projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ip_packet: Parse ports from TCP and UDP headers
[strongswan.git] / src / libipsec / ip_packet.c
1 /*
2 * Copyright (C) 2012-2014 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16
17 #include "ip_packet.h"
18
19 #include <library.h>
20 #include <utils/debug.h>
21
22 #include <sys/types.h>
23 #include <netinet/in.h>
24 #include <netinet/ip.h>
25 #include <netinet/udp.h>
26 #include <netinet/tcp.h>
27 #ifdef HAVE_NETINET_IP6_H
28 #include <netinet/ip6.h>
29 #endif
30
31 typedef struct private_ip_packet_t private_ip_packet_t;
32
33 /**
34 * Private additions to ip_packet_t.
35 */
36 struct private_ip_packet_t {
37
38 /**
39 * Public members
40 */
41 ip_packet_t public;
42
43 /**
44 * Source address
45 */
46 host_t *src;
47
48 /**
49 * Destination address
50 */
51 host_t *dst;
52
53 /**
54 * IP packet
55 */
56 chunk_t packet;
57
58 /**
59 * IP version
60 */
61 u_int8_t version;
62
63 /**
64 * Protocol|Next Header field
65 */
66 u_int8_t next_header;
67
68 };
69
70 METHOD(ip_packet_t, get_version, u_int8_t,
71 private_ip_packet_t *this)
72 {
73 return this->version;
74 }
75
76 METHOD(ip_packet_t, get_source, host_t*,
77 private_ip_packet_t *this)
78 {
79 return this->src;
80 }
81
82 METHOD(ip_packet_t, get_destination, host_t*,
83 private_ip_packet_t *this)
84 {
85 return this->dst;
86 }
87
88 METHOD(ip_packet_t, get_encoding, chunk_t,
89 private_ip_packet_t *this)
90 {
91 return this->packet;
92 }
93
94 METHOD(ip_packet_t, get_next_header, u_int8_t,
95 private_ip_packet_t *this)
96 {
97 return this->next_header;
98 }
99
100 METHOD(ip_packet_t, clone_, ip_packet_t*,
101 private_ip_packet_t *this)
102 {
103 return ip_packet_create(chunk_clone(this->packet));
104 }
105
106 METHOD(ip_packet_t, destroy, void,
107 private_ip_packet_t *this)
108 {
109 this->src->destroy(this->src);
110 this->dst->destroy(this->dst);
111 chunk_free(&this->packet);
112 free(this);
113 }
114
115 /**
116 * Parse transport protocol header
117 */
118 static bool parse_transport_header(chunk_t packet, u_int8_t proto,
119 u_int16_t *sport, u_int16_t *dport)
120 {
121 switch (proto)
122 {
123 case IPPROTO_UDP:
124 {
125 struct udphdr *udp;
126
127 if (packet.len < sizeof(*udp))
128 {
129 DBG1(DBG_ESP, "UDP packet too short");
130 return FALSE;
131 }
132 udp = (struct udphdr*)packet.ptr;
133 *sport = ntohs(udp->source);
134 *dport = ntohs(udp->dest);
135 break;
136 }
137 case IPPROTO_TCP:
138 {
139 struct tcphdr *tcp;
140
141 if (packet.len < sizeof(*tcp))
142 {
143 DBG1(DBG_ESP, "TCP packet too short");
144 return FALSE;
145 }
146 tcp = (struct tcphdr*)packet.ptr;
147 *sport = ntohs(tcp->source);
148 *dport = ntohs(tcp->dest);
149 break;
150 }
151 default:
152 break;
153 }
154 return TRUE;
155 }
156
157 /**
158 * Described in header.
159 */
160 ip_packet_t *ip_packet_create(chunk_t packet)
161 {
162 private_ip_packet_t *this;
163 u_int8_t version, next_header;
164 u_int16_t sport = 0, dport = 0;
165 host_t *src, *dst;
166
167 if (packet.len < 1)
168 {
169 DBG1(DBG_ESP, "IP packet too short");
170 goto failed;
171 }
172
173 version = (packet.ptr[0] & 0xf0) >> 4;
174
175 switch (version)
176 {
177 case 4:
178 {
179 struct ip *ip;
180
181 if (packet.len < sizeof(struct ip))
182 {
183 DBG1(DBG_ESP, "IPv4 packet too short");
184 goto failed;
185 }
186 ip = (struct ip*)packet.ptr;
187 /* remove any RFC 4303 TFC extra padding */
188 packet.len = min(packet.len, untoh16(&ip->ip_len));
189
190 if (!parse_transport_header(chunk_skip(packet, ip->ip_hl * 4),
191 ip->ip_p, &sport, &dport))
192 {
193 goto failed;
194 }
195 src = host_create_from_chunk(AF_INET,
196 chunk_from_thing(ip->ip_src), sport);
197 dst = host_create_from_chunk(AF_INET,
198 chunk_from_thing(ip->ip_dst), dport);
199 next_header = ip->ip_p;
200 break;
201 }
202 #ifdef HAVE_NETINET_IP6_H
203 case 6:
204 {
205 struct ip6_hdr *ip;
206
207 if (packet.len < sizeof(*ip))
208 {
209 DBG1(DBG_ESP, "IPv6 packet too short");
210 goto failed;
211 }
212 ip = (struct ip6_hdr*)packet.ptr;
213 /* remove any RFC 4303 TFC extra padding */
214 packet.len = min(packet.len, untoh16(&ip->ip6_plen));
215 /* we only handle packets without extension headers, just skip the
216 * basic IPv6 header */
217 if (!parse_transport_header(chunk_skip(packet, 40), ip->ip6_nxt,
218 &sport, &dport))
219 {
220 goto failed;
221 }
222 src = host_create_from_chunk(AF_INET6,
223 chunk_from_thing(ip->ip6_src), sport);
224 dst = host_create_from_chunk(AF_INET6,
225 chunk_from_thing(ip->ip6_dst), dport);
226 next_header = ip->ip6_nxt;
227 break;
228 }
229 #endif /* HAVE_NETINET_IP6_H */
230 default:
231 DBG1(DBG_ESP, "unsupported IP version");
232 goto failed;
233 }
234
235 INIT(this,
236 .public = {
237 .get_version = _get_version,
238 .get_source = _get_source,
239 .get_destination = _get_destination,
240 .get_next_header = _get_next_header,
241 .get_encoding = _get_encoding,
242 .clone = _clone_,
243 .destroy = _destroy,
244 },
245 .src = src,
246 .dst = dst,
247 .packet = packet,
248 .version = version,
249 .next_header = next_header,
250 );
251 return &this->public;
252
253 failed:
254 chunk_free(&packet);
255 return NULL;
256 }
strongSwan - IPsec VPN