From ecefe998ebfdbf43c7d4dc5e507b7c5fcfdeab12 Mon Sep 17 00:00:00 2001 From: Michal Zima Date: Sat, 6 Feb 2010 11:31:29 +0100 Subject: [PATCH] Basic filtering of IPv6 traffic --- src/Makefile.am | 3 ++- src/ipv6.c | 41 +++++++++++++++++++++++++++++++++++++++++ src/ipv6.h | 41 +++++++++++++++++++++++++++++++++++++++++ src/wrapper.c | 14 +++++++++++++- src/wrapper.h | 3 +++ 5 files changed, 100 insertions(+), 2 deletions(-) create mode 100644 src/ipv6.c create mode 100644 src/ipv6.h diff --git a/src/Makefile.am b/src/Makefile.am index 722fb1d..dfd99f1 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,3 +1,4 @@ sbin_PROGRAMS = wrapsix-dnsproxy wrapsix-wrapper wrapsix_dnsproxy_SOURCES = dnsproxy.c -wrapsix_wrapper_SOURCES = wrapper.c wrapper.h +wrapsix_wrapper_SOURCES = wrapper.c wrapper.h \ + ipv6.c ipv6.h diff --git a/src/ipv6.c b/src/ipv6.c new file mode 100644 index 0000000..e2ae27e --- /dev/null +++ b/src/ipv6.c @@ -0,0 +1,41 @@ +/* + * WrapSix + * Copyright (C) 2008-2010 Michal Zima + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +#include +#include /* memcpy */ + +#include "wrapper.h" +#include "ipv6.h" + +int ipv6(struct s_ethernet *eth, char *packet) +{ + struct s_ipv6 *ip; + char *payload; + + /* load data into structures */ + ip = (struct s_ipv6*) packet; + payload = packet + sizeof(struct s_ipv6); + + if (memcmp(&wrapsix_ipv6_prefix, &ip->ip_dest, 12) != 0 && + memcmp(&ndp_multicast_addr, &ip->ip_dest, 13) != 0) { + printf("[Debug] This is unfamiliar packet\n"); + return 1; + } + + return 0; +} diff --git a/src/ipv6.h b/src/ipv6.h new file mode 100644 index 0000000..49e5e10 --- /dev/null +++ b/src/ipv6.h @@ -0,0 +1,41 @@ +/* + * WrapSix + * Copyright (C) 2008-2010 Michal Zima + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +#ifndef IPV6_H +#define IPV6_H + +/* IPv6 address structure */ +struct s_ipv6_addr { + unsigned char addr[16]; +} __attribute__ ((__packed__)); + +/* IPv6 header structure */ +struct s_ipv6 { + unsigned char ver; /* 8 b; version */ + unsigned char traffic_class; /* 8 b; traffic class */ + unsigned short flow_label; /* 16 b; flow label (qos) */ + unsigned short len; /* 16 b; payload length */ + unsigned char next_header; /* 8 b; next header */ + unsigned char hop_limit; /* 8 b; hop limit (replaces ttl) */ + struct s_ipv6_addr ip_src; /* 128 b; source address */ + struct s_ipv6_addr ip_dest; /* 128 b; destination address */ +} __attribute__ ((__packed__)); + +int ipv6(struct s_ethernet *eth, char *payload); + +#endif /* IPV6_H */ diff --git a/src/wrapper.c b/src/wrapper.c index fd6aa96..5f16045 100644 --- a/src/wrapper.c +++ b/src/wrapper.c @@ -28,9 +28,14 @@ #include /* close */ #include "wrapper.h" +#include "ipv6.h" #define INTERFACE "eth0" #define BUFFER_SIZE 65536 +#define PREFIX "::" + +struct s_ipv6_addr ndp_multicast_addr; +struct s_ipv6_addr wrapsix_ipv6_prefix; int process(char *packet); @@ -68,6 +73,13 @@ int main(int argc, char **argv) return 1; } + /* some preparations */ + /* compute binary IPv6 address of NDP multicast */ + inet_pton(AF_INET6, "ff02::1:ff00:0", &ndp_multicast_addr); + + /* compute binary IPv6 address of WrapSix prefix */ + inet_pton(AF_INET6, PREFIX, &wrapsix_ipv6_prefix); + /* sniff! :c) */ for (;;) { addr_size = sizeof(addr); @@ -107,7 +119,7 @@ int process(char *packet) return -1; case ETHERTYPE_IPV6: printf("[Debug] HW Protocol: IPv6\n"); - return -1; + return ipv6(eth, payload); case ETHERTYPE_ARP: printf("[Debug] HW Protocol: ARP\n"); return -1; diff --git a/src/wrapper.h b/src/wrapper.h index 983a8f7..ee9c430 100644 --- a/src/wrapper.h +++ b/src/wrapper.h @@ -36,4 +36,7 @@ struct s_ethernet { unsigned short type; /* 16 b; IP/ARP/RARP/... */ } __attribute__ ((__packed__)); +extern struct s_ipv6_addr ndp_multicast_addr; +extern struct s_ipv6_addr wrapsix_ipv6_prefix; + #endif /* WRAPPER_H */