1 /*
2  * Copyright 2011 Daniel Drown
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  *
16  * translate.c - CLAT functions / partial implementation of rfc6145
17  */
18 #include <string.h>
19 #include <sys/uio.h>
20 
21 #include "icmp.h"
22 #include "translate.h"
23 #include "checksum.h"
24 #include "clatd.h"
25 #include "config.h"
26 #include "logging.h"
27 #include "debug.h"
28 
29 /* function: packet_checksum
30  * calculates the checksum over all the packet components starting from pos
31  * checksum - checksum of packet components before pos
32  * packet   - packet to calculate the checksum of
33  * pos      - position to start counting from
34  * returns  - the completed 16-bit checksum, ready to write into a checksum header field
35  */
packet_checksum(uint32_t checksum,clat_packet packet,clat_packet_index pos)36 uint16_t packet_checksum(uint32_t checksum, clat_packet packet, clat_packet_index pos) {
37   int i;
38   for (i = pos; i < CLAT_POS_MAX; i++) {
39     if (packet[i].iov_len > 0) {
40       checksum = ip_checksum_add(checksum, packet[i].iov_base, packet[i].iov_len);
41     }
42   }
43   return ip_checksum_finish(checksum);
44 }
45 
46 /* function: packet_length
47  * returns the total length of all the packet components after pos
48  * packet - packet to calculate the length of
49  * pos    - position to start counting after
50  * returns: the total length of the packet components after pos
51  */
packet_length(clat_packet packet,clat_packet_index pos)52 uint16_t packet_length(clat_packet packet, clat_packet_index pos) {
53   size_t len = 0;
54   int i;
55   for (i = pos + 1; i < CLAT_POS_MAX; i++) {
56     len += packet[i].iov_len;
57   }
58   return len;
59 }
60 
61 /* function: is_in_plat_subnet
62  * returns true iff the given IPv6 address is in the plat subnet.
63  * addr - IPv6 address
64  */
is_in_plat_subnet(const struct in6_addr * addr6)65 int is_in_plat_subnet(const struct in6_addr *addr6) {
66   // Assumes a /96 plat subnet.
67   return (addr6 != NULL) && (memcmp(addr6, &Global_Clatd_Config.plat_subnet, 12) == 0);
68 }
69 
70 /* function: ipv6_addr_to_ipv4_addr
71  * return the corresponding ipv4 address for the given ipv6 address
72  * addr6 - ipv6 address
73  * returns: the IPv4 address
74  */
ipv6_addr_to_ipv4_addr(const struct in6_addr * addr6)75 uint32_t ipv6_addr_to_ipv4_addr(const struct in6_addr *addr6) {
76   if (is_in_plat_subnet(addr6)) {
77     // Assumes a /96 plat subnet.
78     return addr6->s6_addr32[3];
79   } else if (IN6_ARE_ADDR_EQUAL(addr6, &Global_Clatd_Config.ipv6_local_subnet)) {
80     // Special-case our own address.
81     return Global_Clatd_Config.ipv4_local_subnet.s_addr;
82   } else {
83     // Third party packet. Let the caller deal with it.
84     return INADDR_NONE;
85   }
86 }
87 
88 /* function: ipv4_addr_to_ipv6_addr
89  * return the corresponding ipv6 address for the given ipv4 address
90  * addr4 - ipv4 address
91  */
ipv4_addr_to_ipv6_addr(uint32_t addr4)92 struct in6_addr ipv4_addr_to_ipv6_addr(uint32_t addr4) {
93   struct in6_addr addr6;
94   // Both addresses are in network byte order (addr4 comes from a network packet, and the config
95   // file entry is read using inet_ntop).
96   if (addr4 == Global_Clatd_Config.ipv4_local_subnet.s_addr) {
97     return Global_Clatd_Config.ipv6_local_subnet;
98   } else {
99     // Assumes a /96 plat subnet.
100     addr6 = Global_Clatd_Config.plat_subnet;
101     addr6.s6_addr32[3] = addr4;
102     return addr6;
103   }
104 }
105 
106 /* function: fill_tun_header
107  * fill in the header for the tun fd
108  * tun_header - tunnel header, already allocated
109  * proto      - ethernet protocol id: ETH_P_IP(ipv4) or ETH_P_IPV6(ipv6)
110  */
fill_tun_header(struct tun_pi * tun_header,uint16_t proto)111 void fill_tun_header(struct tun_pi *tun_header, uint16_t proto) {
112   tun_header->flags = 0;
113   tun_header->proto = htons(proto);
114 }
115 
116 /* function: fill_ip_header
117  * generate an ipv4 header from an ipv6 header
118  * ip_targ     - (ipv4) target packet header, source: original ipv4 addr, dest: local subnet addr
119  * payload_len - length of other data inside packet
120  * protocol    - protocol number (tcp, udp, etc)
121  * old_header  - (ipv6) source packet header, source: nat64 prefix, dest: local subnet prefix
122  */
fill_ip_header(struct iphdr * ip,uint16_t payload_len,uint8_t protocol,const struct ip6_hdr * old_header)123 void fill_ip_header(struct iphdr *ip, uint16_t payload_len, uint8_t protocol,
124                     const struct ip6_hdr *old_header) {
125   int ttl_guess;
126   memset(ip, 0, sizeof(struct iphdr));
127 
128   ip->ihl = 5;
129   ip->version = 4;
130   ip->tos = 0;
131   ip->tot_len = htons(sizeof(struct iphdr) + payload_len);
132   ip->id = 0;
133   ip->frag_off = htons(IP_DF);
134   ip->ttl = old_header->ip6_hlim;
135   ip->protocol = protocol;
136   ip->check = 0;
137 
138   ip->saddr = ipv6_addr_to_ipv4_addr(&old_header->ip6_src);
139   ip->daddr = ipv6_addr_to_ipv4_addr(&old_header->ip6_dst);
140 
141   // Third-party ICMPv6 message. This may have been originated by an native IPv6 address.
142   // In that case, the source IPv6 address can't be translated and we need to make up an IPv4
143   // source address. For now, use 255.0.0.<ttl>, which at least looks useful in traceroute.
144   if ((uint32_t) ip->saddr == INADDR_NONE) {
145     ttl_guess = icmp_guess_ttl(old_header->ip6_hlim);
146     ip->saddr = htonl((0xff << 24) + ttl_guess);
147   }
148 }
149 
150 /* function: fill_ip6_header
151  * generate an ipv6 header from an ipv4 header
152  * ip6         - (ipv6) target packet header, source: local subnet prefix, dest: nat64 prefix
153  * payload_len - length of other data inside packet
154  * protocol    - protocol number (tcp, udp, etc)
155  * old_header  - (ipv4) source packet header, source: local subnet addr, dest: internet's ipv4 addr
156  */
fill_ip6_header(struct ip6_hdr * ip6,uint16_t payload_len,uint8_t protocol,const struct iphdr * old_header)157 void fill_ip6_header(struct ip6_hdr *ip6, uint16_t payload_len, uint8_t protocol,
158                      const struct iphdr *old_header) {
159   memset(ip6, 0, sizeof(struct ip6_hdr));
160 
161   ip6->ip6_vfc = 6 << 4;
162   ip6->ip6_plen = htons(payload_len);
163   ip6->ip6_nxt = protocol;
164   ip6->ip6_hlim = old_header->ttl;
165 
166   ip6->ip6_src = ipv4_addr_to_ipv6_addr(old_header->saddr);
167   ip6->ip6_dst = ipv4_addr_to_ipv6_addr(old_header->daddr);
168 }
169 
170 /* function: maybe_fill_frag_header
171  * fills a fragmentation header
172  * generate an ipv6 fragment header from an ipv4 header
173  * frag_hdr    - target (ipv6) fragmentation header
174  * ip6_targ    - target (ipv6) header
175  * old_header  - (ipv4) source packet header
176  * returns: the length of the fragmentation header if present, or zero if not present
177  */
maybe_fill_frag_header(struct ip6_frag * frag_hdr,struct ip6_hdr * ip6_targ,const struct iphdr * old_header)178 size_t maybe_fill_frag_header(struct ip6_frag *frag_hdr, struct ip6_hdr *ip6_targ,
179                               const struct iphdr *old_header) {
180   uint16_t frag_flags = ntohs(old_header->frag_off);
181   uint16_t frag_off = frag_flags & IP_OFFMASK;
182   if (frag_off == 0 && (frag_flags & IP_MF) == 0) {
183     // Not a fragment.
184     return 0;
185   }
186 
187   frag_hdr->ip6f_nxt = ip6_targ->ip6_nxt;
188   frag_hdr->ip6f_reserved = 0;
189   // In IPv4, the offset is the bottom 13 bits; in IPv6 it's the top 13 bits.
190   frag_hdr->ip6f_offlg = htons(frag_off << 3);
191   if (frag_flags & IP_MF) {
192     frag_hdr->ip6f_offlg |= IP6F_MORE_FRAG;
193   }
194   frag_hdr->ip6f_ident = htonl(ntohs(old_header->id));
195   ip6_targ->ip6_nxt = IPPROTO_FRAGMENT;
196 
197   return sizeof(*frag_hdr);
198 }
199 
200 /* function: parse_frag_header
201  * return the length of the fragmentation header if present, or zero if not present
202  * generate an ipv6 fragment header from an ipv4 header
203  * frag_hdr    - (ipv6) fragmentation header
204  * ip_targ     - target (ipv4) header
205  * returns: the next header value
206  */
parse_frag_header(const struct ip6_frag * frag_hdr,struct iphdr * ip_targ)207 uint8_t parse_frag_header(const struct ip6_frag *frag_hdr, struct iphdr *ip_targ) {
208   uint16_t frag_off = (ntohs(frag_hdr->ip6f_offlg & IP6F_OFF_MASK) >> 3);
209   if (frag_hdr->ip6f_offlg & IP6F_MORE_FRAG) {
210     frag_off |= IP_MF;
211   }
212   ip_targ->frag_off = htons(frag_off);
213   ip_targ->id = htons(ntohl(frag_hdr->ip6f_ident) & 0xffff);
214   ip_targ->protocol = frag_hdr->ip6f_nxt;
215   return frag_hdr->ip6f_nxt;
216 }
217 
218 /* function: icmp_to_icmp6
219  * translate ipv4 icmp to ipv6 icmp
220  * out          - output packet
221  * icmp         - source packet icmp header
222  * checksum     - pseudo-header checksum
223  * payload      - icmp payload
224  * payload_size - size of payload
225  * returns: the highest position in the output clat_packet that's filled in
226  */
icmp_to_icmp6(clat_packet out,clat_packet_index pos,const struct icmphdr * icmp,uint32_t checksum,const uint8_t * payload,size_t payload_size)227 int icmp_to_icmp6(clat_packet out, clat_packet_index pos, const struct icmphdr *icmp,
228                   uint32_t checksum, const uint8_t *payload, size_t payload_size) {
229   struct icmp6_hdr *icmp6_targ = out[pos].iov_base;
230   uint8_t icmp6_type;
231   int clat_packet_len;
232 
233   memset(icmp6_targ, 0, sizeof(struct icmp6_hdr));
234 
235   icmp6_type = icmp_to_icmp6_type(icmp->type, icmp->code);
236   icmp6_targ->icmp6_type = icmp6_type;
237   icmp6_targ->icmp6_code = icmp_to_icmp6_code(icmp->type, icmp->code);
238 
239   out[pos].iov_len = sizeof(struct icmp6_hdr);
240 
241   if (pos == CLAT_POS_TRANSPORTHDR &&
242       is_icmp_error(icmp->type) &&
243       icmp6_type != ICMP6_PARAM_PROB) {
244     // An ICMP error we understand, one level deep.
245     // Translate the nested packet (the one that caused the error).
246     clat_packet_len = ipv4_packet(out, pos + 1, payload, payload_size);
247 
248     // The pseudo-header checksum was calculated on the transport length of the original IPv4
249     // packet that we were asked to translate. This transport length is 20 bytes smaller than it
250     // needs to be, because the ICMP error contains an IPv4 header, which we will be translating to
251     // an IPv6 header, which is 20 bytes longer. Fix it up here.
252     // We only need to do this for ICMP->ICMPv6, not ICMPv6->ICMP, because ICMP does not use the
253     // pseudo-header when calculating its checksum (as the IPv4 header has its own checksum).
254     checksum = checksum + htons(20);
255   } else if (icmp6_type == ICMP6_ECHO_REQUEST || icmp6_type == ICMP6_ECHO_REPLY) {
256     // Ping packet.
257     icmp6_targ->icmp6_id = icmp->un.echo.id;
258     icmp6_targ->icmp6_seq = icmp->un.echo.sequence;
259     out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload;
260     out[CLAT_POS_PAYLOAD].iov_len = payload_size;
261     clat_packet_len = CLAT_POS_PAYLOAD + 1;
262   } else {
263     // Unknown type/code. The type/code conversion functions have already logged an error.
264     return 0;
265   }
266 
267   icmp6_targ->icmp6_cksum = 0;  // Checksum field must be 0 when calculating checksum.
268   icmp6_targ->icmp6_cksum = packet_checksum(checksum, out, pos);
269 
270   return clat_packet_len;
271 }
272 
273 /* function: icmp6_to_icmp
274  * translate ipv6 icmp to ipv4 icmp
275  * out          - output packet
276  * icmp6        - source packet icmp6 header
277  * payload      - icmp6 payload
278  * payload_size - size of payload
279  * returns: the highest position in the output clat_packet that's filled in
280  */
icmp6_to_icmp(clat_packet out,clat_packet_index pos,const struct icmp6_hdr * icmp6,const uint8_t * payload,size_t payload_size)281 int icmp6_to_icmp(clat_packet out, clat_packet_index pos, const struct icmp6_hdr *icmp6,
282                   const uint8_t *payload, size_t payload_size) {
283   struct icmphdr *icmp_targ = out[pos].iov_base;
284   uint8_t icmp_type;
285   int clat_packet_len;
286 
287   memset(icmp_targ, 0, sizeof(struct icmphdr));
288 
289   icmp_type = icmp6_to_icmp_type(icmp6->icmp6_type, icmp6->icmp6_code);
290   icmp_targ->type = icmp_type;
291   icmp_targ->code = icmp6_to_icmp_code(icmp6->icmp6_type, icmp6->icmp6_code);
292 
293   out[pos].iov_len = sizeof(struct icmphdr);
294 
295   if (pos == CLAT_POS_TRANSPORTHDR &&
296       is_icmp6_error(icmp6->icmp6_type) &&
297       icmp_type != ICMP_PARAMETERPROB) {
298     // An ICMPv6 error we understand, one level deep.
299     // Translate the nested packet (the one that caused the error).
300     clat_packet_len = ipv6_packet(out, pos + 1, payload, payload_size);
301   } else if (icmp_type == ICMP_ECHO || icmp_type == ICMP_ECHOREPLY) {
302     // Ping packet.
303     icmp_targ->un.echo.id = icmp6->icmp6_id;
304     icmp_targ->un.echo.sequence = icmp6->icmp6_seq;
305     out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload;
306     out[CLAT_POS_PAYLOAD].iov_len = payload_size;
307     clat_packet_len = CLAT_POS_PAYLOAD + 1;
308   } else {
309       // Unknown type/code. The type/code conversion functions have already logged an error.
310     return 0;
311   }
312 
313   icmp_targ->checksum = 0;  // Checksum field must be 0 when calculating checksum.
314   icmp_targ->checksum = packet_checksum(0, out, pos);
315 
316   return clat_packet_len;
317 }
318 
319 /* function: generic_packet
320  * takes a generic IP packet and sets it up for translation
321  * out      - output packet
322  * pos      - position in the output packet of the transport header
323  * payload  - pointer to IP payload
324  * len      - size of ip payload
325  * returns: the highest position in the output clat_packet that's filled in
326  */
generic_packet(clat_packet out,clat_packet_index pos,const uint8_t * payload,size_t len)327 int generic_packet(clat_packet out, clat_packet_index pos, const uint8_t *payload, size_t len) {
328   out[pos].iov_len = 0;
329   out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload;
330   out[CLAT_POS_PAYLOAD].iov_len = len;
331 
332   return CLAT_POS_PAYLOAD + 1;
333 }
334 
335 /* function: udp_packet
336  * takes a udp packet and sets it up for translation
337  * out      - output packet
338  * udp      - pointer to udp header in packet
339  * old_sum  - pseudo-header checksum of old header
340  * new_sum  - pseudo-header checksum of new header
341  * len      - size of ip payload
342  */
udp_packet(clat_packet out,clat_packet_index pos,const struct udphdr * udp,uint32_t old_sum,uint32_t new_sum,size_t len)343 int udp_packet(clat_packet out, clat_packet_index pos, const struct udphdr *udp,
344                uint32_t old_sum, uint32_t new_sum, size_t len) {
345   const uint8_t *payload;
346   size_t payload_size;
347 
348   if(len < sizeof(struct udphdr)) {
349     logmsg_dbg(ANDROID_LOG_ERROR,"udp_packet/(too small)");
350     return 0;
351   }
352 
353   payload = (const uint8_t *) (udp + 1);
354   payload_size = len - sizeof(struct udphdr);
355 
356   return udp_translate(out, pos, udp, old_sum, new_sum, payload, payload_size);
357 }
358 
359 /* function: tcp_packet
360  * takes a tcp packet and sets it up for translation
361  * out      - output packet
362  * tcp      - pointer to tcp header in packet
363  * checksum - pseudo-header checksum
364  * len      - size of ip payload
365  * returns: the highest position in the output clat_packet that's filled in
366  */
tcp_packet(clat_packet out,clat_packet_index pos,const struct tcphdr * tcp,uint32_t old_sum,uint32_t new_sum,size_t len)367 int tcp_packet(clat_packet out, clat_packet_index pos, const struct tcphdr *tcp,
368                uint32_t old_sum, uint32_t new_sum, size_t len) {
369   const uint8_t *payload;
370   size_t payload_size, header_size;
371 
372   if(len < sizeof(struct tcphdr)) {
373     logmsg_dbg(ANDROID_LOG_ERROR,"tcp_packet/(too small)");
374     return 0;
375   }
376 
377   if(tcp->doff < 5) {
378     logmsg_dbg(ANDROID_LOG_ERROR,"tcp_packet/tcp header length set to less than 5: %x", tcp->doff);
379     return 0;
380   }
381 
382   if((size_t) tcp->doff*4 > len) {
383     logmsg_dbg(ANDROID_LOG_ERROR,"tcp_packet/tcp header length set too large: %x", tcp->doff);
384     return 0;
385   }
386 
387   header_size = tcp->doff * 4;
388   payload = ((const uint8_t *) tcp) + header_size;
389   payload_size = len - header_size;
390 
391   return tcp_translate(out, pos, tcp, header_size, old_sum, new_sum, payload, payload_size);
392 }
393 
394 /* function: udp_translate
395  * common between ipv4/ipv6 - setup checksum and send udp packet
396  * out          - output packet
397  * udp          - udp header
398  * old_sum      - pseudo-header checksum of old header
399  * new_sum      - pseudo-header checksum of new header
400  * payload      - tcp payload
401  * payload_size - size of payload
402  * returns: the highest position in the output clat_packet that's filled in
403  */
udp_translate(clat_packet out,clat_packet_index pos,const struct udphdr * udp,uint32_t old_sum,uint32_t new_sum,const uint8_t * payload,size_t payload_size)404 int udp_translate(clat_packet out, clat_packet_index pos, const struct udphdr *udp,
405                   uint32_t old_sum, uint32_t new_sum, const uint8_t *payload, size_t payload_size) {
406   struct udphdr *udp_targ = out[pos].iov_base;
407 
408   memcpy(udp_targ, udp, sizeof(struct udphdr));
409 
410   out[pos].iov_len = sizeof(struct udphdr);
411   out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload;
412   out[CLAT_POS_PAYLOAD].iov_len = payload_size;
413 
414   if (udp_targ->check) {
415     udp_targ->check = ip_checksum_adjust(udp->check, old_sum, new_sum);
416   } else {
417     // Zero checksums are special. RFC 768 says, "An all zero transmitted checksum value means that
418     // the transmitter generated no checksum (for debugging or for higher level protocols that
419     // don't care)." However, in IPv6 zero UDP checksums were only permitted by RFC 6935 (2013). So
420     // for safety we recompute it.
421     udp_targ->check = 0;  // Checksum field must be 0 when calculating checksum.
422     udp_targ->check = packet_checksum(new_sum, out, pos);
423   }
424 
425   // RFC 768: "If the computed checksum is zero, it is transmitted as all ones (the equivalent
426   // in one's complement arithmetic)."
427   if (!udp_targ->check) {
428     udp_targ->check = 0xffff;
429   }
430 
431   return CLAT_POS_PAYLOAD + 1;
432 }
433 
434 /* function: tcp_translate
435  * common between ipv4/ipv6 - setup checksum and send tcp packet
436  * out          - output packet
437  * tcp          - tcp header
438  * header_size  - size of tcp header including options
439  * checksum     - partial checksum covering ipv4/ipv6 header
440  * payload      - tcp payload
441  * payload_size - size of payload
442  * returns: the highest position in the output clat_packet that's filled in
443  */
tcp_translate(clat_packet out,clat_packet_index pos,const struct tcphdr * tcp,size_t header_size,uint32_t old_sum,uint32_t new_sum,const uint8_t * payload,size_t payload_size)444 int tcp_translate(clat_packet out, clat_packet_index pos, const struct tcphdr *tcp,
445                   size_t header_size, uint32_t old_sum, uint32_t new_sum,
446                   const uint8_t *payload, size_t payload_size) {
447   struct tcphdr *tcp_targ = out[pos].iov_base;
448   out[pos].iov_len = header_size;
449 
450   if (header_size > MAX_TCP_HDR) {
451     // A TCP header cannot be more than MAX_TCP_HDR bytes long because it's a 4-bit field that
452     // counts in 4-byte words. So this can never happen unless there is a bug in the caller.
453     logmsg(ANDROID_LOG_ERROR, "tcp_translate: header too long %d > %d, truncating",
454            header_size, MAX_TCP_HDR);
455     header_size = MAX_TCP_HDR;
456   }
457 
458   memcpy(tcp_targ, tcp, header_size);
459 
460   out[CLAT_POS_PAYLOAD].iov_base = (uint8_t *) payload;
461   out[CLAT_POS_PAYLOAD].iov_len = payload_size;
462 
463   tcp_targ->check = ip_checksum_adjust(tcp->check, old_sum, new_sum);
464 
465   return CLAT_POS_PAYLOAD + 1;
466 }
467 
send_tun(int fd,clat_packet out,int iov_len)468 void send_tun(int fd, clat_packet out, int iov_len) {
469   writev(fd, out, iov_len);
470 }
471 
472 // Weak symbol so we can override it in the unit test.
473 void send_rawv6(int fd, clat_packet out, int iov_len) __attribute__((weak));
474 
send_rawv6(int fd,clat_packet out,int iov_len)475 void send_rawv6(int fd, clat_packet out, int iov_len) {
476   // A send on a raw socket requires a destination address to be specified even if the socket's
477   // protocol is IPPROTO_RAW. This is the address that will be used in routing lookups; the
478   // destination address in the packet header only affects what appears on the wire, not where the
479   // packet is sent to.
480   static struct sockaddr_in6 sin6 = { AF_INET6, 0, 0, { { { 0, 0, 0, 0 } } }, 0 };
481   static struct msghdr msg = {
482     .msg_name = &sin6,
483     .msg_namelen = sizeof(sin6),
484   };
485 
486   msg.msg_iov = out,
487   msg.msg_iovlen = iov_len,
488   sin6.sin6_addr = ((struct ip6_hdr *) out[CLAT_POS_IPHDR].iov_base)->ip6_dst;
489   sendmsg(fd, &msg, 0);
490 }
491 
492 /* function: translate_packet
493  * takes a packet, translates it, and writes it to fd
494  * fd         - fd to write translated packet to
495  * to_ipv6    - true if translating to ipv6, false if translating to ipv4
496  * packet     - packet
497  * packetsize - size of packet
498  */
translate_packet(int fd,int to_ipv6,const uint8_t * packet,size_t packetsize)499 void translate_packet(int fd, int to_ipv6, const uint8_t *packet, size_t packetsize) {
500   int iov_len = 0;
501 
502   // Allocate buffers for all packet headers.
503   struct tun_pi tun_targ;
504   char iphdr[sizeof(struct ip6_hdr)];
505   char fraghdr[sizeof(struct ip6_frag)];
506   char transporthdr[MAX_TCP_HDR];
507   char icmp_iphdr[sizeof(struct ip6_hdr)];
508   char icmp_fraghdr[sizeof(struct ip6_frag)];
509   char icmp_transporthdr[MAX_TCP_HDR];
510 
511   // iovec of the packets we'll send. This gets passed down to the translation functions.
512   clat_packet out = {
513     { &tun_targ, 0 },                 // Tunnel header.
514     { iphdr, 0 },                     // IP header.
515     { fraghdr, 0 },                   // Fragment header.
516     { transporthdr, 0 },              // Transport layer header.
517     { icmp_iphdr, 0 },                // ICMP error inner IP header.
518     { icmp_fraghdr, 0 },              // ICMP error fragmentation header.
519     { icmp_transporthdr, 0 },         // ICMP error transport layer header.
520     { NULL, 0 },                      // Payload. No buffer, it's a pointer to the original payload.
521   };
522 
523   if (to_ipv6) {
524     iov_len = ipv4_packet(out, CLAT_POS_IPHDR, packet, packetsize);
525     if (iov_len > 0) {
526       send_rawv6(fd, out, iov_len);
527     }
528   } else {
529     iov_len = ipv6_packet(out, CLAT_POS_IPHDR, packet, packetsize);
530     if (iov_len > 0) {
531       fill_tun_header(&tun_targ, ETH_P_IP);
532       out[CLAT_POS_TUNHDR].iov_len = sizeof(tun_targ);
533       send_tun(fd, out, iov_len);
534     }
535   }
536 }
537