2 * 6in4 - tunnel client for automatic 6to4 or configured v6-in-v4 tunnels.
11 * IPv6 and related IP protocols & their numbers:
13 * ipv6 41 IPv6 # Internet Protocol, version 6
14 * ipv6-route 43 IPv6-Route # Routing Header for IPv6
15 * ipv6-frag 44 IPv6-Frag # Fragment Header for IPv6
16 * esp 50 ESP # Encapsulating Security Payload
17 * ah 51 AH # Authentication Header
18 * ipv6-icmp 58 IPv6-ICMP icmp6 # ICMP version 6
19 * ipv6-nonxt 59 IPv6-NoNxt # No Next Header for IPv6
20 * ipv6-opts 60 IPv6-Opts # Destination Options for IPv6
24 IP_IPV6PROTO = 41, /* IPv4 protocol number for IPv6 */
25 IP_ESPPROTO = 50, /* IP v4 and v6 protocol number */
26 IP_AHPROTO = 51, /* IP v4 and v6 protocol number */
31 typedef struct Iphdr Iphdr;
34 uchar vihl; /* Version and header length */
35 uchar tos; /* Type of service */
36 uchar length[2]; /* packet length */
37 uchar id[2]; /* Identification */
38 uchar frag[2]; /* Fragment information */
39 uchar ttl; /* Time to live */
40 uchar proto; /* Protocol */
41 uchar cksum[2]; /* Header checksum */
42 uchar src[4]; /* Ip source (uchar ordering unimportant) */
43 uchar dst[4]; /* Ip destination (uchar ordering unimportant) */
47 #define STFHDR offsetof(Iphdr, payload[0])
55 uchar local6[IPaddrlen];
56 uchar remote6[IPaddrlen];
57 uchar remote4[IPaddrlen];
58 uchar localmask[IPaddrlen];
59 uchar localnet[IPaddrlen];
60 uchar myip[IPaddrlen];
62 /* magic anycast address from rfc3068 */
63 uchar anycast6to4[IPv4addrlen] = { 192, 88, 99, 1 };
65 static char *inside = "/net";
66 static char *outside = "/net";
68 static int badipv4(uchar*);
69 static int badipv6(uchar*);
70 static void ip2tunnel(int, int);
71 static void tunnel2ip(int, int);
76 fprint(2, "usage: %s [-ag] [-m mtu] [-x mtpt] [-o mtpt] [-i local4] [local6[/mask]] [remote4 [remote6]]\n",
84 uchar *ipv4 = &myip[IPaddrlen - IPv4addrlen];
86 return smprint("%ux:%2.2x%2.2x:%2.2x%2.2x::1/48", V6to4pfx,
87 ipv4[0], ipv4[1], ipv4[2], ipv4[3]);
90 /* process non-option arguments */
92 procargs(int argc, char **argv)
94 char *ipstr, *maskstr;
98 else if (strcmp(argv[0], "-") == 0) {
102 ipstr = *argv++, argc--;
103 maskstr = strchr(ipstr, '/');
104 if (maskstr == nil && argc >= 1 && **argv == '/')
105 maskstr = *argv++, argc--;
106 if (parseipandmask(local6, localmask, ipstr, maskstr) == -1 || isv4(local6))
107 sysfatal("bad local v6 address/mask: %s", ipstr);
109 fprint(2, "local6 %I %M\n", local6, localmask);
111 /* remote v4 address (defaults to anycast 6to4) */
114 if (parseip(remote4, *argv++) == -1 || !isv4(remote4))
115 sysfatal("bad remote v4 address %s", argv[-1]);
117 v4tov6(remote4, anycast6to4);
121 fprint(2, "remote4 %I\n", remote4);
123 /* remote v6 address (defaults to link-local w/ v4 as interface part) */
126 if (parseip(remote6, *argv++) == -1 || isv4(remote6))
127 sysfatal("bad remote v6 address %s", argv[-1]);
129 remote6[0] = 0xFE; /* link local */
131 memcpy(remote6 + IPv4off, remote4 + IPv4off, IPv4addrlen);
137 maskip(local6, localmask, localnet);
139 fprint(2, "localnet %I remote6 %I\n", localnet, remote6);
143 setup(int *v6net, int *tunp)
147 char buf[128], path[64];
150 * gain access to IPv6-in-IPv4 packets via ipmux
152 p = seprint(buf, buf + sizeof buf, "%s/ipmux!ver=4;proto=%2.2x|%2.2x;dst=%V",
153 outside, IP_IPV6PROTO, IP_ICMPV6PROTO, myip + IPv4off);
155 seprint(p, buf + sizeof buf, ";src=%V", remote4 + IPv4off);
156 *tunp = dial(buf, 0, 0, 0);
158 sysfatal("can't access ipv6-in-ipv4 with dial str %s: %r", buf);
160 fprint(2, "dialed %s for v6-in-v4 access\n", buf);
163 * open local IPv6 interface (as a packet interface)
166 cl = smprint("%s/ipifc/clone", inside);
167 cfd = open(cl, ORDWR); /* allocate a conversation */
169 if (cfd < 0 || (n = read(cfd, buf, sizeof buf - 1)) <= 0)
170 sysfatal("can't make packet interface %s: %r", cl);
172 fprint(2, "cloned %s as local v6 interface\n", cl);
176 snprint(path, sizeof path, "%s/ipifc/%s/data", inside, buf);
177 *v6net = open(path, ORDWR);
178 if (*v6net < 0 || fprint(cfd, "bind pkt") < 0)
179 sysfatal("can't bind packet interface: %r");
180 if (fprint(cfd, "add %I %M %I %d", local6, localmask, remote6,
181 mtu - IPV4HDR_LEN) <= 0)
182 sysfatal("can't set local ipv6 address: %r");
185 fprint(2, "opened & bound %s as local v6 interface\n", path);
188 /* route global addresses through the tunnel to remote6 */
189 ir = smprint("%s/iproute", inside);
190 cfd = open(ir, OWRITE);
191 if (cfd >= 0 && debug)
192 fprint(2, "injected 2000::/3 %I into %s\n", remote6, ir);
194 if (cfd < 0 || fprint(cfd, "add 2000:: /3 %I", remote6) <= 0)
195 sysfatal("can't set default global route: %r");
200 runtunnel(int v6net, int tunnel)
202 /* run the tunnel copying in the background */
203 switch (rfork(RFPROC|RFNOWAIT|RFMEM|RFNOTEG)) {
212 switch (rfork(RFPROC|RFNOWAIT|RFMEM)) {
216 tunnel2ip(tunnel, v6net);
219 ip2tunnel(v6net, tunnel);
222 exits("tunnel gone");
226 main(int argc, char **argv)
230 fmtinstall('I', eipfmt);
231 fmtinstall('V', eipfmt);
232 fmtinstall('M', eipfmt);
245 mtu = atoi(EARGF(usage()));
248 outside = inside = EARGF(usage());
251 outside = EARGF(usage());
254 parseip(myip, EARGF(usage()));
260 if (ipcmp(myip, IPnoaddr) == 0 && myipaddr(myip, outside) < 0)
261 sysfatal("can't find my ipv4 address on %s", outside);
263 sysfatal("my ip, %I, is not a v4 address", myip);
265 procargs(argc, argv);
266 setup(&v6net, &tunnel);
267 runtunnel(v6net, tunnel);
272 * encapsulate v6 packets from the packet interface in v4 ones
273 * and send them into the tunnel.
276 ip2tunnel(int in, int out)
284 procsetname("v6 %I -> tunnel", local6);
286 procsetname("v6 %I -> tunnel %I %I", local6, remote4, remote6);
288 /* populate v4 header */
290 op->vihl = IP_VER4 | 5; /* hdr is 5 longs? */
291 memcpy(op->src, myip + IPv4off, sizeof op->src);
292 op->proto = IP_IPV6PROTO; /* inner protocol */
295 /* get a V6 packet destined for the tunnel */
296 ip = (Ip6hdr*)(buf + STFHDR);
297 while ((n = read(in, ip, sizeof buf - STFHDR)) > 0) {
298 /* if not IPV6, drop it */
299 if ((ip->vcf[0] & 0xF0) != IP_VER6)
302 /* check length: drop if too short, trim if too long */
303 m = nhgets(ip->ploadlen) + IPV6HDR_LEN;
309 /* drop if v6 source or destination address is naughty */
310 if (badipv6(ip->src)) {
311 syslog(0, "6in4", "egress filtered %I -> %I; bad src",
315 if ((ipcmp(ip->dst, remote6) != 0 && badipv6(ip->dst))) {
316 syslog(0, "6in4", "egress filtered %I -> %I; "
317 "bad dst not remote", ip->src, ip->dst);
322 fprint(2, "v6 to tunnel %I -> %I\n", ip->src, ip->dst);
324 /* send 6to4 packets directly to ipv4 target */
325 if ((ip->dst[0]<<8 | ip->dst[1]) == V6to4pfx)
326 memcpy(op->dst, ip->dst+2, sizeof op->dst);
328 memcpy(op->dst, remote4+IPv4off, sizeof op->dst);
331 /* pass packet to the other end of the tunnel */
332 if (write(out, op, n) != n) {
333 syslog(0, "6in4", "error writing to tunnel (%r), giving up");
340 * decapsulate v6 packets from v4 ones from the tunnel
341 * and forward them to the packet interface
344 tunnel2ip(int in, int out)
352 procsetname("tunnel -> v6 %I", local6);
354 procsetname("tunnel %I %I -> v6 %I", remote4, remote6, local6);
357 /* get a packet from the tunnel */
358 n = read(in, buf, sizeof buf);
359 ip = (Iphdr*)(buf + IPaddrlen);
362 syslog(0, "6in4", "error reading from tunnel (%r), giving up");
366 /* if not IPv4 nor IPv4 protocol IPv6 nor ICMPv6, drop it */
367 if ((ip->vihl & 0xF0) != IP_VER4 ||
368 ip->proto != IP_IPV6PROTO && ip->proto != IP_ICMPV6PROTO) {
370 "dropping pkt from tunnel with inner proto %d",
375 /* check length: drop if too short, trim if too long */
376 m = nhgets(ip->length);
382 op = (Ip6hdr*)(buf + IPaddrlen + STFHDR);
385 /* filter multicast and link-local, but allow relay traffic */
386 if (badipv6(op->src) || badipv6(op->dst)) {
387 syslog(0, "6in4", "ingress filtered %I -> %I; bad src/dst",
392 fprint(2, "tunnel to v6 %I -> %I\n", op->src, op->dst);
394 /* pass V6 packet to the interface */
395 if (write(out, op, n) != n) {
396 syslog(0, "6in4", "error writing to packet interface (%r), giving up");
406 case 0: /* unassigned */
407 case 10: /* private */
408 case 127: /* loopback */
411 return a[1] >= 16; /* 172.16.0.0/12 private */
413 return a[1] == 168; /* 192.168.0.0/16 private */
415 return a[1] == 254; /* 169.254.0.0/16 DHCP link-local */
417 /* 224.0.0.0/4 multicast, 240.0.0.0/4 reserved, broadcast */
422 * 0x0000/16 prefix = v4 compatible, v4 mapped, loopback, unspecified...
423 * site-local is now deprecated, rfc3879
428 int h = a[0]<<8 | a[1];
430 return h == 0 || ISIPV6MCAST(a) || ISIPV6LINKLOCAL(a) ||
431 h == V6to4pfx && badipv4(a+2);