interproto 1.0.0

Utilities for translating packets between IPv4 and IPv6
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142

use std::net::{Ipv4Addr, Ipv6Addr};

use pnet::packet::tcp::{self, MutableTcpPacket, TcpPacket};

use crate::error::{Error, Result};

/// Re-calculates a TCP packet's checksum with a new IPv6 pseudo-header.
#[profiling::function]
pub fn recalculate_tcp_checksum_ipv6(
    tcp_packet: &[u8],
    new_source: Ipv6Addr,
    new_destination: Ipv6Addr,
) -> Result<Vec<u8>> {
    // This scope is used to collect packet drop metrics
    {
        // Clone the packet so we can modify it
        let mut tcp_packet_buffer = tcp_packet.to_vec();

        // Get safe mutable access to the packet
        let mut tcp_packet =
            MutableTcpPacket::new(&mut tcp_packet_buffer).ok_or(Error::PacketTooShort {
                expected: TcpPacket::minimum_packet_size(),
                actual: tcp_packet.len(),
            })?;

        // Edit the packet's checksum
        tcp_packet.set_checksum(0);
        tcp_packet.set_checksum(tcp::ipv6_checksum(
            &tcp_packet.to_immutable(),
            &new_source,
            &new_destination,
        ));

        // Track the translated packet
        #[cfg(feature = "metrics")]
        protomask_metrics::metric!(PACKET_COUNTER, PROTOCOL_TCP, STATUS_TRANSLATED).inc();

        // Return the translated packet
        Ok(tcp_packet_buffer)
    }
    .map_err(|error| {
        // Track the dropped packet
        #[cfg(feature = "metrics")]
        protomask_metrics::metric!(PACKET_COUNTER, PROTOCOL_TCP, STATUS_DROPPED).inc();

        // Pass the error through
        error
    })
}

/// Re-calculates a TCP packet's checksum with a new IPv4 pseudo-header.
#[profiling::function]
pub fn recalculate_tcp_checksum_ipv4(
    tcp_packet: &[u8],
    new_source: Ipv4Addr,
    new_destination: Ipv4Addr,
) -> Result<Vec<u8>> {
    // This scope is used to collect packet drop metrics
    {
        // Clone the packet so we can modify it
        let mut tcp_packet_buffer = tcp_packet.to_vec();

        // Get safe mutable access to the packet
        let mut tcp_packet =
            MutableTcpPacket::new(&mut tcp_packet_buffer).ok_or(Error::PacketTooShort {
                expected: TcpPacket::minimum_packet_size(),
                actual: tcp_packet.len(),
            })?;

        // Edit the packet's checksum
        tcp_packet.set_checksum(0);
        tcp_packet.set_checksum(tcp::ipv4_checksum(
            &tcp_packet.to_immutable(),
            &new_source,
            &new_destination,
        ));

        // Track the translated packet
        #[cfg(feature = "metrics")]
        protomask_metrics::metric!(PACKET_COUNTER, PROTOCOL_TCP, STATUS_TRANSLATED).inc();

        // Return the translated packet
        Ok(tcp_packet_buffer)
    }
    .map_err(|error| {
        // Track the dropped packet
        #[cfg(feature = "metrics")]
        protomask_metrics::metric!(PACKET_COUNTER, PROTOCOL_TCP, STATUS_DROPPED).inc();

        // Pass the error through
        error
    })
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_checksum_recalculate_ipv6() {
        // Create an input packet
        let mut input_buffer = vec![0u8; TcpPacket::minimum_packet_size() + 13];
        let mut input_packet = MutableTcpPacket::new(&mut input_buffer).unwrap();
        input_packet.set_source(1234);
        input_packet.set_destination(5678);
        input_packet.set_payload(&"Hello, world!".as_bytes().to_vec());

        // Recalculate the checksum
        let recalculated_buffer = recalculate_tcp_checksum_ipv6(
            &input_buffer,
            "2001:db8::1".parse().unwrap(),
            "2001:db8::2".parse().unwrap(),
        )
        .unwrap();

        // Verify the checksum
        let recalculated_packet = TcpPacket::new(&recalculated_buffer).unwrap();
        assert_eq!(recalculated_packet.get_checksum(), 0x4817);
    }

    #[test]
    fn test_checksum_recalculate_ipv4() {
        // Create an input packet
        let mut input_buffer = vec![0u8; TcpPacket::minimum_packet_size() + 13];
        let mut input_packet = MutableTcpPacket::new(&mut input_buffer).unwrap();
        input_packet.set_source(1234);
        input_packet.set_destination(5678);
        input_packet.set_payload(&"Hello, world!".as_bytes().to_vec());

        // Recalculate the checksum
        let recalculated_buffer = recalculate_tcp_checksum_ipv4(
            &input_buffer,
            "192.0.2.1".parse().unwrap(),
            "192.0.2.2".parse().unwrap(),
        )
        .unwrap();

        // Verify the checksum
        let recalculated_packet = TcpPacket::new(&recalculated_buffer).unwrap();
        assert_eq!(recalculated_packet.get_checksum(), 0x1f88);
    }
}