diff options
| -rw-r--r-- | package/siit/Makefile | 43 | ||||
| -rw-r--r-- | package/siit/src/Makefile | 5 | ||||
| -rw-r--r-- | package/siit/src/siit.c | 1457 | ||||
| -rw-r--r-- | package/siit/src/siit.h | 61 | 
4 files changed, 1566 insertions, 0 deletions
| diff --git a/package/siit/Makefile b/package/siit/Makefile new file mode 100644 index 000000000..0636301cb --- /dev/null +++ b/package/siit/Makefile @@ -0,0 +1,43 @@ +#  +# Copyright (C) 2006 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# +# $Id: Makefile 10203 2008-01-15 03:25:11Z matteo $ + +include $(TOPDIR)/rules.mk +include $(INCLUDE_DIR)/kernel.mk + +PKG_NAME:=siit +PKG_VERSION:=1.1 + +include $(INCLUDE_DIR)/package.mk + +define KernelPackage/siit +  SUBMENU:=Network Devices +  TITLE:=Stateless IP ICMP Translation Algorithm +  FILES:=$(PKG_BUILD_DIR)/siit.$(LINUX_KMOD_SUFFIX) +  AUTOLOAD:=$(call AutoLoad,50,siit) +endef + +define KernelPackage/siit/description + Stateless IP ICMP Translation Algorithm +endef + +define Build/Prepare +	mkdir -p $(PKG_BUILD_DIR) +	cp src/Makefile src/siit.h src/siit.c $(PKG_BUILD_DIR)/ +endef + +define Build/Compile +	$(MAKE) -C $(LINUX_DIR) \ +		CROSS_COMPILE="$(TARGET_CROSS)" \ +		ARCH="$(LINUX_KARCH)" \ +		SUBDIRS="$(PKG_BUILD_DIR)" \ +		KERNELDIR=$(LINUX_DIR) \ +		CC="$(TARGET_CC)" \ +		modules +endef + +$(eval $(call KernelPackage,siit)) diff --git a/package/siit/src/Makefile b/package/siit/src/Makefile new file mode 100644 index 000000000..06c36f1e3 --- /dev/null +++ b/package/siit/src/Makefile @@ -0,0 +1,5 @@ +obj-m   := siit.o +ifeq ($(MAKING_MODULES),1) +-include $(TOPDIR)/Rules.make +endif + diff --git a/package/siit/src/siit.c b/package/siit/src/siit.c new file mode 100644 index 000000000..828df22e2 --- /dev/null +++ b/package/siit/src/siit.c @@ -0,0 +1,1457 @@ +/* + * siit.c: the Stateless IP/ICMP Translator (SIIT) module for Linux. + * + * + */ + +#include <linux/autoconf.h> +#include <linux/module.h> +#include <linux/version.h> +#include <linux/sched.h> +#include <linux/kernel.h>       /* printk() */ +#include <linux/slab.h> + +#include <linux/errno.h>        /* error codes */ +#include <linux/types.h>        /* size_t */ +#include <linux/interrupt.h>    /* mark_bh */ +#include <linux/random.h> +#include <linux/in.h> +#include <linux/netdevice.h>    /* struct device, and other headers */ +#include <linux/etherdevice.h>  /* eth_type_trans */ +#include <net/ip.h>             /* struct iphdr */ +#include <net/icmp.h>           /* struct icmphdr */ +#include <net/ipv6.h> +#include <net/udp.h> +#include <linux/skbuff.h> +#include <linux/in6.h> +#include <linux/init.h> +#include <asm/uaccess.h> +#include <asm/checksum.h> + +#include <linux/in6.h> +#include "siit.h" + +MODULE_AUTHOR("Dmitriy Moscalev, Grigory Klyuchnikov, Felix Fietkau"); + +/* + * If tos_ignore_flag != 0, we don't copy TOS and Traffic Class + * from origin paket and set it to 0 + */ +int tos_ignore_flag = 0; + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) +static inline void +skb_reset_mac_header(struct sk_buff *skb) +{ +	skb->mac.raw=skb->data; +} + +static struct net_device_stats * +siit_get_stats(struct net_device *dev) +{ +	return netdev_priv(dev); +} + +static inline void random_ether_addr(u8 *addr) +{ +	get_random_bytes (addr, ETH_ALEN); +	addr [0] &= 0xfe;	/* clear multicast bit */ +	addr [0] |= 0x02;	/* set local assignment bit (IEEE802) */ +} + + +#define siit_stats(_dev) ((struct net_device_stats *)netdev_priv(_dev)) +#else +#define siit_stats(_dev) (&(_dev)->stats) +#endif + +/* + * The Utility  stuff + */ + +#ifdef SIIT_DEBUG +/* print dump bytes (data point data area sizeof len and message + * before dump. + */ +static int siit_print_dump(char *data, int len, char *message) +{ +	int i; +	int j = 0, k = 1; + +	len = len > BUFF_SIZE ? BUFF_SIZE : len; +	printk("%s:\n", message); +	for (i=0; i < len; i++, k++) { +		if( i == len-1 || k == 16) { +			printk("%02x\n", (~(~0 << 8) & *(data+i))); +			j = 0; +			k = 0; +		} +		else if (j) { +			printk("%02x ", (~(~0 << 8) & *(data+i))); +			j--; +		} +		else { +			printk("%02x", (~(~0 << 8) & *(data+i))); +			j++; +		} +	} +	return 0; +} +#endif + +/* + * Open and close + */ +static int siit_open(struct net_device *dev) +{ +	netif_start_queue(dev); +	return 0; +} + + +static int siit_release(struct net_device *dev) +{ +	netif_stop_queue(dev); /* can't transmit any more */ +	return 0; +} + +/* + * Translation IPv4 to IPv6 stuff + * + * ip4_ip6 (src, len, dst, include_flag) + * + * where + * src - buffer with original IPv4 packet, + * len - size of original packet, + * dst - new buffer for IPv6 packet, + * include_flag - if = 1, dst point to IPv4 packet that is ICMP error + *                included IP packet, else = 0 + */ + +static int ip4_ip6(char *src, int len, char *dst, int include_flag) +{ +	struct iphdr *ih4 = (struct iphdr *) src; /* point to current IPv4 header struct */ +	struct icmphdr *icmp_hdr;   /* point to current ICMPv4 header struct */ +	struct udphdr *udp_hdr;     /* point to current IPv4 UDP header struct */ + +	struct ipv6hdr *ih6 = (struct ipv6hdr *) dst; /* point to current IPv6 header struct */ +	struct frag_hdr *ih6_frag = (struct frag_hdr *)(dst+sizeof(struct ipv6hdr)); +										      /* point to current IPv6 fragment header struct */ +	struct icmp6hdr *icmp6_hdr; /* point to current ICMPv6 header */ + +	int hdr_len = (int)(ih4->ihl * 4); /* IPv4 header length */ +	int icmp_len;               /* ICMPv4 packet length */ +	int plen;                   /* payload length */ + +	unsigned int csum;          /* need to calculate ICMPv6 and UDP checksum */ +	int fl_csum = 0;            /* flag to calculate UDP checksum */ +	int icmperr = 1;            /* flag to indicate ICMP error message and to need +								   translate ICMP included IP packet */ +	int fr_flag = 0;            /* fragment flag, if = 0 - don't add +								   fragment header */ +	__u16 new_tot_len;          /* need to calculate IPv6 total length */ +	__u8 new_nexthdr;           /* next header code */ +	__u16 icmp_ptr = 0;         /* Pointer field in ICMP_PARAMETERPROB */ + +#ifdef SIIT_DEBUG              /* print IPv4 header dump */ +	siit_print_dump(src, hdr_len, "siit: ip4_ip6() (in) ip4 header dump"); +#endif + +	/* If DF == 1 && MF == 0 && Fragment Offset == 0 +	 * or this packet is ICMP included IP packet +	 * we don't need fragment header */ +	if (ntohs(ih4->frag_off) == IP_DF || include_flag ) { +		/* not fragment and we need not to add Fragment +		 * Header to IPv6 packet. */ +		/* total length = total length from IPv4 packet */ +		new_tot_len = ntohs(ih4->tot_len); + +		if (ih4->protocol == IPPROTO_ICMP) +			new_nexthdr = NEXTHDR_ICMP; +		else +			new_nexthdr = ih4->protocol; +	} +	else { +		/* need to add Fragment Header */ +		fr_flag = 1; +		/* total length = total length from IPv4 packet + +		   length of Fragment Header */ +		new_tot_len = ntohs(ih4->tot_len) + sizeof(struct frag_hdr); +		/* IPv6 Header NextHeader = NEXTHDR_FRAGMENT */ +		new_nexthdr = NEXTHDR_FRAGMENT; +		/* Fragment Header NextHeader copy from IPv4 packet */ +		if (ih4->protocol == IPPROTO_ICMP) +			ih6_frag->nexthdr = NEXTHDR_ICMP; +		else +			ih6_frag->nexthdr = ih4->protocol; + +		/* copy frag offset from IPv4 packet */ +		ih6_frag->frag_off = htons((ntohs(ih4->frag_off) & IP_OFFSET) << 3); +		/* copy MF flag from IPv4 packet */ +		ih6_frag->frag_off = htons((ntohs(ih6_frag->frag_off) | +									((ntohs(ih4->frag_off) & IP_MF) >> 13))); +		/* copy Identification field from IPv4 packet */ +		ih6_frag->identification = htonl(ntohs(ih4->id)); +		/* reserved field initialized to zero */ +		ih6_frag->reserved = 0; +	} + +	/* Form rest IPv6 fields */ + +	/* +	 * At this point we need to add checking of unxpired source +	 * route optin and if it is, send ICMPv4 "destination +	 * unreacheble/source route failes" Type 3/Code 5 and +	 * drop packet. (NOT RELEASED YET) +	 */ + +	/* IP version = 6 */ +	ih6->version = 6; + +	if (tos_ignore_flag) { +		ih6->priority = 0; +		ih6->flow_lbl[0] = 0; +	} else { +		ih6->priority = (ih4->tos & 0xf0) >> 4; +		ih6->flow_lbl[0] = (ih4->tos & 0x0f) << 4; +	} +	ih6->flow_lbl[1] = 0; +	ih6->flow_lbl[2] = 0; + +	/* Hop Limit = IPv4 TTL */ +	ih6->hop_limit = ih4->ttl; + +	/* Translate source destination addresses, +	   for IPv6 host it's IPv4-translated IPv6 address, +	   for IPv4 host it's IPv4-mapped IPv6 address + +	   !!WARNING!! Instead IPv4-mapped IPv6 addresses we use addreesses +	   with unused prefix ::ffff:ffff:0:0/96, because KAME implementation +	   doesn't support IPv4-mapped addresses in IPv6 packets and discard them. + +	*/ + +	if (include_flag) { +		/* +		   It's ICMP included IP packet and there is a diffirence +		   in src/dst addresses then src/dst in normal direction +		 */ + +		/* +		   Source address +		   is IPv4-translated IPv6 address because packet traveled +		   from IPv6 to IPv4 area +		*/ +		ih6->saddr.in6_u.u6_addr32[0] = 0; +		ih6->saddr.in6_u.u6_addr32[1] = 0; +		ih6->saddr.in6_u.u6_addr32[2] = htonl(TRANSLATED_PREFIX); /* to network order bytes */ +		ih6->saddr.in6_u.u6_addr32[3] = ih4->saddr; + +		/* +		   Destination address +		   is IPv4-mapped address (but it's not IPv4- mapped, we use +		   prefix ::ffff:ffff:0:0/96 +		 */ +		ih6->daddr.in6_u.u6_addr32[0] = 0; +		ih6->daddr.in6_u.u6_addr32[1] = 0; +		ih6->daddr.in6_u.u6_addr32[2] = htonl(MAPPED_PREFIX); /* to network order bytes */ +		ih6->daddr.in6_u.u6_addr32[3] = ih4->daddr; +	} +	else { + +		/* +		   This is normal case (packet isn't included IP packet) + +		   Source address +		   is IPv4-mapped address (but it's not IPv4- mapped, we use +		   prefix ::ffff:ffff:0:0/96) +		*/ +		ih6->saddr.in6_u.u6_addr32[0] = 0; +		ih6->saddr.in6_u.u6_addr32[1] = 0; +		ih6->saddr.in6_u.u6_addr32[2] = htonl(MAPPED_PREFIX); /* to network order bytes */ +		ih6->saddr.in6_u.u6_addr32[3] = ih4->saddr; + +		/* Destination address +		   is is IPv4-translated IPv6 address +		 */ +		ih6->daddr.in6_u.u6_addr32[0] = 0; +		ih6->daddr.in6_u.u6_addr32[1] = 0; +		ih6->daddr.in6_u.u6_addr32[2] = htonl(TRANSLATED_PREFIX); /* to network order bytes */ +		ih6->daddr.in6_u.u6_addr32[3] = ih4->daddr; +	} + +	/* Payload Length */ +	plen = new_tot_len - hdr_len; /* Payload length = IPv4 total len - IPv4 header len */ +	ih6->payload_len = htons(plen); + +	/* Next Header */ +	ih6->nexthdr = new_nexthdr; /* Next Header */ + +	/* Process ICMP protocols data */ + +	switch (ih4->protocol) { +	case IPPROTO_ICMP: +		if ( (ntohs(ih4->frag_off) & IP_OFFSET) != 0 || (ntohs(ih4->frag_off) & IP_MF) != 0 ) { +			PDEBUG("ip4_ip6(): don't translate ICMPv4 fragments - packet dropped.\n"); +			return -1; +		} + +		icmp_hdr = (struct icmphdr *) (src+hdr_len); /* point to ICMPv4 header */ +		csum = 0; +		icmp_len =  ntohs(ih4->tot_len) - hdr_len; /* ICMPv4 packet length */ +		icmp6_hdr = (struct icmp6hdr *)(dst+sizeof(struct ipv6hdr) +									    +fr_flag*sizeof(struct frag_hdr)); /* point to ICMPv6 header */ + +		if (include_flag) { +			/* ICMPv4 packet cannot be included in ICMPv4 Error message */ +			/* !!! May be it's WRONG !!! ICMPv4 QUERY packet can be included +			   in ICMPv4 Error message */ +			PDEBUG("ip4_ip6(): It's included ICMPv4 in ICMPv4 Error message - packet dropped.\n"); +			return -1; +		} + +		/* Check ICMPv4 Type field */ +		switch (icmp_hdr->type) { +		/* ICMP Error messages */ +		/* Destination Unreachable (Type 3) */ +		case ICMP_DEST_UNREACH: +			icmp6_hdr->icmp6_type = ICMPV6_DEST_UNREACH; /* to Type 1 */ +			icmp6_hdr->icmp6_unused = 0; +			switch (icmp_hdr->code) +			{ +			case ICMP_NET_UNREACH: /* Code 0 */ +			case ICMP_HOST_UNREACH: /* Code 1 */ +			case ICMP_SR_FAILED: /* Code 5 */ +			case ICMP_NET_UNKNOWN: /* Code 6 */ +			case ICMP_HOST_UNKNOWN: /* Code 7 */ +			case ICMP_HOST_ISOLATED: /* Code 8 */ +			case ICMP_NET_UNR_TOS: /* Code 11 */ +			case ICMP_HOST_UNR_TOS: /* Code 12 */ +				icmp6_hdr->icmp6_code = ICMPV6_NOROUTE; /* to Code 0 */ +				break; +			case ICMP_PROT_UNREACH: /* Code 2 */ +				icmp6_hdr->icmp6_type = ICMPV6_PARAMPROB; /* to Type 4 */ +				icmp6_hdr->icmp6_code = ICMPV6_UNK_NEXTHDR; /* to Code 1 */ +				/* Set pointer filed to 6, it's octet offset IPv6 Next Header field */ +				icmp6_hdr->icmp6_pointer = htonl(6); +				break; +			case ICMP_PORT_UNREACH: /* Code 3 */ +				icmp6_hdr->icmp6_code = ICMPV6_PORT_UNREACH; /* to Code 4 */ +				break; +			case ICMP_FRAG_NEEDED: /* Code 4 */ +				icmp6_hdr->icmp6_type = ICMPV6_PKT_TOOBIG; /* to Type 2 */ +				icmp6_hdr->icmp6_code = 0; +				/* Correct MTU  */ +				if (icmp_hdr->un.frag.mtu == 0) +					/* we use minimum MTU for IPv4 PMTUv4 RFC1191, section 5; +					   IPv6 implementation wouldn't accept Path MTU < 1280, +					   but it records info correctly to always include +					   a fragment header */ +					icmp6_hdr->icmp6_mtu = htonl(576); +				else +					/* needs to adjusted for difference between IPv4/IPv6 headers +					 * SIIT RFC2765, section 3.3, +					 * we assume that difference is 20 bytes */ +					icmp6_hdr->icmp6_mtu = htonl(ntohs(icmp_hdr->un.frag.mtu)+IP4_IP6_HDR_DIFF); + +				break; +			case ICMP_NET_ANO: /* Code 9 */ +			case ICMP_HOST_ANO: /* Code 10 */ +				icmp6_hdr->icmp6_code = ICMPV6_ADM_PROHIBITED; /* to Code 1 */ +				break; +			default: /* discard any other Code */ +				PDEBUG("ip4_ip6(): Unknown ICMPv4 Type %d Code %d - packet dropped.\n", +					   ICMP_DEST_UNREACH, icmp_hdr->code); +				return -1; +			} +			break; +			/* Time Exceeded (Type 11) */ +		case ICMP_TIME_EXCEEDED: +			icmp6_hdr->icmp6_type = ICMPV6_TIME_EXCEED; +			icmp6_hdr->icmp6_code = icmp_hdr->code; +			break; +			/* Parameter Problem (Type 12) */ +		case ICMP_PARAMETERPROB: +			icmp6_hdr->icmp6_type = ICMPV6_PARAMPROB; +			icmp6_hdr->icmp6_code = icmp_hdr->code; + +			icmp_ptr = ntohs(icmp_hdr->un.echo.id) >> 8; +			switch (icmp_ptr) { +			case 0: +				icmp6_hdr->icmp6_pointer = 0; /* IPv4 Version -> IPv6 Version */ +				break; +			case 2: +				icmp6_hdr->icmp6_pointer = __constant_htonl(4); /* IPv4 length -> IPv6 Payload Length */ +				break; +			case 8: +				icmp6_hdr->icmp6_pointer = __constant_htonl(7); /* IPv4 TTL -> IPv6 Hop Limit */ +				break; +			case 9: +				icmp6_hdr->icmp6_pointer = __constant_htonl(6); /* IPv4 Protocol -> IPv6 Next Header */ +				break; +			case 12: +				icmp6_hdr->icmp6_pointer = __constant_htonl(8); /* IPv4 Src Addr -> IPv6 Src Addr */ +				break; +			case 16: +				icmp6_hdr->icmp6_pointer = __constant_htonl(24); /* IPv4 Dst Addr -> IPv6 Dst Addr */ +				break; +			default: +				icmp6_hdr->icmp6_pointer = 0xffffffff; /* set to all ones in any other cases */ +				break; +			} +			break; +		case ICMP_ECHO: +			icmperr = 0; +			icmp6_hdr->icmp6_type = ICMPV6_ECHO_REQUEST; +			icmp6_hdr->icmp6_code = 0; +			/* Copy rest ICMP data to new IPv6 packet without changing */ +			memcpy(((char *)icmp6_hdr)+4, ((char *)icmp_hdr)+4, len - hdr_len - 4); +			break; + +		case ICMP_ECHOREPLY: +			icmperr = 0; +			icmp6_hdr->icmp6_type = ICMPV6_ECHO_REPLY; +			icmp6_hdr->icmp6_code = 0; +			/* Copy rest ICMP data to new IPv6 packet without changing */ +			memcpy(((char *)icmp6_hdr)+4, ((char *)icmp_hdr)+4, len - hdr_len - 4); +			break; + +			/* Discard any other ICMP messages */ +		default: +			PDEBUG("ip4_ip6(): Unknown ICMPv4 packet Type %x - packet dropped.\n", icmp_hdr->type); +			return -1; +		} + +		/* Now if it's ICMPv4 Error message we must translate included IP packet */ + +		if (icmperr) { +			/* Call our ip4_ip6() to translate included IP packet */ +			if (ip4_ip6(src+hdr_len+sizeof(struct icmphdr), len - hdr_len - sizeof(struct icmphdr), +						dst+sizeof(struct ipv6hdr)+fr_flag*sizeof(struct frag_hdr) +						+sizeof(struct icmp6hdr), 1) == -1) { +				PDEBUG("ip4_ip6(): Uncorrect translation of ICMPv4 Error message - packet dropped.\n"); +				return -1; +			} +			/* correct ICMPv6 packet length for diffirence between IPv4 and IPv6 headers +			   in included IP packet +			   */ +			icmp_len += 20; +			/* and correct Payload length for diffirence between IPv4 and IPv6 headers */ +			plen += 20; +			ih6->payload_len = htons(plen); +		} + +		/* Calculate ICMPv6 checksum */ + +		icmp6_hdr->icmp6_cksum = 0; +		csum = 0; + +		csum = csum_partial((u_char *)icmp6_hdr, icmp_len, csum); +		icmp6_hdr->icmp6_cksum = csum_ipv6_magic(&ih6->saddr, &ih6->daddr, icmp_len, +									         IPPROTO_ICMPV6, csum); +		break; + +	/* Process TCP protocols data */ +	case IPPROTO_TCP: +		/* Copy TCP data to new IPv6 packet without changing */ +		memcpy(dst+sizeof(struct ipv6hdr)+fr_flag*sizeof(struct frag_hdr), +				   src+hdr_len, len - hdr_len); +		break; + +	/* Process UDP protocols data */ +	case IPPROTO_UDP: +		udp_hdr = (struct udphdr *)(src+hdr_len); +		if ((ntohs(ih4->frag_off) & IP_OFFSET) == 0) { +			if ((ntohs(ih4->frag_off) & IP_MF) != 0) { +				/* It's a first fragment */ +				if (udp_hdr->check == 0) { +					/* System management event */ +					printk("siit: First fragment of UDP with zero checksum - packet droped\n"); +					printk("siit: addr: %x src port: %d dst port: %d\n", +						   htonl(ih4->saddr), htons(udp_hdr->source), htons(udp_hdr->dest)); +					return -1; +				} +			} +			else if (udp_hdr->check == 0) +				fl_csum = 1; +		} + +		/* Copy UDP data to new IPv6 packet */ +		udp_hdr = (struct udphdr *)(dst+sizeof(struct ipv6hdr) +									+ fr_flag*sizeof(struct frag_hdr)); +		memcpy((char *)udp_hdr, src+hdr_len, len - hdr_len); + +		/* Calculate UDP checksum if UDP checksum in IPv4 packet was ZERO +		   and if it isn't included IP packet +		 */ +		if (fl_csum && (!include_flag)) { +			udp_hdr->check = 0; +			csum = 0; +			csum = csum_partial((unsigned char *)udp_hdr, plen - fr_flag*sizeof(struct frag_hdr), csum); +			udp_hdr->check = csum_ipv6_magic(&ih6->saddr, &ih6->daddr, plen - +										     fr_flag*sizeof(struct frag_hdr), IPPROTO_UDP, csum); +		} +		break; + +	/* Discard packets with any other protocol */ +	default: +		PDEBUG("ip4_ip6(): Unknown upper protocol - packet dropped.\n"); +		return -1; +	} + +#ifdef SIIT_DEBUG +	siit_print_dump(dst, sizeof(struct ipv6hdr), "siit: ip4_ip6(): (out) ipv6 header dump"); +#endif + +	return 0; +} + +/* + * Translation IPv6 to IPv4 stuff + * + * ip6_ip4(src, len, dst, include_flag) + * + * where + * src - buffer with original IPv6 packet, + * len - size of original packet, + * dst - new buffer for IPv4 packet, + * include_flag - if = 1, dst point to IPv6 packet that is ICMP error + *                included IP packet, else = 0 + * + */ + +static int ip6_ip4(char *src, int len, char *dst, int include_flag) +{ +	struct ipv6hdr *ip6_hdr;    /* point to current IPv6 header struct */ +	struct iphdr *ip_hdr;       /* point to current IPv4 header struct */ +	int opts_len = 0;           /* to sum Option Headers length */ +	int icmperr = 1;            /* if = 1, indicate that packet is ICMP Error message, else = 0 */ +	int ntot_len = 0;           /* to calculate IPv6 Total Length field */ +	int real_len; +	int len_delta; +	int ip6_payload_len; +	int inc_opts_len = 0;       /* to sum Option Headers length in ICMP included IP packet */ +	__u8 next_hdr;              /* Next Header */ + +#ifdef SIIT_DEBUG +	siit_print_dump(src, sizeof(struct ipv6hdr), "siit: ip6_ip4(): (in) ipv6 header dump"); +#endif + +	if ( (len_delta = len - sizeof(struct ipv6hdr)) >= 0) +	{ +		ip6_hdr = (struct ipv6hdr *)src; +		ip_hdr = (struct iphdr *)dst; + +		real_len = sizeof(struct iphdr); + +		/* Check validation of Saddr & Daddr? is a packet to fall under our translation? */ +		if (include_flag) { /* It's ICMP included IP packet, +							   about process include_flag see comment in ip4_ip6() */ +			if (ip6_hdr->saddr.s6_addr32[2] != htonl(MAPPED_PREFIX)) { +				PDEBUG("ip6_ip4(): Included IP packet Src addr isn't mapped addr: %x%x%x%x, packet dropped.\n", +					   ip6_hdr->saddr.s6_addr32[0], ip6_hdr->saddr.s6_addr32[1], +					   ip6_hdr->saddr.s6_addr32[2], ip6_hdr->saddr.s6_addr32[3]); +				return -1; +			} +			if ( ip6_hdr->daddr.s6_addr32[2] != htonl(TRANSLATED_PREFIX)) { +				PDEBUG("ip6_ip4(): Included IP packet Dst addr isn't translated addr: %x%x%x%x, packet dropped.\n", +					   ip6_hdr->daddr.s6_addr32[0], ip6_hdr->daddr.s6_addr32[1], +					   ip6_hdr->daddr.s6_addr32[2], ip6_hdr->daddr.s6_addr32[3]); +				return -1; +			} +		} +		else { /* It's normal IP packet (not included in ICMP) */ +			if (ip6_hdr->saddr.s6_addr32[2] != htonl(TRANSLATED_PREFIX)) { +				PDEBUG("ip6_ip4(): Src addr isn't translated addr: %x%x%x%x, packet dropped.\n", +					   ip6_hdr->saddr.s6_addr32[0], ip6_hdr->saddr.s6_addr32[1], +					   ip6_hdr->saddr.s6_addr32[2], ip6_hdr->saddr.s6_addr32[3]); +				return -1; +			} +			if ( ip6_hdr->daddr.s6_addr32[2] != htonl(MAPPED_PREFIX)) { +				PDEBUG("ip6_ip4(): Dst addr isn't mapped addr: %x%x%x%x, packet dropped.\n", +					   ip6_hdr->daddr.s6_addr32[0], ip6_hdr->daddr.s6_addr32[1], +					   ip6_hdr->daddr.s6_addr32[2], ip6_hdr->daddr.s6_addr32[3]); +				return -1; +			} +		} + +		/* Set IPv4 Fragment Offset and ID to 0 +		   before process any Option Headers */ +		ip_hdr->frag_off = 0; +		ip_hdr->id = 0; + +		/* +		 * We process only Fragment Header. Any other options headers +		 * are ignored, i.e. there is no attempt to translate them. +		 * However, the Total Length field and the Protocol field would +		 * have to be adjusted to "skip" these extension headers. +		 */ + +		next_hdr = ip6_hdr->nexthdr; + +		/* Hop_by_Hop options header (ip6_hdr->nexthdr = 0). It must +		 * appear only in IPv6 header's Next Header field. +		 */ +		if (next_hdr == NEXTHDR_HOP) { +			if ( (len_delta - sizeof(struct ipv6_opt_hdr)) >= 0) +			{ +				struct ipv6_opt_hdr *ip6h = +					(struct ipv6_opt_hdr *)(src+sizeof(struct ipv6hdr) + opts_len); +				if ( (len_delta -= ip6h->hdrlen*8 + 8) >= 0) +				{ +					opts_len += ip6h->hdrlen*8 + 8;  /* See  RFC 2460 page 11: +							Hdr Ext Len  8-bit unsigned integer.  Length of the Hop-by- +										 Hop Options header in 8-octet units, not +										 including the first 8 octets. +							*/ +					next_hdr = ip6h->nexthdr; +				} +				else +				{ +					PDEBUG("ip6_ip4(): hop_by_hop header error, packet droped"); +					/* Generate ICMP Parameter Problem */ +					return -1; +				} +			} +		} + +		if (len_delta > 0) +		{ +			while(next_hdr != NEXTHDR_ICMP && next_hdr != NEXTHDR_TCP +				  && next_hdr != NEXTHDR_UDP) +			{ +				/* Destination options header */ +				if (next_hdr == NEXTHDR_DEST) +				{ +					if ( (len_delta - sizeof(struct ipv6_opt_hdr)) >= 0) +					{ +						struct ipv6_opt_hdr *ip6d = +							(struct ipv6_opt_hdr *)(src + sizeof(struct ipv6hdr) + opts_len); +						if ( (len_delta -= ip6d->hdrlen*8 + 8) >= 0) +						{ +							opts_len += ip6d->hdrlen*8 + 8; +							next_hdr = ip6d->nexthdr; +						} +					} +					else +					{ +						PDEBUG("ip6_ip4(): destination header error, packet droped"); +						/* Generate ICMP Parameter Problem */ +						return -1; +					} +				} +				/* Routing options header */ +				else if (next_hdr == NEXTHDR_ROUTING) +				{ +					if ( (len_delta - sizeof(struct ipv6_rt_hdr)) >= 0) +					{ +						struct ipv6_rt_hdr *ip6rt = +							(struct ipv6_rt_hdr *)(src+sizeof(struct ipv6hdr) + opts_len); +						/* RFC 2765 SIIT, 4.1: +						   If a routing header with a non-zero Segments Left field is present +						   then the packet MUST NOT be translated, and an ICMPv6 "parameter +						   problem/ erroneous header field encountered" (Type 4/Code 0) error +						   message, with the Pointer field indicating the first byte of the +						   Segments Left field, SHOULD be returned to the sender. +						   */ +						if (ip6rt->segments_left != 0) { +							/* Build ICMPv6 "Parameter Problem/Erroneous Header +							   Field Encountered" & drop the packet */ +							/* !!! We don't send ICMPv6 "Parameter Problem" !!! */ +							PDEBUG("ip6_ip4(): routing header type != 0\n"); +							return -1; +						} +						if ( (len_delta -= ip6rt->hdrlen*8 + 8) >= 0) +						{ +							opts_len += ip6rt->hdrlen*8 + 8; +							next_hdr = ip6rt->nexthdr; +						} +						else +						{ +							PDEBUG("ip6_ip4(): routing header error, packet droped"); +							/* Generate ICMP Parameter Problem */ +							return -1; +						} +					} +				} +				/* Fragment options header */ +				else if (next_hdr == NEXTHDR_FRAGMENT) +				{ +					if ( (len_delta -= sizeof(struct frag_hdr)) >= 0) +					{ +						struct frag_hdr *ip6f = +							(struct frag_hdr *)(src+sizeof(struct ipv6hdr)+opts_len); + +						opts_len += sizeof(struct frag_hdr);      /* Frag Header Length = 8 */ +						ip_hdr->id = htons(ntohl(ip6f->identification)); /* ID field */ +						ip_hdr->frag_off = htons((ntohs(ip6f->frag_off) & IP6F_OFF_MASK) >> 3); +										                                   /* fragment offset */ +						ip_hdr->frag_off = htons(ntohs(ip_hdr->frag_off) | +										         ((ntohs(ip6f->frag_off) & IP6F_MORE_FRAG) << 13)); +										                                  /* more fragments flag */ +						next_hdr = ip6f->nexthdr; +					} +					else +					{ +						PDEBUG("ip6_ip4(): fragment header error, packet droped"); +						/* Generate ICMP Parameter Problem */ +						return -1; +					} +				} +				/* No Next Header */ +				else if (next_hdr == NEXTHDR_NONE) +				{ +					/* RFC 2460 IPv6 Specification, 4.7 +					   4.7 No Next Header + +					   The value 59 in the Next Header field of an IPv6 header or any +					   extension header indicates that there is nothing following that +					   header.  If the Payload Length field of the IPv6 header indicates the +					   presence of octets past the end of a header whose Next Header field +					   contains 59, those octets must be ignored, and passed on unchanged if +					   the packet is forwarded. +					   */ +					break; +				} +				else if (next_hdr == NEXTHDR_ESP || next_hdr == NEXTHDR_AUTH) +				{ +					PDEBUG("ip6_ip4(): cannot translate AUTH or ESP extention header, packet dropped\n"); +					return -1; +				} +				else if (next_hdr == NEXTHDR_IPV6) +				{ +					PDEBUG("ip6_ip4(): cannot translate IPv6-IPv6 packet, packet dropped\n"); +					return -1; +				} +				else if (next_hdr == 0) +				{ +					/* As say RFC 2460 (IPv6 Spec) we should discard the packet and send an +					   ICMP Parameter Problem message to the source of the packet, with an +					   ICMP Code value of 1 ("unrecognized Next Header type encountered") +					   and the ICMP Pointer field containing the offset of the unrecognized +					   value within the original packet +					   */ +					/* NOT IMPLEMENTED */ +					PDEBUG("ip6_ip4(): NEXTHDR in extention header = 0, packet dropped\n"); +					return -1; +				} +				else +				{ +					PDEBUG("ip6_ip4(): cannot translate extention header = %d, packet dropped\n", next_hdr); +					return -1; +				} +			} +		} +	} +	else +	{ +	   PDEBUG("ip6_ip4(): error packet len, packet dropped.\n"); +	   return -1; +	} + +	/* Building ipv4 packet */ + +	ip_hdr->version = IPVERSION; +	ip_hdr->ihl = 5; + +	/* TOS see comment about TOS in ip4_ip6() */ +	if (tos_ignore_flag) +		ip_hdr->tos = 0; +	else { +		ip_hdr->tos = ip6_hdr->priority << 4; +		ip_hdr->tos = ip_hdr->tos | (ip6_hdr->flow_lbl[0] >> 4); +	} + +	/* IPv4 Total Len = IPv6 Payload Len + +	   IPv4 Header Len (without options) - Options Headers Len */ +	ip6_payload_len = ntohs(ip6_hdr->payload_len); + +	if (ip6_payload_len == 0) +		ntot_len = 0; +	else +		ntot_len = ip6_payload_len + IP4_IP6_HDR_DIFF - opts_len; + +	ip_hdr->tot_len = htons(ntot_len); + +	/* IPv4 TTL = IPv6 Hop Limit */ +	ip_hdr->ttl = ip6_hdr->hop_limit; + +	/* IPv4 Protocol = Next Header that will point to upper layer protocol */ +	ip_hdr->protocol = next_hdr; + +	/* IPv4 Src addr = last 4 bytes from IPv6 Src addr */ +	ip_hdr->saddr = ip6_hdr->saddr.s6_addr32[3]; +	/* IPv4 Dst addr = last 4 bytes from IPv6 Dst addr */ +	ip_hdr->daddr = ip6_hdr->daddr.s6_addr32[3]; + +	/* Calculate IPv4 header checksum */ +	ip_hdr->check = 0; +	ip_hdr->check = ip_fast_csum((unsigned char *)ip_hdr, ip_hdr->ihl); + +	if (len_delta > 0) +	{ +		/* PROCESS ICMP */ + +		if (next_hdr == NEXTHDR_ICMP) +		{ +			struct icmp6hdr *icmp6_hdr; +			struct icmphdr *icmp_hdr; + +			if ((len_delta -= sizeof(struct icmp6hdr)) >= 0) +			{ +				icmp6_hdr = (struct icmp6hdr *)(src + sizeof(struct ipv6hdr) + opts_len); +				icmp_hdr = (struct icmphdr *)(dst + sizeof(struct iphdr)); + +				real_len += len_delta + sizeof(struct icmphdr); + +				/* There is diffirent between ICMPv4/ICMPv6 protocol codes +				   IPPROTO_ICMP = 1 +				   IPPROTO_ICMPV6 = 58        */ +				ip_hdr->protocol = IPPROTO_ICMP; + +				if (include_flag) { +					/* !!! Warnig !!! We discard ICMP packets with any ICMP as included +					   in ICMP Error. But ICMP Error messages can include ICMP Query message +					   */ +					if (icmp6_hdr->icmp6_type != ICMPV6_ECHO_REQUEST) +					{ +						PDEBUG("ip6_ip4(): included ICMPv6 in ICMPv6 Error message, packet dropped\n"); +						return -1; +					} +				} + +			/* Translate ICMPv6 to ICMPv4 */ +				switch (icmp6_hdr->icmp6_type) +				{ +/* ICMP Error messages */ +			/* Destination Unreachable (Type 1) */ +				case ICMPV6_DEST_UNREACH: /* Type 1 */ +					icmp_hdr->type = ICMP_DEST_UNREACH; /* to Type 3 */ +					icmp_hdr->un.echo.id = 0; +					icmp_hdr->un.echo.sequence = 0; +					switch (icmp6_hdr->icmp6_code) +					{ +					case ICMPV6_NOROUTE: /* Code 0 */ +					case ICMPV6_NOT_NEIGHBOUR: /* Code 2 */ +					case ICMPV6_ADDR_UNREACH: /* Code 3  */ +						icmp_hdr->code = ICMP_HOST_UNREACH; /* To Code 1 */ +						break; +					case ICMPV6_ADM_PROHIBITED: /* Code 1 */ +						icmp_hdr->code = ICMP_HOST_ANO; /* To Code 10 */ +						break; +					case ICMPV6_PORT_UNREACH: /* Code 4 */ +						icmp_hdr->code = ICMP_PORT_UNREACH; /* To Code 3 */ + +						break; +					default:            /* discard any other codes */ +						PDEBUG("ip6_ip4(): Unknown ICMPv6 Type %d Code %d - packet dropped.\n", +							   ICMPV6_DEST_UNREACH, icmp6_hdr->icmp6_code); +						return -1; +					} +					break; +			/* Packet Too Big (Type 2) */ +				case ICMPV6_PKT_TOOBIG: /* Type 2 */ +					icmp_hdr->type = ICMP_DEST_UNREACH; /* to Type 3  */ +					icmp_hdr->code = ICMP_FRAG_NEEDED; /*  to Code 4 */ +					/* Change MTU, RFC 2765 (SIIT), 4.2: +					   The MTU field needs to be adjusted for the difference between +					   the IPv4 and IPv6 header sizes taking into account whether or +					   not the packet in error includes a Fragment header. +					   */ +					/* !!! Don't implement !!! */ +					icmp_hdr->un.frag.mtu = (__u16) icmp6_hdr->icmp6_mtu; +					break; +			/* Time Exceeded (Type 3) */ +				case ICMPV6_TIME_EXCEED: +					icmp_hdr->type = ICMP_TIME_EXCEEDED; /* to Type 11 */ +					icmp_hdr->code = icmp6_hdr->icmp6_code; /* Code unchanged */ +					break; +			/* Parameter Problem (Type 4) */ +				case ICMPV6_PARAMPROB: +					switch (icmp6_hdr->icmp6_code) { +					case ICMPV6_UNK_NEXTHDR: /* Code 1 */ +						icmp_hdr->type = ICMP_DEST_UNREACH; /* to Type 3 */ +						icmp_hdr->code = ICMP_PROT_UNREACH; /* to Code 2 */ +						break; +					default: /* if Code != 1 */ +						icmp_hdr->type = ICMP_PARAMETERPROB; /* to Type 12 */ +						icmp_hdr->code = 0; /* to Code 0 */ +						/* Update Pointer field +						   RFC 2765 (SIIT), 4.2: +						   The Pointer needs to be updated to point to the corresponding +						   field in the translated include IP header. +						   */ +						switch (ntohl(icmp6_hdr->icmp6_pointer)) +						{ +						case 0: /* IPv6 Version -> IPv4 Version */ +							icmp_hdr->un.echo.id = 0; +							break; +						case 4: /* IPv6 PayloadLength -> IPv4 Total Length */ +							icmp_hdr->un.echo.id = 0x0002; /* 2 */ +							break; +						case 6: /* IPv6 Next Header-> IPv4 Protocol */ +							icmp_hdr->un.echo.id = 0x0009; /* 9 */ +							break; +						case 7: /* IPv6 Hop Limit -> IPv4 TTL */ +							icmp_hdr->un.echo.id = 0x0008; /* 8 */ +							break; +						case 8: /* IPv6 Src addr -> IPv4 Src addr */ +							icmp_hdr->un.echo.id = 0x000c; /* 12 */ +							break; +						case 24: /* IPv6 Dst addr -> IPv4 Dst addr*/ +							icmp_hdr->un.echo.id = 0x0010; /* 16 */ +							break; +						default: /* set all ones in other cases */ +							icmp_hdr->un.echo.id = 0xff; +							break; +						} +						break; +					} +					break; + +/* End of ICMP Error messages */ + +			/* Echo Request and Echo Reply (Type 128 and 129)  */ +				case ICMPV6_ECHO_REQUEST: +					icmperr = 0;        /* not error ICMP message */ +					icmp_hdr->type = ICMP_ECHO; /* to Type 8 */ +					icmp_hdr->code = 0; /* to Code 0 */ +					icmp_hdr->un.echo.id = icmp6_hdr->icmp6_identifier; +					icmp_hdr->un.echo.sequence = icmp6_hdr->icmp6_sequence; +					/* copy rest of ICMP data to result packet */ +					if (len_delta > 0) +						memcpy(((char *)icmp_hdr) + sizeof(struct icmphdr), +							   ((char *)icmp6_hdr) + sizeof(struct icmp6hdr), len_delta); +					break; +				case ICMPV6_ECHO_REPLY: +					icmperr = 0;        /* not error ICMP message */ +					icmp_hdr->type = ICMP_ECHOREPLY; /* to Type 0 */ +					icmp_hdr->code = 0; /* to Code 0 */ +					icmp_hdr->un.echo.id = icmp6_hdr->icmp6_identifier; +					icmp_hdr->un.echo.sequence = icmp6_hdr->icmp6_sequence; +					/* copy rest of ICMP data */ +					if (len_delta > 0) +						memcpy(((char *)icmp_hdr) + sizeof(struct icmphdr), +							   ((char *)icmp6_hdr) + sizeof(struct icmp6hdr), len_delta); +					break; +				default: +					/* Unknown error messages. Silently drop. */ +					PDEBUG("ip6_ip4(): unknown ICMPv6 Type %d, packet dropped.\n", icmp6_hdr->icmp6_type); +					return -1; +				} + +				if (icmperr) +				{ +					/* If ICMP Error message, we translate IP included packet*/ +					if (len_delta >= sizeof(struct ipv6hdr)) +					{ +						if((inc_opts_len = ip6_ip4((char *)icmp6_hdr + sizeof(struct icmp6hdr), len_delta, +										           (char *)icmp_hdr + sizeof(struct icmphdr), 1)) == -1) { +							PDEBUG("ip6_ip4(): incorrect translation of ICMPv6 Error message, packet dropped\n"); +							return -1; +						} +						/* correct IPv4 Total Len that = old Total Len +						   - Options Headers Len in included IP packet +						   - diffirence between IPv6 Header Len and IPv4 Header Len +						   */ +						if (ntot_len != 0) +							ip_hdr->tot_len = htons(ntot_len - inc_opts_len - IP4_IP6_HDR_DIFF); +						real_len = real_len - inc_opts_len - IP4_IP6_HDR_DIFF; +					} +					else if (len_delta > 0) +					{ +						/* May be it need set 0x0 to rest area in result IPv4 packet, +						 * but we copy rest data unchanged +						 */ +						memcpy(((char *)icmp_hdr) + sizeof(struct icmphdr), +							   ((char *)icmp6_hdr) + sizeof(struct icmp6hdr), len_delta); +					} +				} + +				/* Calculate IPv4 Header checksum */ +				ip_hdr->check = 0; +				ip_hdr->check = ip_fast_csum((unsigned char *)ip_hdr, ip_hdr->ihl); + +				/* Calculate ICMPv4 checksum */ +				if (ntot_len != 0) +				{ +					icmp_hdr->checksum = 0; +					icmp_hdr->checksum = ip_compute_csum((unsigned char *)icmp_hdr, ntohs(ip_hdr->tot_len) +										             - sizeof(struct iphdr)); +				} +			} +			else +			{ +				PDEBUG("ip6_ip4(): error length ICMP packet, packet dropped.\n"); +				return -1; +			} + +		} +		/* PROCESS TCP and UDP (and rest data) */ + +		else { +			real_len += len_delta; +			/* we copy rest data to IPv4 packet without changing */ +			memcpy(dst+sizeof(struct iphdr), src + sizeof(struct ipv6hdr) + opts_len, len_delta); +		} +	} + +	if (include_flag)           /* if it's included IP packet */ +		return opts_len;        /* return options headers length */ +	else +		return real_len; /* result packet len */ +} + +/* + * ip4_fragment(skb, len, hdr_len, dev, eth_h) + * to fragment original IPv4 packet if result IPv6 packet will be > 1280 + */ + +static int ip4_fragment(struct sk_buff *skb, int len, int hdr_len, struct net_device *dev, struct ethhdr *eth_h) +{ +	struct sk_buff *skb2 = NULL;       /* pointer to new struct sk_buff for transleded packet */ +	char buff[FRAG_BUFF_SIZE+hdr_len]; /* buffer to form new fragment packet */ +	char *cur_ptr = skb->data+hdr_len; /* pointter to current packet data with len = frag_len */ +	struct iphdr *ih4 = (struct iphdr *) skb->data; +	struct iphdr *new_ih4 = (struct iphdr *) buff; /* point to new IPv4 hdr */ +	struct ethhdr *new_eth_h;   /* point to ether hdr, need to set hard header data in fragment */ +	int data_len = len - hdr_len; /* origin packet data len */ +	int rest_len = data_len;    /* rest data to fragment */ +	int frag_len = 0;           /* current fragment len */ +	int last_frag = 0;          /* last fragment flag, if = 1, it's last fragment */ +	int flag_last_mf = 0; +	__u16 new_id = 0;           /* to generate identification field */ +	__u16 frag_offset = 0;      /* fragment offset */ +	unsigned int csum; +	unsigned short udp_len; + +#ifdef SIIT_DEBUG +	printk("siit: it's DF == 0 and result IPv6 packet will be > 1280\n"); +	siit_print_dump(skb->data, hdr_len, "siit: (orig) ipv4_hdr dump"); +#endif + +	if ((ntohs(ih4->frag_off) & IP_MF) == 0 ) +		/* it's a case we'll clear MF flag in our last packet */ +		flag_last_mf = 1; + +	if (ih4->protocol == IPPROTO_UDP) { +		if ( (ntohs(ih4->frag_off) & IP_OFFSET) == 0) { +			struct udphdr *udp_hdr = (struct udphdr *)((char *)ih4 + hdr_len); +			if (!flag_last_mf) { +				if (udp_hdr->check == 0) { +					/* it's a first fragment with ZERO checksum and we drop packet */ +					printk("siit: First fragment of UDP with zero checksum - packet droped\n"); +					printk("siit: addr: %x src port: %d dst port: %d\n", +						   htonl(ih4->saddr), htons(udp_hdr->source), htons(udp_hdr->dest)); +					return -1; +				} +			} +			else if (udp_hdr->check == 0) { +				/* Calculate UDP checksum only if it's not fragment */ +				udp_len = ntohs(udp_hdr->len); +				csum = 0; +				csum = csum_partial((unsigned char *)udp_hdr, udp_len, csum); +				udp_hdr->check = csum_tcpudp_magic(ih4->saddr, ih4->daddr, udp_len, IPPROTO_UDP, csum); +			} +		} +	} + +	frag_offset = ntohs(ih4->frag_off) & IP_OFFSET; + +	new_id = ih4->id; + +	while(1) { +		if (rest_len <= FRAG_BUFF_SIZE) { +			/* it's last fragmen */ +			frag_len = rest_len; /* rest data */ +			last_frag = 1; +		} +		else +			frag_len = FRAG_BUFF_SIZE; + +		/* copy IP header to buffer */ +		memcpy(buff, skb->data, hdr_len); +		/* copy data to buffer with len = frag_len */ +		memcpy(buff + hdr_len, cur_ptr, frag_len); + +		/* set id field in new IPv4 header*/ +		new_ih4->id = new_id; + +		/* is it last fragmet */ +		if(last_frag && flag_last_mf) +			/* clear MF flag */ +			new_ih4->frag_off = htons(frag_offset & (~IP_MF)); +		else +			/* set MF flag */ +			new_ih4->frag_off = htons(frag_offset | IP_MF); + +		/* change packet total length */ +		new_ih4->tot_len = htons(frag_len+hdr_len); + +		/* rebuild the header checksum (IP needs it) */ +		new_ih4->check = 0; +		new_ih4->check = ip_fast_csum((unsigned char *)new_ih4,new_ih4->ihl); + +		/* Allocate new sk_buff to compose translated packet */ +		skb2 = dev_alloc_skb(frag_len+hdr_len+dev->hard_header_len+IP4_IP6_HDR_DIFF+IP6_FRAGMENT_SIZE); +		if (!skb2) { +			printk(KERN_DEBUG "%s: alloc_skb failure - packet dropped.\n", dev->name); +			dev_kfree_skb(skb2); +			return -1; +		} +		/* allocate skb->data portion for IP header len, fragment data len and ether header len +		 * and copy to head ether header from origin skb +		 */ +		memcpy(skb_put(skb2, frag_len+hdr_len+dev->hard_header_len+IP4_IP6_HDR_DIFF+IP6_FRAGMENT_SIZE), (char *) eth_h, +			   dev->hard_header_len); +		/* correct ether header data, ether protocol field to ETH_P_IPV6 */ +		new_eth_h = (struct ethhdr *)skb2->data; +		new_eth_h->h_proto = htons(ETH_P_IPV6); + +		/* reset the mac header */ +		skb_reset_mac_header(skb2); + +		/* pull ether header from new skb->data */ +		skb_pull(skb2, dev->hard_header_len); +		/* set skb protocol to IPV6 */ +		skb2->protocol = htons(ETH_P_IPV6); + +		/* call translation function */ +		if ( ip4_ip6(buff, frag_len+hdr_len, skb2->data, 0) == -1) { +			dev_kfree_skb(skb2); +			return -1; +		} + +		/* +		 * Set needed fields in new sk_buff +		 */ +		skb2->dev = dev; +		skb2->ip_summed = CHECKSUM_UNNECESSARY; +		skb2->pkt_type = PACKET_HOST; + +		/* Add transmit statistic */ +		siit_stats(dev)->tx_packets++; +		siit_stats(dev)->tx_bytes += skb2->len; + +		/* send packet to upper layer */ +		netif_rx(skb2); + +		/* exit if it was last fragment */ +		if (last_frag) +			break; + +		/* correct current data pointer */ +		cur_ptr += frag_len; +		/* rest data len */ +		rest_len -= frag_len; +		/* current fragment offset */ +		frag_offset = (frag_offset*8 + frag_len)/8; +	} + +	return 0; +} +/* + * Transmit a packet (called by the kernel) + * + * siit_xmit(skb, dev) + * + * where + * skb - pointer to struct sk_buff with incomed packet + * dev - pointer to struct device on which packet revieved + * + * Statistic: + * for all incoming packes: + *            stats.rx_bytes+=skb->len + *            stats.rx_packets++ + * for packets we can't transle: + *            stats.tx_errors++ + * device busy: + *            stats.tx_errors++ + * for packets we can't allocate sk_buff: + *            stats.tx_dropped++ + * for outgoing packes: + *            stats.tx_packets++ + *            stats.tx_bytes+=skb2->len !!! But we don't set skb2->len !!! + */ + +static int siit_xmit(struct sk_buff *skb, struct net_device *dev) +{ +	struct sk_buff *skb2 = NULL;/* pointer to new struct sk_buff for transleded packet */ +	struct ethhdr *eth_h;       /* pointer to incoming Ether header */ +	int len;                    /* original packets length */ +	int new_packet_len; +	int skb_delta = 0;          /* delta size for allocate new skb */ +	char new_packet_buff[2048]; + +	/* Check pointer to sk_buff and device structs */ +	if (skb == NULL || dev == NULL) +		return -EINVAL; + +	/* Add receive statistic */ +	siit_stats(dev)->rx_bytes += skb->len; +	siit_stats(dev)->rx_packets++; + +	dev->trans_start = jiffies; + +	/* Upper layer (IP) protocol forms sk_buff for outgoing packet +	 * and sets IP header + Ether header too. IP layer sets outgoing +	 * device in sk_buff->dev. +	 * In function (from linux/net/core/dev.c) ther is a call to +	 * device transmit function (dev->hard_start_xmit): +	 * +	 *    dev_queue_xmit(struct sk_buff *skb) +	 *    { +	 *    ... +	 *          device *dev = skb->dev; +	 *    ... +	 *          dev->hard_start_xmit(skb, dev); +	 *    ... +	 *    } +	 * We save pointer to ether header in eth_h and skb_pull ether header +	 * from data field of skb_buff +	 */ + +	eth_h = (struct ethhdr *)skb->data; /* point to incoming packet Ether Header */ + +#ifdef SIIT_DEBUG +	siit_print_dump(skb->data, ETH_HLEN, "siit: eth_hdr dump"); +#endif + +	/* Remove hardware header from origin sk_buff */ +	skb_pull(skb,dev->hard_header_len); + +	/* +	 * Process IPv4 paket +	 */ +	if (ntohs(skb->protocol) == ETH_P_IP) { +		int hdr_len;            /* IPv4 header length */ +		int data_len;           /* IPv4 data length */ +		struct iphdr *ih4;      /* pointer to IPv4 header */ +		struct icmphdr *icmp_hdr;   /* point to current ICMPv4 header struct */ + +		ih4 = (struct iphdr *)skb->data; /* point to incoming packet's IPv4 header */ + +		/* Check IPv4 Total Length */ +		if (skb->len != ntohs(ih4->tot_len)) { +			PDEBUG("siit_xmit(): Different skb_len %x and ip4 tot_len %x - packet dropped.\n", +				   skb->len, ih4->tot_len); +			siit_stats(dev)->tx_errors++; +			dev_kfree_skb(skb); +			return 0; +		} + +		len = skb->len;     /* packet's total len */ +		hdr_len = (int)(ih4->ihl * 4); /* packet's header len */ +		data_len = len - hdr_len; /* packet's data len */ + +		/* If DF == 0 */ +		if ( (ntohs(ih4->frag_off) & IP_DF) == 0 ) { +			/* If result IPv6 packet will be > 1280 +			   we need to fragment original IPv4 packet +			*/ +			if ( data_len > FRAG_BUFF_SIZE ) { +				/* call function that fragment packet and translate to IPv6 each fragment +				 * and send to upper layer +				 */ +				if ( ip4_fragment(skb, len, hdr_len, dev, eth_h) == -1) { +					siit_stats(dev)->tx_errors++; +				} +				/* Free incoming skb */ +				dev_kfree_skb(skb); +				/* Device can accept a new packet */ + +				return 0; + +			} +		} +		/* If DF == 1 && MF == 0 && Fragment Offset == 0 +		 * we don't include fragment header +		 */ +		if ( ntohs(ih4->frag_off) == IP_DF ) +			skb_delta = IP4_IP6_HDR_DIFF; /* delta is +20 */ +		else +			skb_delta = IP4_IP6_HDR_DIFF + IP6_FRAGMENT_SIZE; /* delta is +20 and +8 */ + +		/* If it's ICMP, check is it included IP packet in it */ +		if ( ih4->protocol == IPPROTO_ICMP) { +			icmp_hdr = (struct icmphdr *) (skb->data+hdr_len); /* point to ICMPv4 header */ +			if ( icmp_hdr->type != ICMP_ECHO && icmp_hdr->type != ICMP_ECHOREPLY) { +				/* +				 * It's ICMP Error that has included IP packet +				 * we'll add only +20 because we don't include Fragment Header +				 * into translated included IP packet +				 */ +				skb_delta += IP4_IP6_HDR_DIFF; +			} +		} + +		/* Allocate new sk_buff to compose translated packet */ +		skb2 = dev_alloc_skb(len+dev->hard_header_len+skb_delta); +		if (!skb2) { +			printk(KERN_DEBUG "%s: alloc_skb failure - packet dropped.\n", dev->name); +			dev_kfree_skb(skb); +			siit_stats(dev)->rx_dropped++; + +			return 0; +		} +		/* allocate skb->data portion = IPv4 packet len + ether header len +		 * + skb_delta (max = two times (diffirence between IPv4 header and +		 * IPv6 header + Frag Header), second for included packet, +		 * and copy to head of skb->data ether header from origin skb +		 */ +		memcpy(skb_put(skb2, len+dev->hard_header_len+skb_delta), (char *)eth_h, dev->hard_header_len); +		/* correct ether header data, ether protocol field to ETH_P_IPV6 */ +		eth_h = (struct ethhdr *)skb2->data; +		eth_h->h_proto = htons(ETH_P_IPV6); +		skb_reset_mac_header(skb2); +		/* remove ether header from new skb->data, +		 * NOTE! data will rest, pointer to data and data len will change +		 */ +		skb_pull(skb2,dev->hard_header_len); +		/* set skb protocol to IPV6 */ +		skb2->protocol = htons(ETH_P_IPV6); + +		/* call translation function */ +		if (ip4_ip6(skb->data, len, skb2->data, 0) == -1 ) { +			dev_kfree_skb(skb); +			dev_kfree_skb(skb2); +			siit_stats(dev)->rx_errors++; + +			return 0; +		} +	} +	/* +	 * IPv6 paket +	 */ +	else if (ntohs(skb->protocol) == ETH_P_IPV6) { + +#ifdef SIIT_DEBUG +		siit_print_dump(skb->data, sizeof(struct ipv6hdr), "siit: (in) ip6_hdr dump"); +#endif +		/* packet len = skb->data len*/ +		len = skb->len; + +		/* call translation function */ +		if ((new_packet_len = ip6_ip4(skb->data, len, new_packet_buff, 0)) == -1 ) +		{ +			PDEBUG("siit_xmit(): error translation ipv6->ipv4, packet dropped.\n"); +			siit_stats(dev)->rx_dropped++; +			goto end; +		} + +		/* Allocate new sk_buff to compose translated packet */ +		skb2 = dev_alloc_skb(new_packet_len + dev->hard_header_len); +		if (!skb2) { +			printk(KERN_DEBUG "%s: alloc_skb failure, packet dropped.\n", dev->name); +			siit_stats(dev)->rx_dropped++; +			goto end; +		} +		memcpy(skb_put(skb2, new_packet_len + dev->hard_header_len), (char *)eth_h, dev->hard_header_len); +		eth_h = (struct ethhdr *)skb2->data; +		eth_h->h_proto = htons(ETH_P_IP); +		skb_reset_mac_header(skb2); +		skb_pull(skb2, dev->hard_header_len); +		memcpy(skb2->data, new_packet_buff, new_packet_len); +		skb2->protocol = htons(ETH_P_IP); +	} +	else { +		PDEBUG("siit_xmit(): unsupported protocol family %x, packet dropped.\n", skb->protocol); +		goto end; +	} + +	/* +	 * Set needed fields in new sk_buff +	 */ +	skb2->pkt_type = PACKET_HOST; +	skb2->dev = dev; +	skb2->ip_summed = CHECKSUM_UNNECESSARY; + +	/* Add transmit statistic */ +	siit_stats(dev)->tx_packets++; +	siit_stats(dev)->tx_bytes += skb2->len; + +	/* Send packet to upper layer protocol */ +	netif_rx(skb2); + +end: +	dev_kfree_skb(skb); + +	return 0; +} + +#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,0) +static bool header_ops_init = false; +static struct header_ops siit_header_ops ____cacheline_aligned; +#endif + +/* + * The init function initialize of the SIIT device.. + * It is invoked by register_netdev() + */ +static void +siit_init(struct net_device *dev) +{ +	ether_setup(dev);    /* assign some of the fields */ +	random_ether_addr(dev->dev_addr); + +	/* +	 * Assign device function. +	 */ +	dev->open            = siit_open; +	dev->stop            = siit_release; +	dev->hard_start_xmit = siit_xmit; +	dev->flags           |= IFF_NOARP;     /* ARP not used */ +	dev->tx_queue_len = 10; + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) +	dev->hard_header_cache = NULL;        /* Disable caching */ +	memset(netdev_priv(dev), 0, sizeof(struct net_device_stats)); +	dev->get_stats = siit_get_stats; +#else +	if (!header_ops_init) { +		memcpy(&siit_header_ops, dev->header_ops, sizeof(struct header_ops)); +		siit_header_ops.cache = NULL; +	} +	dev->header_ops = &siit_header_ops; +#endif +} + +/* + * Finally, the module stuff + */ +static struct net_device *siit_dev = NULL; + +int init_module(void) +{ +	int res = -ENOMEM; +	int priv_size; + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) +	priv_size = sizeof(struct net_device_stats); +#else +	priv_size = sizeof(struct header_ops); +#endif +	siit_dev = alloc_netdev(priv_size, "siit%d", siit_init); +	if (!siit_dev) +		goto err_alloc; + +	res = register_netdev(siit_dev); +	if (res) +		goto err_register; + +	return 0; + +err_register: +	free_netdev(siit_dev); +err_alloc: +	printk(KERN_ERR "Error creating siit device: %d\n", res); +	return res; +} + +void cleanup_module(void) +{ +	unregister_netdev(siit_dev); +	free_netdev(siit_dev); +} + + diff --git a/package/siit/src/siit.h b/package/siit/src/siit.h new file mode 100644 index 000000000..47cf77645 --- /dev/null +++ b/package/siit/src/siit.h @@ -0,0 +1,61 @@ +/* + * siit.h -- definitions for the SIIT module + * + * + */ + +/* + * Constants + */ + +/* SIIT_ETH control the name of SIIT interface: + * 0 - interface name is siit0, + * 1 - interface name is ethX. + */ +#define SIIT_ETH 0 + +#define BUFF_SIZE 4096 +#define FRAG_BUFF_SIZE 1232     /* IPv6 max fragment size without IPv6 header  +                                 * to fragmanet IPv4 if result IPv6 packet will be > 1280 +                                 */ + +#define TRANSLATED_PREFIX 0x0000ffff /* third byte in IPv4-translated addr prefix */ +#define MAPPED_PREFIX 0x0000ffff     /* third byte in IPv4-mapped addr prefix */ + +#define IP4_IP6_HDR_DIFF 20     /* diffirence between IPv4 and IPv6 headers */ +#define IP6_FRAGMENT_SIZE 8     /* size of Fragment Header */ + +/* IPv6 header fields masks */ +#define IP6F_OFF_MASK       0xfff8  /* mask out offset from frag_off */ +#define IP6F_RESERVED_MASK  0x0006  /* reserved bits in frag_off */ +#define IP6F_MORE_FRAG      0x0001  /* more-fragments flag */ + + + +/* + * Macros to help debugging + */ + +#undef PDEBUG             /* undef it, just in case */ +#ifdef SIIT_DEBUG +#  ifdef __KERNEL__ +     /* This one if debugging is on, and kernel space */ +#    define PDEBUG(fmt, args...) printk(KERN_DEBUG "siit: " fmt, ## args) +#  else +     /* This one for user space */ +#    define PDEBUG(fmt, args...) fprintf(stderr, fmt, ## args) +#  endif +#else +#  define PDEBUG(fmt, args...) /* not debugging: nothing */ +#endif + +#undef PDEBUGG +#define PDEBUGG(fmt, args...) + + + + + + + + | 
