 +106,32 @@
fill_ip6_header(ip6_targ, 0, nxthdr, header);
out[pos].iov_len = sizeof(struct ip6_hdr);
- // Calculate the pseudo-header checksum.
+ /* Calculate the pseudo-header checksum.
+ * Technically, the length that is used in the pseudo-header checksum is the transport layer
+ * length, which is not the same as len_left in the case of fragmented packets. But since
+ * translation does not change the transport layer length, the checksum is unaffected.
+ */
old_sum = ipv4_pseudo_header_checksum(header, len_left);
new_sum = ipv6_pseudo_header_checksum(ip6_targ, len_left, nxthdr);
- if (nxthdr == IPPROTO_ICMPV6) {
- iov_len = icmp_packet(out, pos + 1, (const struct icmphdr *) next_header, new_sum, len_left);
+ // If the IPv4 packet is fragmented, add a Fragment header.
+ frag_hdr = (struct ip6_frag *) out[pos + 1].iov_base;
+ frag_hdr_len = maybe_fill_frag_header(frag_hdr, ip6_targ, header);
+ out[pos + 1].iov_len = frag_hdr_len;
+
+ if (frag_hdr_len && frag_hdr->ip6f_offlg & IP6F_OFF_MASK) {
+ // Non-first fragment. Copy the rest of the packet as is.
+ iov_len = generic_packet(out, pos + 2, next_header, len_left);
+ } else if (nxthdr == IPPROTO_ICMPV6) {
+ iov_len = icmp_packet(out, pos + 2, (const struct icmphdr *) next_header, new_sum, len_left);
} else if (nxthdr == IPPROTO_TCP) {
- iov_len = tcp_packet(out, pos + 1, (const struct tcphdr *) next_header, old_sum, new_sum,
+ iov_len = tcp_packet(out, pos + 2, (const struct tcphdr *) next_header, old_sum, new_sum,
len_left);
} else if (nxthdr == IPPROTO_UDP) {
- iov_len = udp_packet(out, pos + 1, (const struct udphdr *) next_header, old_sum, new_sum,
+ iov_len = udp_packet(out, pos + 2, (const struct udphdr *) next_header, old_sum, new_sum,
len_left);
} else if (nxthdr == IPPROTO_GRE) {
- iov_len = generic_packet(out, pos + 1, next_header, len_left);
+ iov_len = generic_packet(out, pos + 2, next_header, len_left);
} else {
#if CLAT_DEBUG
logmsg_dbg(ANDROID_LOG_ERROR, "ip_packet/unknown protocol: %x",header->protocol);
diff --git a/ipv6.c b/ipv6.c
index d188e47..b485313 100644
--- a/ipv6.c
+++ b/ipv6.c
@@ -34,8 +34,9 @@
* len - size of ip payload
* returns: the highest position in the output clat_packet that's filled in
*/
-int icmp6_packet(clat_packet out, int pos, const struct icmp6_hdr *icmp6, size_t len) {
- const char *payload;
+int icmp6_packet(clat_packet out, clat_packet_index pos, const struct icmp6_hdr *icmp6,
+ size_t len) {
+ const uint8_t *payload;
size_t payload_size;
if(len < sizeof(struct icmp6_hdr)) {
@@ -43,7 +44,7 @@
return 0;
}
- payload = (const char *) (icmp6 + 1);
+ payload = (const uint8_t *) (icmp6 + 1);
payload_size = len - sizeof(struct icmp6_hdr);
return icmp6_to_icmp(out, pos, icmp6, payload, payload_size);
@@ -74,11 +75,12 @@
* len - size of packet
* returns: the highest position in the output clat_packet that's filled in
*/
-int ipv6_packet(clat_packet out, int pos, const char *packet, size_t len) {
+int ipv6_packet(clat_packet out, clat_packet_index pos, const uint8_t *packet, size_t len) {
const struct ip6_hdr *ip6 = (struct ip6_hdr *) packet;
struct iphdr *ip_targ = (struct iphdr *) out[pos].iov_base;
+ struct ip6_frag *frag_hdr = NULL;
uint8_t protocol;
- const char *next_header;
+ const uint8_t *next_header;
size_t len_left;
uint32_t old_sum, new_sum;
int iov_len;
@@ -112,10 +114,6 @@
len_left = len - sizeof(struct ip6_hdr);
protocol = ip6->ip6_nxt;
- if (protocol == IPPROTO_ICMPV6) {
- // ICMP and ICMPv6 have different protocol numbers.
- protocol = IPPROTO_ICMP;
- }
/* Fill in the IPv4 header. We need to do this before we translate the packet because TCP and
* UDP include parts of the IP header in the checksum. Set the length to zero because we don't
@@ -124,21 +122,48 @@
fill_ip_header(ip_targ, 0, protocol, ip6);
out[pos].iov_len = sizeof(struct iphdr);
- // Calculate the pseudo-header checksum.
+ // If there's a Fragment header, parse it and decide what the next header is.
+ // Do this before calculating the pseudo-header checksum because it updates the next header value.
+ if (protocol == IPPROTO_FRAGMENT) {
+ frag_hdr = (struct ip6_frag *) next_header;
+ if (len_left < sizeof(*frag_hdr)) {
+ logmsg_dbg(ANDROID_LOG_ERROR, "ipv6_packet/too short for fragment header: %d", len);
+ return 0;
+ }
+
+ next_header += sizeof(*frag_hdr);
+ len_left -= sizeof(*frag_hdr);
+
+ protocol = parse_frag_header(frag_hdr, ip_targ);
+ }
+
+ // ICMP and ICMPv6 have different protocol numbers.
+ if (protocol == IPPROTO_ICMPV6) {
+ protocol = IPPROTO_ICMP;
+ ip_targ->protocol = IPPROTO_ICMP;
+ }
+
+ /* Calculate the pseudo-header checksum.
+ * Technically, the length that is used in the pseudo-header checksum is the transport layer
+ * length, which is not the same as len_left in the case of fragmented packets. But since
+ * translation does not change the transport layer length, the checksum is unaffected.
+ */
old_sum = ipv6_pseudo_header_checksum(ip6, len_left, protocol);
new_sum = ipv4_pseudo_header_checksum(ip_targ, len_left);
- // does not support IPv6 extension headers, this will drop any packet with them
- if (protocol == IPPROTO_ICMP) {
- iov_len = icmp6_packet(out, pos + 1, (const struct icmp6_hdr *) next_header, len_left);
- } else if (ip6->ip6_nxt == IPPROTO_TCP) {
- iov_len = tcp_packet(out, pos + 1, (const struct tcphdr *) next_header, old_sum, new_sum,
+ // Does not support IPv6 extension headers except Fragment.
+ if (frag_hdr && (frag_hdr->ip6f_offlg & IP6F_OFF_MASK)) {
+ iov_len = generic_packet(out, pos + 2, next_header, len_left);
+ } else if (protocol == IPPROTO_ICMP) {
+ iov_len = icmp6_packet(out, pos + 2, (const struct icmp6_hdr *) next_header, len_left);
+ } else if (protocol == IPPROTO_TCP) {
+ iov_len = tcp_packet(out, pos + 2, (const struct tcphdr *) next_header, old_sum, new_sum,
len_left);
- } else if (ip6->ip6_nxt == IPPROTO_UDP) {
- iov_len = udp_packet(out, pos + 1, (const struct udphdr *) next_header, old_sum, new_sum,
+ } else if (protocol == IPPROTO_UDP) {
+ iov_len = udp_packet(out, pos + 2, (const struct udphdr *) next_header, old_sum, new_sum,
len_left);
- } else if (ip6->ip6_nxt == IPPROTO_GRE) {
- iov_len = generic_packet(out, pos + 1, next_header, len_left);
+ } else if (protocol == IPPROTO_GRE) {
+ iov_len = generic_packet(out, pos + 2, next_header, len_left);
} else {
#if CLAT_DEBUG
logmsg(ANDROID_LOG_ERROR, "ipv6_packet/unknown next header type: %x", ip6->ip6_nxt);
diff --git a/logging.c b/logging.c
index f2f3d50..c90b1cf 100644
--- a/logging.c
+++ b/logging.c
@@ -42,12 +42,14 @@
* fmt - printf format specifier
* ... - printf format arguments
*/
-void logmsg_dbg(int prio, const char *fmt, ...) {
#if CLAT_DEBUG
+void logmsg_dbg(int prio, const char *fmt, ...) {
va_list ap;
va_start(ap, fmt);
__android_log_vprint(prio, "clatd", fmt, ap);
va_end(ap);
-#endif
}
+#else
+void logmsg_dbg(__attribute__((unused)) int prio, __attribute__((unused)) const char *fmt, ...) {}
+#endif
diff --git a/netlink_callbacks.c b/netlink_callbacks.c
index 5e0f34e..a79aa76 100644
--- a/netlink_callbacks.c
+++ b/netlink_callbacks.c
@@ -27,7 +27,7 @@
* msg - netlink message
* data - pointer to an int, stores the success code
*/
-static int ack_handler(struct nl_msg *msg, void *data) {
+static int ack_handler(__attribute__((unused)) struct nl_msg *msg, void *data) {
int *retval = data;
*retval = 0;
return NL_OK;
@@ -39,7 +39,8 @@
* err - netlink error message
* arg - pointer to an int, stores the error code
*/
-static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err, void *arg) {
+static int error_handler(__attribute__((unused)) struct sockaddr_nl *nla,
+ struct nlmsgerr *err, void *arg) {
int *retval = arg;
if(err->error < 0) {
*retval = err->error;
diff --git a/netlink_msg.c b/netlink_msg.c
index 2ba237d..958559c 100644
--- a/netlink_msg.c
+++ b/netlink_msg.c
@@ -22,6 +22,7 @@
#include <string.h>
#include <errno.h>
+#include <netlink-local.h>
#include <netlink-types.h>
#include <netlink/socket.h>
#include <netlink/netlink.h>
diff --git a/setroute.c b/setroute.c
index f264387..cffee9f 100644
--- a/setroute.c
+++ b/setroute.c
@@ -23,7 +23,6 @@
#include <linux/rtnetlink.h>
#include <netlink/handlers.h>
#include <netlink/msg.h>
-#include <netlink-types.h>
#include "netlink_msg.h"
#include "setroute.h"
diff --git a/translate.c b/translate.c
index f7f09cb..e93a93a 100644
--- a/translate.c
+++ b/translate.c
@@ -33,7 +33,7 @@
* pos - position to start counting from
* returns - the completed 16-bit checksum, ready to write into a checksum header field
*/
-uint16_t packet_checksum(uint32_t checksum, clat_packet packet, int pos) {
+uint16_t packet_checksum(uint32_t checksum, clat_packet packet, clat_packet_index pos) {
int i;
for (i = pos; i < CLAT_POS_MAX; i++) {
if (packet[i].iov_len > 0) {
@@ -49,7 +49,7 @@
* pos - position to start counting after
* returns: the total length of the packet components after pos
*/
-uint16_t packet_length(clat_packet packet, int pos) {
+uint16_t packet_length(clat_packet packet, clat_packet_index pos) {
size_t len = 0;
int i;
for (i = pos + 1; i < CLAT_POS_MAX; i++) {
@@ -167,6 +167,53 @@
ip6->ip6_dst = ipv4_addr_to_ipv6_addr(old_header->daddr);
}
+/* function: maybe_fill_frag_header
+ * fills a fragmentation header
+ * generate an ipv6 fragment header from an ipv4 header
+ * frag_hdr - target (ipv6) fragmentation header
+ * ip6_targ - target (ipv6) header
+ * old_header - (ipv4) source packet header
+ * returns: the length of the fragmentation header if present, or zero if not present
+ */
+size_t maybe_fill_frag_header(struct ip6_frag *frag_hdr, struct ip6_hdr *ip6_targ,
+ const struct iphdr *old_header) {
+ uint16_t frag_flags = ntohs(old_header->frag_off);
+ uint16_t frag_off = frag_flags & IP_OFFMASK;
+ if (frag_off == 0 && (frag_flags & IP_MF) == 0) {
+ // Not a fragment.
+ return 0;
+ }
+
+ frag_hdr->ip6f_nxt = ip6_targ->ip6_nxt;
+ frag_hdr->ip6f_reserved = 0;
+ // In IPv4, the offset is the bottom 13 bits; in IPv6 it's the top 13 bits.
+ frag_hdr->ip6f_offlg = htons(frag_off << 3);
+ if (frag_flags & IP_MF) {
+ frag_hdr->ip6f_offlg |= IP6F_MORE_FRAG;
+ }
+ frag_hdr->ip6f_ident = htonl(ntohs(old_header->id));
+ ip6_targ->ip6_nxt = IPPROTO_FRAGMENT;
+
+ return sizeof(*frag_hdr);
+}
+
+/* function: parse_frag_header
+ * return the length of the fragmentation header if present, or zero if not present
+ * generate an ipv6 fragment header from an ipv4 header
+ * frag_hdr - (ipv6) fragmentation header
+ * ip_targ - target (ipv4) header
+ * returns: the next header value
+ */
+uint8_t parse_frag_header(const struct ip6_frag *frag_hdr, struct iphdr *ip_targ) {
+ uint16_t frag_off = (ntohs(frag_hdr->ip6f_offlg & IP6F_OFF_MASK) >> 3);
+ if (frag_hdr->ip6f_offlg & IP6F_MORE_FRAG) {
+ frag_off |= IP_MF;
+ }
+ ip_targ->frag_off = htons(frag_off);
+ ip_targ->id = htons(ntohl(frag_hdr->ip6f_ident) & 0xffff);
+ ip_targ->protocol = frag_hdr->ip6f_nxt;
+ return frag_hdr->ip6f_nxt;
+}
/* function: icmp_to_icmp6
* translate ipv4 icmp to ipv6 icmp
@@ -177,8 +224,8 @@
* payload_size - size of payload
* returns: the highest position in the output clat_packet that's filled in
*/
-int icmp_to_icmp6(clat_packet out, int pos, const struct icmphdr *icmp, uint32_t checksum,
- const char *payload, size_t payload_size) {
+int icmp_to_icmp6(clat_packet out, clat_packet_index pos, const struct icmphdr *icmp,
+ uint32_t checksum, const uint8_t *payload, size_t payload_size) {
struct icmp6_hdr *icmp6_targ = out[pos].iov_base;
uint8_t icmp6_type;
int clat_packet_len;
@@ -209,7 +256,7 @@
// Ping packet.
icmp6_targ->icmp6_id = icmp->un.echo.id;
icmp6_targ->icmp6_seq = icmp->un.echo.sequence;
- out[CLAT_POS_PAYLOAD].iov_base = (char *) payload;
+ out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload;
out[CLAT_POS_PAYLOAD].iov_len = payload_size;
clat_packet_len = CLAT_POS_PAYLOAD + 1;
} else {
@@ -231,8 +278,8 @@
* payload_size - size of payload
* returns: the highest position in the output clat_packet that's filled in
*/
-int icmp6_to_icmp(clat_packet out, int pos, const struct icmp6_hdr *icmp6,
- const char *payload, size_t payload_size) {
+int icmp6_to_icmp(clat_packet out, clat_packet_index pos, const struct icmp6_hdr *icmp6,
+ const uint8_t *payload, size_t payload_size) {
struct icmphdr *icmp_targ = out[pos].iov_base;
uint8_t icmp_type;
int clat_packet_len;
@@ -255,7 +302,7 @@
// Ping packet.
icmp_targ->un.echo.id = icmp6->icmp6_id;
icmp_targ->un.echo.sequence = icmp6->icmp6_seq;
- out[CLAT_POS_PAYLOAD].iov_base = (char *) payload;
+ out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload;
out[CLAT_POS_PAYLOAD].iov_len = payload_size;
clat_packet_len = CLAT_POS_PAYLOAD + 1;
} else {
@@ -277,9 +324,9 @@
* len - size of ip payload
* returns: the highest position in the output clat_packet that's filled in
*/
-int generic_packet(clat_packet out, int pos, const char *payload, size_t len) {
+int generic_packet(clat_packet out, clat_packet_index pos, const uint8_t *payload, size_t len) {
out[pos].iov_len = 0;
- out[CLAT_POS_PAYLOAD].iov_base = (char *) payload;
+ out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload;
out[CLAT_POS_PAYLOAD].iov_len = len;
return CLAT_POS_PAYLOAD + 1;
@@ -293,9 +340,9 @@
* new_sum - pseudo-header checksum of new header
* len - size of ip payload
*/
-int udp_packet(clat_packet out, int pos, const struct udphdr *udp,
+int udp_packet(clat_packet out, clat_packet_index pos, const struct udphdr *udp,
uint32_t old_sum, uint32_t new_sum, size_t len) {
- const char *payload;
+ const uint8_t *payload;
size_t payload_size;
if(len < sizeof(struct udphdr)) {
@@ -303,7 +350,7 @@
return 0;
}
- payload = (const char *) (udp + 1);
+ payload = (const uint8_t *) (udp + 1);
payload_size = len - sizeof(struct udphdr);
return udp_translate(out, pos, udp, old_sum, new_sum, payload, payload_size);
@@ -317,9 +364,9 @@
* len - size of ip payload
* returns: the highest position in the output clat_packet that's filled in
*/
-int tcp_packet(clat_packet out, int pos, const struct tcphdr *tcp,
+int tcp_packet(clat_packet out, clat_packet_index pos, const struct tcphdr *tcp,
uint32_t old_sum, uint32_t new_sum, size_t len) {
- const char *payload;
+ const uint8_t *payload;
size_t payload_size, header_size;
if(len < sizeof(struct tcphdr)) {
@@ -338,7 +385,7 @@
}
header_size = tcp->doff * 4;
- payload = ((const char *) tcp) + header_size;
+ payload = ((const uint8_t *) tcp) + header_size;
payload_size = len - header_size;
return tcp_translate(out, pos, tcp, header_size, old_sum, new_sum, payload, payload_size);
@@ -354,14 +401,14 @@
* payload_size - size of payload
* returns: the highest position in the output clat_packet that's filled in
*/
-int udp_translate(clat_packet out, int pos, const struct udphdr *udp, uint32_t old_sum,
- uint32_t new_sum, const char *payload, size_t payload_size) {
+int udp_translate(clat_packet out, clat_packet_index pos, const struct udphdr *udp,
+ uint32_t old_sum, uint32_t new_sum, const uint8_t *payload, size_t payload_size) {
struct udphdr *udp_targ = out[pos].iov_base;
memcpy(udp_targ, udp, sizeof(struct udphdr));
out[pos].iov_len = sizeof(struct udphdr);
- out[CLAT_POS_PAYLOAD].iov_base = (char *) payload;
+ out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload;
out[CLAT_POS_PAYLOAD].iov_len = payload_size;
if (udp_targ->check) {
@@ -393,12 +440,10 @@
* payload - tcp payload
* payload_size - size of payload
* returns: the highest position in the output clat_packet that's filled in
- *
- * TODO: mss rewrite
- * TODO: hosts without pmtu discovery - non DF packets will rely on fragmentation (unimplemented)
*/
-int tcp_translate(clat_packet out, int pos, const struct tcphdr *tcp, size_t header_size,
- uint32_t old_sum, uint32_t new_sum, const char *payload, size_t payload_size) {
+int tcp_translate(clat_packet out, clat_packet_index pos, const struct tcphdr *tcp,
+ size_t header_size, uint32_t old_sum, uint32_t new_sum,
+ const uint8_t *payload, size_t payload_size) {
struct tcphdr *tcp_targ = out[pos].iov_base;
out[pos].iov_len = header_size;
@@ -412,7 +457,7 @@
memcpy(tcp_targ, tcp, header_size);
- out[CLAT_POS_PAYLOAD].iov_base = (char *)payload;
+ out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload;
out[CLAT_POS_PAYLOAD].iov_len = payload_size;
tcp_targ->check = ip_checksum_adjust(tcp->check, old_sum, new_sum);
@@ -427,24 +472,28 @@
* packet - packet
* packetsize - size of packet
*/
-void translate_packet(const struct tun_data *tunnel, struct tun_pi *tun_header, const char *packet,
- size_t packetsize) {
+void translate_packet(const struct tun_data *tunnel, struct tun_pi *tun_header,
+ const uint8_t *packet, size_t packetsize) {
int fd;
int iov_len = 0;
// Allocate buffers for all packet headers.
struct tun_pi tun_targ;
char iphdr[sizeof(struct ip6_hdr)];
+ char fraghdr[sizeof(struct ip6_frag)];
char transporthdr[MAX_TCP_HDR];
char icmp_iphdr[sizeof(struct ip6_hdr)];
+ char icmp_fraghdr[sizeof(struct ip6_frag)];
char icmp_transporthdr[MAX_TCP_HDR];
// iovec of the packets we'll send. This gets passed down to the translation functions.
clat_packet out = {
{ &tun_targ, sizeof(tun_targ) }, // Tunnel header.
{ iphdr, 0 }, // IP header.
+ { fraghdr, 0 }, // Fragment header.
{ transporthdr, 0 }, // Transport layer header.
{ icmp_iphdr, 0 }, // ICMP error inner IP header.
+ { icmp_fraghdr, 0 }, // ICMP error fragmentation header.
{ icmp_transporthdr, 0 }, // ICMP error transport layer header.
{ NULL, 0 }, // Payload. No buffer, it's a pointer to the original payload.
};
diff --git a/translate.h b/translate.h
index 3378254..421d2a5 100644
--- a/translate.h
+++ b/translate.h
@@ -36,16 +36,18 @@
// The CLAT_POS_XXX constants represent the array indices within the clat_packet that contain
// specific parts of the packet. The packet_* functions operate on all the packet segments past a
// given position.
-enum clat_packet_index { CLAT_POS_TUNHDR, CLAT_POS_IPHDR, CLAT_POS_TRANSPORTHDR,
- CLAT_POS_ICMPERR_IPHDR, CLAT_POS_ICMPERR_TRANSPORTHDR,
- CLAT_POS_PAYLOAD, CLAT_POS_MAX };
+typedef enum {
+ CLAT_POS_TUNHDR, CLAT_POS_IPHDR, CLAT_POS_FRAGHDR, CLAT_POS_TRANSPORTHDR,
+ CLAT_POS_ICMPERR_IPHDR, CLAT_POS_ICMPERR_FRAGHDR, CLAT_POS_ICMPERR_TRANSPORTHDR,
+ CLAT_POS_PAYLOAD, CLAT_POS_MAX
+} clat_packet_index;
typedef struct iovec clat_packet[CLAT_POS_MAX];
// Calculates the checksum over all the packet components starting from pos.
-uint16_t packet_checksum(uint32_t checksum, clat_packet packet, int pos);
+uint16_t packet_checksum(uint32_t checksum, clat_packet packet, clat_packet_index pos);
// Returns the total length of the packet components after pos.
-uint16_t packet_length(clat_packet packet, int pos);
+uint16_t packet_length(clat_packet packet, clat_packet_index pos);
// Returns true iff the given IPv6 address is in the plat subnet.
int is_in_plat_subnet(const struct in6_addr *addr6);
@@ -58,31 +60,38 @@
const struct iphdr *old_header);
// Translate and send packets.
-void translate_packet(const struct tun_data *tunnel, struct tun_pi *tun_header, const char *packet,
- size_t packetsize);
+void translate_packet(const struct tun_data *tunnel, struct tun_pi *tun_header,
+ const uint8_t *packet, size_t packetsize);
// Translate IPv4 and IPv6 packets.
-int ipv4_packet(clat_packet out, int pos, const char *packet, size_t len);
-int ipv6_packet(clat_packet out, int pos, const char *packet, size_t len);
+int ipv4_packet(clat_packet out, clat_packet_index pos, const uint8_t *packet, size_t len);
+int ipv6_packet(clat_packet out, clat_packet_index pos, const uint8_t *packet, size_t len);
+
+// Deal with fragmented packets.
+size_t maybe_fill_frag_header(struct ip6_frag *frag_hdr, struct ip6_hdr *ip6_targ,
+ const struct iphdr *old_header);
+uint8_t parse_frag_header(const struct ip6_frag *frag_hdr, struct iphdr *ip_targ);
// Translate ICMP packets.
-int icmp_to_icmp6(clat_packet out, int pos, const struct icmphdr *icmp, uint32_t checksum,
- const char *payload, size_t payload_size);
-int icmp6_to_icmp(clat_packet out, int pos, const struct icmp6_hdr *icmp6,
- const char *payload, size_t payload_size);
+int icmp_to_icmp6(clat_packet out, clat_packet_index pos, const struct icmphdr *icmp,
+ uint32_t checksum, const uint8_t *payload, size_t payload_size);
+int icmp6_to_icmp(clat_packet out, clat_packet_index pos, const struct icmp6_hdr *icmp6,
+ const uint8_t *payload, size_t payload_size);
// Translate generic IP packets.
-int generic_packet(clat_packet out, int pos, const char *payload, size_t len);
+int generic_packet(clat_packet out, clat_packet_index pos, const uint8_t *payload, size_t len);
// Translate TCP and UDP packets.
-int tcp_packet(clat_packet out, int pos, const struct tcphdr *tcp,
+int tcp_packet(clat_packet out, clat_packet_index pos, const struct tcphdr *tcp,
uint32_t old_sum, uint32_t new_sum, size_t len);
-int udp_packet(clat_packet out, int pos, const struct udphdr *udp,
+int udp_packet(clat_packet out, clat_packet_index pos, const struct udphdr *udp,
uint32_t old_sum, uint32_t new_sum, size_t len);
-int tcp_translate(clat_packet out, int pos, const struct tcphdr *tcp, size_t header_size,
- uint32_t old_sum, uint32_t new_sum, const char *payload, size_t payload_size);
-int udp_translate(clat_packet out, int pos, const struct udphdr *udp,
- uint32_t old_sum, uint32_t new_sum, const char *payload, size_t payload_size);
+int tcp_translate(clat_packet out, clat_packet_index pos, const struct tcphdr *tcp,
+ size_t header_size, uint32_t old_sum, uint32_t new_sum,
+ const uint8_t *payload, size_t payload_size);
+int udp_translate(clat_packet out, clat_packet_index pos, const struct udphdr *udp,
+ uint32_t old_sum, uint32_t new_sum,
+ const uint8_t *payload, size_t payload_size);
#endif /* __TRANSLATE_H__ */