#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
+#include <netinet/ip6.h>
+#include <netinet/icmp6.h>
#include <netinet/udp.h>
#include <net/if.h>
#endif
static int rawicmp = -1, rawudp = -1, rawerr = 0;
+static int rawicmp6 = -1, rawudp6 = -1, rawerr6 = 0;
#define IPCK_INIT 0xffff
uint8_t ph_z, ph_p;
uint16_t ph_len;
};
+struct phdr6 {
+ struct in6_addr ph6_src, ph6_dst;
+ uint32_t ph6_len;
+ uint8_t ph6_z0, ph6_z1, ph6_z2, ph6_nxt;
+};
struct raw_state {
union addr me, a;
int i, mtu = -1;
struct ifaddrs *ifa, *ifaa, *ifap;
struct ifreq ifr;
+ struct icmp6_filter f6;
/* Check that the address is OK, and that we have the necessary raw
* sockets.
+ *
+ * For IPv6, also set the filter so we don't get too many useless wakeups.
*/
switch (pp->a.sa.sa_family) {
case AF_INET:
if (rawerr) { errno = rawerr; goto fail_0; }
st->rawicmp = rawicmp; st->rawudp = rawudp; st->sk = sk;
+ /* IPv4 filtering is available on Linux but isn't portable. */
+ break;
+ case AF_INET6:
+ if (rawerr6) { errno = rawerr6; goto fail_0; }
+ st->rawicmp = rawicmp6; st->rawudp = rawudp6; st->sk = sk;
+ ICMP6_FILTER_SETBLOCKALL(&f6);
+ ICMP6_FILTER_SETPASS(ICMP6_PACKET_TOO_BIG, &f6);
+ ICMP6_FILTER_SETPASS(ICMP6_DST_UNREACH, &f6);
+ if (setsockopt(st->rawicmp, IPPROTO_ICMPV6, ICMP6_FILTER,
+ &f6, sizeof(f6))) {
+ die(EXIT_FAILURE, "failed to set icmpv6 filter: %s",
+ strerror(errno));
+ }
break;
default:
errno = EPFNOSUPPORT; goto fail_0;
if (getsockname(sk, &st->me.sa, &sz))
goto fail_0;
- /* An unfortunate bodge which will make sense in the future. */
- st->srcport = st->me.sin.sin_port; st->me.sin.sin_port = 0;
- st->dstport = st->a.sin.sin_port; st->a.sin.sin_port = 0;
+ /* Only now do some fiddling because Linux doesn't like port numbers in
+ * IPv6 raw destination addresses...
+ */
+ switch (pp->a.sa.sa_family) {
+ case AF_INET:
+ st->srcport = st->me.sin.sin_port; st->me.sin.sin_port = 0;
+ st->dstport = st->a.sin.sin_port; st->a.sin.sin_port = 0;
+ break;
+ case AF_INET6:
+ st->srcport = st->me.sin6.sin6_port; st->me.sin6.sin6_port = 0;
+ st->dstport = st->a.sin6.sin6_port; st->a.sin6.sin6_port = 0;
+ break;
+ default:
+ abort();
+ }
/* There isn't a portable way to force the DF flag onto a packet through
* UDP, or even through raw IP, unless we write the entire IP header
struct raw_state *st = stv;
unsigned char b[65536], *p;
struct ip *ip;
+ struct ip6_hdr *ip6;
struct udphdr *udp;
struct phdr ph;
+ struct phdr6 ph6;
unsigned ck;
- /* Build the IP header. */
- ip = (struct ip *)b;
- ip->ip_v = 4;
- ip->ip_hl = sizeof(*ip)/4;
- ip->ip_tos = IPTOS_RELIABILITY;
- ip->ip_len = sane_htons(mtu);
- STEP(st->q); ip->ip_id = htons(st->q);
- ip->ip_off = sane_htons(0 | IP_DF);
- ip->ip_ttl = 64;
- ip->ip_p = IPPROTO_UDP;
- ip->ip_sum = 0;
- ip->ip_src = st->me.sin.sin_addr;
- ip->ip_dst = st->a.sin.sin_addr;
-
- /* Build a UDP packet in the output buffer. */
- udp = (struct udphdr *)(ip + 1);
- udp->uh_sport = st->srcport;
- udp->uh_dport = st->dstport;
- udp->uh_ulen = htons(mtu - sizeof(*ip));
- udp->uh_sum = 0;
-
- /* Copy the payload. */
- p = (unsigned char *)(udp + 1);
- memcpy(p, buf, mtu - (p - b));
-
- /* Calculate the UDP checksum. */
- ph.ph_src = ip->ip_src;
- ph.ph_dst = ip->ip_dst;
- ph.ph_z = 0;
- ph.ph_p = IPPROTO_UDP;
- ph.ph_len = udp->uh_ulen;
- ck = IPCK_INIT;
- ck = ipcksum(&ph, sizeof(ph), ck);
- ck = ipcksum(udp, mtu - sizeof(*ip), ck);
- udp->uh_sum = htons(ck);
+ switch (st->a.sa.sa_family) {
+
+ case AF_INET:
+
+ /* Build the IP header. */
+ ip = (struct ip *)b;
+ ip->ip_v = 4;
+ ip->ip_hl = sizeof(*ip)/4;
+ ip->ip_tos = IPTOS_RELIABILITY;
+ ip->ip_len = sane_htons(mtu);
+ STEP(st->q); ip->ip_id = htons(st->q);
+ ip->ip_off = sane_htons(0 | IP_DF);
+ ip->ip_ttl = 64;
+ ip->ip_p = IPPROTO_UDP;
+ ip->ip_sum = 0;
+ ip->ip_src = st->me.sin.sin_addr;
+ ip->ip_dst = st->a.sin.sin_addr;
+
+ /* Build a UDP packet in the output buffer. */
+ udp = (struct udphdr *)(ip + 1);
+ udp->uh_sport = st->srcport;
+ udp->uh_dport = st->dstport;
+ udp->uh_ulen = htons(mtu - sizeof(*ip));
+ udp->uh_sum = 0;
+
+ /* Copy the payload. */
+ p = (unsigned char *)(udp + 1);
+ memcpy(p, buf, mtu - (p - b));
+
+ /* Calculate the UDP checksum. */
+ ph.ph_src = ip->ip_src;
+ ph.ph_dst = ip->ip_dst;
+ ph.ph_z = 0;
+ ph.ph_p = IPPROTO_UDP;
+ ph.ph_len = udp->uh_ulen;
+ ck = IPCK_INIT;
+ ck = ipcksum(&ph, sizeof(ph), ck);
+ ck = ipcksum(udp, mtu - sizeof(*ip), ck);
+ udp->uh_sum = htons(ck);
+
+ break;
+
+ case AF_INET6:
+
+ /* Build the IP header. */
+ ip6 = (struct ip6_hdr *)b;
+ STEP(st->q); ip6->ip6_flow = htonl(0x60000000 | st->q);
+ ip6->ip6_plen = htons(mtu - sizeof(*ip6));
+ ip6->ip6_nxt = IPPROTO_UDP;
+ ip6->ip6_hlim = 64;
+ ip6->ip6_src = st->me.sin6.sin6_addr;
+ ip6->ip6_dst = st->a.sin6.sin6_addr;
+
+ /* Build a UDP packet in the output buffer. */
+ udp = (struct udphdr *)(ip6 + 1);
+ udp->uh_sport = st->srcport;
+ udp->uh_dport = st->dstport;
+ udp->uh_ulen = htons(mtu - sizeof(*ip6));
+ udp->uh_sum = 0;
+
+ /* Copy the payload. */
+ p = (unsigned char *)(udp + 1);
+ memcpy(p, buf, mtu - (p - b));
+
+ /* Calculate the UDP checksum. */
+ ph6.ph6_src = ip6->ip6_src;
+ ph6.ph6_dst = ip6->ip6_dst;
+ ph6.ph6_len = udp->uh_ulen;
+ ph6.ph6_z0 = ph6.ph6_z1 = ph6.ph6_z2 = 0;
+ ph6.ph6_nxt = IPPROTO_UDP;
+ ck = IPCK_INIT;
+ ck = ipcksum(&ph6, sizeof(ph6), ck);
+ ck = ipcksum(udp, mtu - sizeof(*ip6), ck);
+ udp->uh_sum = htons(ck);
+
+ break;
+
+ default:
+ abort();
+ }
/* Send the whole thing off. If we're too big for the interface then we
* might need to trim immediately.
struct raw_state *st = stv;
unsigned char b[65536];
struct ip *ip;
+ struct ip6_hdr *ip6;
struct icmp *icmp;
+ struct icmp6_hdr *icmp6;
struct udphdr *udp;
const unsigned char *payload;
ssize_t n;
if (FD_ISSET(st->rawicmp, fd_in)) {
if ((n = read(st->rawicmp, b, sizeof(b))) < 0) goto fail_0;
- ip = (struct ip *)b;
- if (n < sizeof(*ip) || n < sizeof(4*ip->ip_hl) ||
- ip->ip_v != 4 || ip->ip_p != IPPROTO_ICMP)
- goto skip_icmp;
- n -= sizeof(4*ip->ip_hl);
-
- icmp = (struct icmp *)(b + 4*ip->ip_hl);
- if (n < sizeof(*icmp) || icmp->icmp_type != ICMP_UNREACH)
- goto skip_icmp;
- n -= offsetof(struct icmp, icmp_ip);
-
- ip = &icmp->icmp_ip;
- if (n < sizeof(*ip) ||
- ip->ip_p != IPPROTO_UDP || ip->ip_hl != sizeof(*ip)/4 ||
- ip->ip_id != htons(st->q) ||
- ip->ip_src.s_addr != st->me.sin.sin_addr.s_addr ||
- ip->ip_dst.s_addr != st->a.sin.sin_addr.s_addr)
- goto skip_icmp;
- n -= sizeof(*ip);
-
- udp = (struct udphdr *)(ip + 1);
- if (n < sizeof(*udp) || udp->uh_sport != st->srcport ||
- udp->uh_dport != st->dstport)
- goto skip_icmp;
- n -= sizeof(*udp);
-
- payload = (const unsigned char *)(udp + 1);
- if (!mypacketp(ps, payload, n)) goto skip_icmp;
-
- if (icmp->icmp_code == ICMP_UNREACH_PORT) return (RC_HIGHER);
- else if (icmp->icmp_code != ICMP_UNREACH_NEEDFRAG) goto skip_icmp;
- else if (icmp->icmp_nextmtu) return (htons(icmp->icmp_nextmtu));
- else return (RC_LOWER);
+ switch (st->me.sa.sa_family) {
+
+ case AF_INET:
+
+ ip = (struct ip *)b;
+ if (n < sizeof(*ip) || n < sizeof(4*ip->ip_hl) ||
+ ip->ip_v != 4 || ip->ip_p != IPPROTO_ICMP)
+ goto skip_icmp;
+ n -= sizeof(4*ip->ip_hl);
+
+ icmp = (struct icmp *)(b + 4*ip->ip_hl);
+ if (n < sizeof(*icmp) || icmp->icmp_type != ICMP_UNREACH)
+ goto skip_icmp;
+ n -= offsetof(struct icmp, icmp_ip);
+
+ ip = &icmp->icmp_ip;
+ if (n < sizeof(*ip) ||
+ ip->ip_p != IPPROTO_UDP || ip->ip_hl != sizeof(*ip)/4 ||
+ ip->ip_id != htons(st->q) ||
+ ip->ip_src.s_addr != st->me.sin.sin_addr.s_addr ||
+ ip->ip_dst.s_addr != st->a.sin.sin_addr.s_addr)
+ goto skip_icmp;
+ n -= sizeof(*ip);
+
+ udp = (struct udphdr *)(ip + 1);
+ if (n < sizeof(*udp) || udp->uh_sport != st->srcport ||
+ udp->uh_dport != st->dstport)
+ goto skip_icmp;
+ n -= sizeof(*udp);
+
+ payload = (const unsigned char *)(udp + 1);
+ if (!mypacketp(ps, payload, n)) goto skip_icmp;
+
+ if (icmp->icmp_code == ICMP_UNREACH_PORT) return (RC_HIGHER);
+ else if (icmp->icmp_code != ICMP_UNREACH_NEEDFRAG) goto skip_icmp;
+ else if (icmp->icmp_nextmtu) return (htons(icmp->icmp_nextmtu));
+ else return (RC_LOWER);
+
+ break;
+
+ case AF_INET6:
+ icmp6 = (struct icmp6_hdr *)b;
+ if (n < sizeof(*icmp6) ||
+ (icmp6->icmp6_type != ICMP6_PACKET_TOO_BIG &&
+ icmp6->icmp6_type != ICMP6_DST_UNREACH))
+ goto skip_icmp;
+ n -= sizeof(*icmp6);
+
+ ip6 = (struct ip6_hdr *)(icmp6 + 1);
+ if (n < sizeof(*ip6) || ip6->ip6_nxt != IPPROTO_UDP ||
+ memcmp(ip6->ip6_src.s6_addr,
+ st->me.sin6.sin6_addr.s6_addr, 16) ||
+ memcmp(ip6->ip6_dst.s6_addr,
+ st->a.sin6.sin6_addr.s6_addr, 16) ||
+ (ntohl(ip6->ip6_flow)&0xffff) != st->q)
+ goto skip_icmp;
+ n -= sizeof(*ip6);
+
+ udp = (struct udphdr *)(ip6 + 1);
+ if (n < sizeof(*udp) || udp->uh_sport != st->srcport ||
+ udp->uh_dport != st->dstport)
+ goto skip_icmp;
+ n -= sizeof(*udp);
+
+ payload = (const unsigned char *)(udp + 1);
+ if (!mypacketp(ps, payload, n)) goto skip_icmp;
+
+ if (icmp6->icmp6_type == ICMP6_PACKET_TOO_BIG)
+ return (ntohs(icmp6->icmp6_mtu));
+ else switch (icmp6->icmp6_code) {
+ case ICMP6_DST_UNREACH_ADMIN:
+ case ICMP6_DST_UNREACH_NOPORT:
+ return (RC_HIGHER);
+ default:
+ goto skip_icmp;
+ }
+ break;
+
+ default:
+ abort();
+ }
}
+
skip_icmp:;
/* If we got a reply to the current probe then we're good. If we got an
if ((rawicmp = socket(PF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0 ||
(rawudp = socket(PF_INET, SOCK_RAW, IPPROTO_UDP)) < 0)
rawerr = errno;
+ if ((rawicmp6 = socket(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6)) < 0 ||
+ (rawudp6 = socket(PF_INET6, SOCK_RAW, IPPROTO_RAW)) < 0)
+ rawerr6 = errno;
if (setuid(getuid()))
abort();