From ecefe998ebfdbf43c7d4dc5e507b7c5fcfdeab12 Mon Sep 17 00:00:00 2001
From: Michal Zima <xhire@mujmalysvet.cz>
Date: Sat, 6 Feb 2010 11:31:29 +0100
Subject: [PATCH] Basic filtering of IPv6 traffic

---
 src/Makefile.am |  3 ++-
 src/ipv6.c      | 41 +++++++++++++++++++++++++++++++++++++++++
 src/ipv6.h      | 41 +++++++++++++++++++++++++++++++++++++++++
 src/wrapper.c   | 14 +++++++++++++-
 src/wrapper.h   |  3 +++
 5 files changed, 100 insertions(+), 2 deletions(-)
 create mode 100644 src/ipv6.c
 create mode 100644 src/ipv6.h

diff --git a/src/Makefile.am b/src/Makefile.am
index 722fb1d..dfd99f1 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1,3 +1,4 @@
 sbin_PROGRAMS = wrapsix-dnsproxy wrapsix-wrapper
 wrapsix_dnsproxy_SOURCES = dnsproxy.c
-wrapsix_wrapper_SOURCES = wrapper.c wrapper.h
+wrapsix_wrapper_SOURCES = wrapper.c wrapper.h \
+			  ipv6.c ipv6.h
diff --git a/src/ipv6.c b/src/ipv6.c
new file mode 100644
index 0000000..e2ae27e
--- /dev/null
+++ b/src/ipv6.c
@@ -0,0 +1,41 @@
+/*
+ *  WrapSix
+ *  Copyright (C) 2008-2010  Michal Zima <xhire@mujmalysvet.cz>
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as
+ *  published by the Free Software Foundation, either version 3 of the
+ *  License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <string.h>		/* memcpy */
+
+#include "wrapper.h"
+#include "ipv6.h"
+
+int ipv6(struct s_ethernet *eth, char *packet)
+{
+	struct s_ipv6	*ip;
+	char		*payload;
+
+	/* load data into structures */
+	ip = (struct s_ipv6*) packet;
+	payload = packet + sizeof(struct s_ipv6);
+
+	if (memcmp(&wrapsix_ipv6_prefix, &ip->ip_dest, 12) != 0 &&
+	    memcmp(&ndp_multicast_addr,  &ip->ip_dest, 13) != 0) {
+		printf("[Debug] This is unfamiliar packet\n");
+		return 1;
+	}
+
+	return 0;
+}
diff --git a/src/ipv6.h b/src/ipv6.h
new file mode 100644
index 0000000..49e5e10
--- /dev/null
+++ b/src/ipv6.h
@@ -0,0 +1,41 @@
+/*
+ *  WrapSix
+ *  Copyright (C) 2008-2010  Michal Zima <xhire@mujmalysvet.cz>
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as
+ *  published by the Free Software Foundation, either version 3 of the
+ *  License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef IPV6_H
+#define IPV6_H
+
+/* IPv6 address structure */
+struct s_ipv6_addr {
+	unsigned char		addr[16];
+} __attribute__ ((__packed__));
+
+/* IPv6 header structure */
+struct s_ipv6 {
+	unsigned char		ver;            /*   8 b; version */
+	unsigned char		traffic_class;  /*   8 b; traffic class */
+	unsigned short		flow_label;     /*  16 b; flow label (qos) */
+	unsigned short		len;            /*  16 b; payload length */
+	unsigned char		next_header;    /*   8 b; next header */
+	unsigned char		hop_limit;      /*   8 b; hop limit (replaces ttl) */
+	struct s_ipv6_addr	ip_src;         /* 128 b; source address */
+	struct s_ipv6_addr	ip_dest;        /* 128 b; destination address */
+} __attribute__ ((__packed__));
+
+int ipv6(struct s_ethernet *eth, char *payload);
+
+#endif /* IPV6_H */
diff --git a/src/wrapper.c b/src/wrapper.c
index fd6aa96..5f16045 100644
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -28,9 +28,14 @@
 #include <unistd.h>		/* close */
 
 #include "wrapper.h"
+#include "ipv6.h"
 
 #define INTERFACE	"eth0"
 #define BUFFER_SIZE	65536
+#define PREFIX		"::"
+
+struct s_ipv6_addr	ndp_multicast_addr;
+struct s_ipv6_addr	wrapsix_ipv6_prefix;
 
 int process(char *packet);
 
@@ -68,6 +73,13 @@ int main(int argc, char **argv)
 		return 1;
 	}
 
+	/* some preparations */
+	/* compute binary IPv6 address of NDP multicast */
+	inet_pton(AF_INET6, "ff02::1:ff00:0", &ndp_multicast_addr);
+
+	/* compute binary IPv6 address of WrapSix prefix */
+	inet_pton(AF_INET6, PREFIX, &wrapsix_ipv6_prefix);
+
 	/* sniff! :c) */
 	for (;;) {
 		addr_size = sizeof(addr);
@@ -107,7 +119,7 @@ int process(char *packet)
 			return -1;
 		case ETHERTYPE_IPV6:
 			printf("[Debug] HW Protocol: IPv6\n");
-			return -1;
+			return ipv6(eth, payload);
 		case ETHERTYPE_ARP:
 			printf("[Debug] HW Protocol: ARP\n");
 			return -1;
diff --git a/src/wrapper.h b/src/wrapper.h
index 983a8f7..ee9c430 100644
--- a/src/wrapper.h
+++ b/src/wrapper.h
@@ -36,4 +36,7 @@ struct s_ethernet {
 	unsigned short		type;	/* 16 b; IP/ARP/RARP/... */
 } __attribute__ ((__packed__));
 
+extern struct s_ipv6_addr	ndp_multicast_addr;
+extern struct s_ipv6_addr	wrapsix_ipv6_prefix;
+
 #endif /* WRAPPER_H */