Basic filtering of IPv6 traffic

2024-11-08 15:21:00 +02:00 · 2010-02-06 11:31:29 +01:00 · 2010-02-06 11:31:29 +01:00 · ecefe998eb
commit ecefe998eb
parent ad28a7c7f9
5 changed files with 100 additions and 2 deletions
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -1,3 +1,4 @@
 sbin_PROGRAMS = wrapsix-dnsproxy wrapsix-wrapper
 wrapsix_dnsproxy_SOURCES = dnsproxy.c
-wrapsix_wrapper_SOURCES = wrapper.c wrapper.h
+wrapsix_wrapper_SOURCES = wrapper.c wrapper.h \
+			  ipv6.c ipv6.h
--- a/src/ipv6.c
+++ b/src/ipv6.c
@ -0,0 +1,41 @@
+/*
+ *  WrapSix
+ *  Copyright (C) 2008-2010  Michal Zima <xhire@mujmalysvet.cz>
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as
+ *  published by the Free Software Foundation, either version 3 of the
+ *  License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <string.h>		/* memcpy */
+
+#include "wrapper.h"
+#include "ipv6.h"
+
+int ipv6(struct s_ethernet *eth, char *packet)
+{
+	struct s_ipv6	*ip;
+	char		*payload;
+
+	/* load data into structures */
+	ip = (struct s_ipv6*) packet;
+	payload = packet + sizeof(struct s_ipv6);
+
+	if (memcmp(&wrapsix_ipv6_prefix, &ip->ip_dest, 12) != 0 &&
+	    memcmp(&ndp_multicast_addr,  &ip->ip_dest, 13) != 0) {
+		printf("[Debug] This is unfamiliar packet\n");
+		return 1;
+	}
+
+	return 0;
+}
--- a/src/ipv6.h
+++ b/src/ipv6.h
@ -0,0 +1,41 @@
+/*
+ *  WrapSix
+ *  Copyright (C) 2008-2010  Michal Zima <xhire@mujmalysvet.cz>
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as
+ *  published by the Free Software Foundation, either version 3 of the
+ *  License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef IPV6_H
+#define IPV6_H
+
+/* IPv6 address structure */
+struct s_ipv6_addr {
+	unsigned char		addr[16];
+} __attribute__ ((__packed__));
+
+/* IPv6 header structure */
+struct s_ipv6 {
+	unsigned char		ver;            /*   8 b; version */
+	unsigned char		traffic_class;  /*   8 b; traffic class */
+	unsigned short		flow_label;     /*  16 b; flow label (qos) */
+	unsigned short		len;            /*  16 b; payload length */
+	unsigned char		next_header;    /*   8 b; next header */
+	unsigned char		hop_limit;      /*   8 b; hop limit (replaces ttl) */
+	struct s_ipv6_addr	ip_src;         /* 128 b; source address */
+	struct s_ipv6_addr	ip_dest;        /* 128 b; destination address */
+} __attribute__ ((__packed__));
+
+int ipv6(struct s_ethernet *eth, char *payload);
+
+#endif /* IPV6_H */
--- a/src/wrapper.c
+++ b/src/wrapper.c
@ -28,9 +28,14 @@
 #include <unistd.h>		/* close */

 #include "wrapper.h"
+#include "ipv6.h"

 #define INTERFACE	"eth0"
 #define BUFFER_SIZE	65536
+#define PREFIX		"::"
+
+struct s_ipv6_addr	ndp_multicast_addr;
+struct s_ipv6_addr	wrapsix_ipv6_prefix;

 int process(char *packet);

@ -68,6 +73,13 @@ int main(int argc, char **argv)
 		return 1;
 	}

+	/* some preparations */
+	/* compute binary IPv6 address of NDP multicast */
+	inet_pton(AF_INET6, "ff02::1:ff00:0", &ndp_multicast_addr);
+
+	/* compute binary IPv6 address of WrapSix prefix */
+	inet_pton(AF_INET6, PREFIX, &wrapsix_ipv6_prefix);
+
 	/* sniff! :c) */
 	for (;;) {
 		addr_size = sizeof(addr);
@ -107,7 +119,7 @@ int process(char *packet)
 			return -1;
 		case ETHERTYPE_IPV6:
 			printf("[Debug] HW Protocol: IPv6\n");
-			return -1;
+			return ipv6(eth, payload);
 		case ETHERTYPE_ARP:
 			printf("[Debug] HW Protocol: ARP\n");
 			return -1;
--- a/src/wrapper.h
+++ b/src/wrapper.h
@ -36,4 +36,7 @@ struct s_ethernet {
 	unsigned short		type;	/* 16 b; IP/ARP/RARP/... */
 } __attribute__ ((__packed__));

+extern struct s_ipv6_addr	ndp_multicast_addr;
+extern struct s_ipv6_addr	wrapsix_ipv6_prefix;
+
 #endif /* WRAPPER_H */