blob: 8ac86ee198728ce3662ad474abfd8a027346b2b3 [file] [log] [blame] [edit]
// Copyright (c) 2019 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "quiche/quic/qbone/qbone_packet_processor.h"
#include <netinet/icmp6.h>
#include <netinet/in.h>
#include <netinet/ip6.h>
#include <cstdint>
#include <cstring>
#include <string>
#include "absl/base/optimization.h"
#include "absl/strings/string_view.h"
#include "quiche/quic/platform/api/quic_bug_tracker.h"
#include "quiche/quic/platform/api/quic_ip_address.h"
#include "quiche/quic/platform/api/quic_ip_address_family.h"
#include "quiche/quic/platform/api/quic_logging.h"
#include "quiche/quic/qbone/platform/icmp_packet.h"
#include "quiche/quic/qbone/platform/tcp_packet.h"
#include "quiche/common/quiche_endian.h"
namespace {
constexpr size_t kIPv6AddressSize = 16;
constexpr size_t kIPv6MinPacketSize = 1280;
constexpr size_t kIcmpTtl = 64;
constexpr size_t kICMPv6DestinationUnreachableDueToSourcePolicy = 5;
constexpr size_t kIPv6DestinationOffset = 8;
} // namespace
namespace quic {
const QuicIpAddress QbonePacketProcessor::kInvalidIpAddress =
QuicIpAddress::Any6();
QbonePacketProcessor::QbonePacketProcessor(QuicIpAddress self_ip,
QuicIpAddress client_ip,
size_t client_ip_subnet_length,
OutputInterface* output,
StatsInterface* stats)
: client_ip_(client_ip),
output_(output),
stats_(stats),
filter_(new Filter) {
memcpy(self_ip_.s6_addr, self_ip.ToPackedString().data(), kIPv6AddressSize);
QUICHE_DCHECK_LE(client_ip_subnet_length, kIPv6AddressSize * 8);
client_ip_subnet_length_ = client_ip_subnet_length;
QUICHE_DCHECK(IpAddressFamily::IP_V6 == self_ip.address_family());
QUICHE_DCHECK(IpAddressFamily::IP_V6 == client_ip.address_family());
QUICHE_DCHECK(self_ip != kInvalidIpAddress);
}
QbonePacketProcessor::OutputInterface::~OutputInterface() {}
QbonePacketProcessor::StatsInterface::~StatsInterface() {}
QbonePacketProcessor::Filter::~Filter() {}
QbonePacketProcessor::ProcessingResult
QbonePacketProcessor::Filter::FilterPacket(Direction direction,
absl::string_view full_packet,
absl::string_view payload,
icmp6_hdr* icmp_header) {
return ProcessingResult::OK;
}
void QbonePacketProcessor::ProcessPacket(std::string* packet,
Direction direction) {
uint8_t traffic_class = TrafficClassFromHeader(*packet);
if (ABSL_PREDICT_FALSE(!IsValid())) {
QUIC_BUG(quic_bug_11024_1)
<< "QuicPacketProcessor is invoked in an invalid state.";
stats_->OnPacketDroppedSilently(direction, traffic_class);
return;
}
stats_->RecordThroughput(packet->size(), direction, traffic_class);
uint8_t transport_protocol;
char* transport_data;
icmp6_hdr icmp_header;
memset(&icmp_header, 0, sizeof(icmp_header));
ProcessingResult result = ProcessIPv6HeaderAndFilter(
packet, direction, &transport_protocol, &transport_data, &icmp_header);
in6_addr dst;
// TODO(b/70339814): ensure this is actually a unicast address.
memcpy(&dst, &packet->data()[kIPv6DestinationOffset], kIPv6AddressSize);
switch (result) {
case ProcessingResult::OK:
switch (direction) {
case Direction::FROM_OFF_NETWORK:
output_->SendPacketToNetwork(*packet);
break;
case Direction::FROM_NETWORK:
output_->SendPacketToClient(*packet);
break;
}
stats_->OnPacketForwarded(direction, traffic_class);
break;
case ProcessingResult::SILENT_DROP:
stats_->OnPacketDroppedSilently(direction, traffic_class);
break;
case ProcessingResult::ICMP:
if (icmp_header.icmp6_type == ICMP6_ECHO_REPLY) {
// If this is an ICMP6 ECHO REPLY, the payload should be the same as the
// ICMP6 ECHO REQUEST that this came from, not the entire packet. So we
// need to take off both the IPv6 header and the ICMP6 header.
auto icmp_body = absl::string_view(*packet).substr(sizeof(ip6_hdr) +
sizeof(icmp6_hdr));
SendIcmpResponse(dst, &icmp_header, icmp_body, direction);
} else {
SendIcmpResponse(dst, &icmp_header, *packet, direction);
}
stats_->OnPacketDroppedWithIcmp(direction, traffic_class);
break;
case ProcessingResult::ICMP_AND_TCP_RESET:
SendIcmpResponse(dst, &icmp_header, *packet, direction);
stats_->OnPacketDroppedWithIcmp(direction, traffic_class);
SendTcpReset(*packet, direction);
stats_->OnPacketDroppedWithTcpReset(direction, traffic_class);
break;
case ProcessingResult::TCP_RESET:
SendTcpReset(*packet, direction);
stats_->OnPacketDroppedWithTcpReset(direction, traffic_class);
break;
}
}
QbonePacketProcessor::ProcessingResult
QbonePacketProcessor::ProcessIPv6HeaderAndFilter(std::string* packet,
Direction direction,
uint8_t* transport_protocol,
char** transport_data,
icmp6_hdr* icmp_header) {
ProcessingResult result = ProcessIPv6Header(
packet, direction, transport_protocol, transport_data, icmp_header);
if (result == ProcessingResult::OK) {
char* packet_data = &*packet->begin();
size_t header_size = *transport_data - packet_data;
// Sanity-check the bounds.
if (packet_data >= *transport_data || header_size > packet->size() ||
header_size < kIPv6HeaderSize) {
QUIC_BUG(quic_bug_11024_2)
<< "Invalid pointers encountered in "
"QbonePacketProcessor::ProcessPacket. Dropping the packet";
return ProcessingResult::SILENT_DROP;
}
result = filter_->FilterPacket(
direction, *packet,
absl::string_view(*transport_data, packet->size() - header_size),
icmp_header);
}
// Do not send ICMP error messages in response to ICMP errors.
if (result == ProcessingResult::ICMP) {
const uint8_t* header = reinterpret_cast<const uint8_t*>(packet->data());
constexpr size_t kIPv6NextHeaderOffset = 6;
constexpr size_t kIcmpMessageTypeOffset = kIPv6HeaderSize + 0;
constexpr size_t kIcmpMessageTypeMaxError = 127;
if (
// Check size.
packet->size() >= (kIPv6HeaderSize + kICMPv6HeaderSize) &&
// Check that the packet is in fact ICMP.
header[kIPv6NextHeaderOffset] == IPPROTO_ICMPV6 &&
// Check that ICMP message type is an error.
header[kIcmpMessageTypeOffset] < kIcmpMessageTypeMaxError) {
result = ProcessingResult::SILENT_DROP;
}
}
return result;
}
QbonePacketProcessor::ProcessingResult QbonePacketProcessor::ProcessIPv6Header(
std::string* packet, Direction direction, uint8_t* transport_protocol,
char** transport_data, icmp6_hdr* icmp_header) {
// Check if the packet is big enough to have IPv6 header.
if (packet->size() < kIPv6HeaderSize) {
QUIC_DVLOG(1) << "Dropped malformed packet: IPv6 header too short";
return ProcessingResult::SILENT_DROP;
}
// Check version field.
ip6_hdr* header = reinterpret_cast<ip6_hdr*>(&*packet->begin());
if (header->ip6_vfc >> 4 != 6) {
QUIC_DVLOG(1) << "Dropped malformed packet: IP version is not IPv6";
return ProcessingResult::SILENT_DROP;
}
// Check payload size.
const size_t declared_payload_size =
quiche::QuicheEndian::NetToHost16(header->ip6_plen);
const size_t actual_payload_size = packet->size() - kIPv6HeaderSize;
if (declared_payload_size != actual_payload_size) {
QUIC_DVLOG(1)
<< "Dropped malformed packet: incorrect packet length specified";
return ProcessingResult::SILENT_DROP;
}
// Check that the address of the client is in the packet.
QuicIpAddress address_to_check;
uint8_t address_reject_code;
bool ip_parse_result;
switch (direction) {
case Direction::FROM_OFF_NETWORK:
// Expect the source IP to match the client.
ip_parse_result = address_to_check.FromPackedString(
reinterpret_cast<const char*>(&header->ip6_src),
sizeof(header->ip6_src));
address_reject_code = kICMPv6DestinationUnreachableDueToSourcePolicy;
break;
case Direction::FROM_NETWORK:
// Expect the destination IP to match the client.
ip_parse_result = address_to_check.FromPackedString(
reinterpret_cast<const char*>(&header->ip6_dst),
sizeof(header->ip6_src));
address_reject_code = ICMP6_DST_UNREACH_NOROUTE;
break;
}
QUICHE_DCHECK(ip_parse_result);
if (!client_ip_.InSameSubnet(address_to_check, client_ip_subnet_length_)) {
QUIC_DVLOG(1)
<< "Dropped packet: source/destination address is not client's";
icmp_header->icmp6_type = ICMP6_DST_UNREACH;
icmp_header->icmp6_code = address_reject_code;
return ProcessingResult::ICMP;
}
// Check and decrement TTL.
if (header->ip6_hops <= 1) {
icmp_header->icmp6_type = ICMP6_TIME_EXCEEDED;
icmp_header->icmp6_code = ICMP6_TIME_EXCEED_TRANSIT;
return ProcessingResult::ICMP;
}
header->ip6_hops--;
// Check and extract IP headers.
switch (header->ip6_nxt) {
case IPPROTO_TCP:
case IPPROTO_UDP:
case IPPROTO_ICMPV6:
*transport_protocol = header->ip6_nxt;
*transport_data = (&*packet->begin()) + kIPv6HeaderSize;
break;
default:
icmp_header->icmp6_type = ICMP6_PARAM_PROB;
icmp_header->icmp6_code = ICMP6_PARAMPROB_NEXTHEADER;
return ProcessingResult::ICMP;
}
return ProcessingResult::OK;
}
void QbonePacketProcessor::SendIcmpResponse(in6_addr dst,
icmp6_hdr* icmp_header,
absl::string_view payload,
Direction original_direction) {
CreateIcmpPacket(self_ip_, dst, *icmp_header, payload,
[this, original_direction](absl::string_view packet) {
SendResponse(original_direction, packet);
});
}
void QbonePacketProcessor::SendTcpReset(absl::string_view original_packet,
Direction original_direction) {
CreateTcpResetPacket(original_packet,
[this, original_direction](absl::string_view packet) {
SendResponse(original_direction, packet);
});
}
void QbonePacketProcessor::SendResponse(Direction original_direction,
absl::string_view packet) {
switch (original_direction) {
case Direction::FROM_OFF_NETWORK:
output_->SendPacketToClient(packet);
break;
case Direction::FROM_NETWORK:
output_->SendPacketToNetwork(packet);
break;
}
}
uint8_t QbonePacketProcessor::TrafficClassFromHeader(
absl::string_view ipv6_header) {
// Packets that reach this function should have already been validated.
// However, there are tests that bypass that validation that fail because this
// would be out of bounds.
if (ipv6_header.length() < 2) {
return 0; // Default to BE1
}
return ipv6_header[0] << 4 | ipv6_header[1] >> 4;
}
} // namespace quic