From b563c7ad5af36c31646754b13f39497d71fcd433 Mon Sep 17 00:00:00 2001 From: Gabi Date: Fri, 4 Aug 2023 00:17:35 -0300 Subject: [PATCH] connlib: fix ipv6 (#1855) Fixes some of the ipv6 handling. Making this PR I also realized we need to update checksums on UDP and TCP too, since we're mangling packets. --- docker-compose.yml | 2 + rust/Cargo.lock | 247 ++++-------------- rust/Cargo.toml | 1 + rust/connlib/libs/tunnel/src/ip_packet.rs | 23 ++ rust/connlib/libs/tunnel/src/lib.rs | 1 + .../libs/tunnel/src/resource_sender.rs | 12 +- rust/connlib/libs/tunnel/src/tun_linux.rs | 11 +- rust/docker-init.sh | 3 + 8 files changed, 90 insertions(+), 210 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 62f0bbbfc..ff30e78db 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -160,6 +160,8 @@ services: - net.ipv4.ip_forward=1 - net.ipv4.conf.all.src_valid_mark=1 - net.ipv6.conf.all.disable_ipv6=0 + - net.ipv6.conf.all.forwarding=1 + - net.ipv6.conf.default.forwarding=1 devices: - "/dev/net/tun:/dev/net/tun" depends_on: diff --git a/rust/Cargo.lock b/rust/Cargo.lock index e48f26521..b15320c89 100644 --- a/rust/Cargo.lock +++ b/rust/Cargo.lock @@ -43,7 +43,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b613b8e1e3cf911a086f53f03bf286f52fd7a7258e4fa606f0ef220d39d8877" dependencies = [ "generic-array", - "rand_core 0.6.4", + "rand_core", ] [[package]] @@ -369,7 +369,7 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b62ddb9cb1ec0a098ad4bbf9344d0713fa193ae1a80af55febcff2627b6a00c1" dependencies = [ - "getrandom 0.2.10", + "getrandom", "instant", "rand", ] @@ -455,7 +455,7 @@ version = "0.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe" dependencies = [ - "digest 0.10.7", + "digest", ] [[package]] @@ -500,7 +500,7 @@ dependencies = [ "libc", "nix 0.25.1", "parking_lot", - "rand_core 0.6.4", + "rand_core", "ring", "tracing", "tracing-subscriber", @@ -787,7 +787,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ef2b4b23cddf68b89b8f8069890e8c270d54e2d5fe1b143820234805e4cb17ef" dependencies = [ "generic-array", - "rand_core 0.6.4", + "rand_core", "subtle", "zeroize", ] @@ -799,7 +799,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" dependencies = [ "generic-array", - "rand_core 0.6.4", + "rand_core", "typenum", ] @@ -821,19 +821,6 @@ dependencies = [ "cipher 0.4.4", ] -[[package]] -name = "curve25519-dalek" -version = "3.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b9fdf9972b2bd6af2d913799d9ebc165ea4d2e65878e329d9c6b372c4491b61" -dependencies = [ - "byteorder", - "digest 0.9.0", - "rand_core 0.5.1", - "subtle", - "zeroize", -] - [[package]] name = "curve25519-dalek" version = "4.0.0-rc.3" @@ -861,41 +848,6 @@ dependencies = [ "syn 2.0.25", ] -[[package]] -name = "darling" -version = "0.14.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b750cb3417fd1b327431a470f388520309479ab0bf5e323505daf0290cd3850" -dependencies = [ - "darling_core", - "darling_macro", -] - -[[package]] -name = "darling_core" -version = "0.14.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "109c1ca6e6b7f82cc233a97004ea8ed7ca123a9af07a8230878fcfda9b158bf0" -dependencies = [ - "fnv", - "ident_case", - "proc-macro2", - "quote", - "strsim", - "syn 1.0.109", -] - -[[package]] -name = "darling_macro" -version = "0.14.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4aab4dbc9f7611d8b55048a3a16d2d010c2c8334e46304b40ac1cc14bf3b48e" -dependencies = [ - "darling_core", - "quote", - "syn 1.0.109", -] - [[package]] name = "data-encoding" version = "2.4.0" @@ -941,37 +893,6 @@ dependencies = [ "rusticata-macros", ] -[[package]] -name = "derive_builder" -version = "0.11.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d07adf7be193b71cc36b193d0f5fe60b918a3a9db4dad0449f57bcfd519704a3" -dependencies = [ - "derive_builder_macro", -] - -[[package]] -name = "derive_builder_core" -version = "0.11.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f91d4cfa921f1c05904dc3c57b4a32c38aed3340cce209f3a6fd1478babafc4" -dependencies = [ - "darling", - "proc-macro2", - "quote", - "syn 1.0.109", -] - -[[package]] -name = "derive_builder_macro" -version = "0.11.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f0314b72bed045f3a68671b3c86328386762c93f82d98c65c3cb5e5f573dd68" -dependencies = [ - "derive_builder_core", - "syn 1.0.109", -] - [[package]] name = "derive_more" version = "0.99.17" @@ -991,15 +912,6 @@ version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "524cbf6897b527295dff137cec09ecf3a05f4fddffd7dfcd1585403449e74198" -[[package]] -name = "digest" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066" -dependencies = [ - "generic-array", -] - [[package]] name = "digest" version = "0.10.7" @@ -1077,14 +989,14 @@ dependencies = [ "base16ct", "crypto-bigint", "der", - "digest 0.10.7", + "digest", "ff", "generic-array", "group", "hkdf", "pem-rfc7468", "pkcs8", - "rand_core 0.6.4", + "rand_core", "sec1", "subtle", "zeroize", @@ -1139,7 +1051,7 @@ version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d013fc25338cc558c5c2cfbad646908fb23591e2404481826742b651c9af7160" dependencies = [ - "rand_core 0.6.4", + "rand_core", "subtle", ] @@ -1201,7 +1113,7 @@ dependencies = [ "netlink-packet-route", "parking_lot", "pnet_packet", - "rand_core 0.6.4", + "rand_core", "rtnetlink", "serde", "serde_json", @@ -1337,17 +1249,6 @@ dependencies = [ "version_check", ] -[[package]] -name = "getrandom" -version = "0.1.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce" -dependencies = [ - "cfg-if 1.0.0", - "libc", - "wasi 0.9.0+wasi-snapshot-preview1", -] - [[package]] name = "getrandom" version = "0.2.10" @@ -1388,7 +1289,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7" dependencies = [ "ff", - "rand_core 0.6.4", + "rand_core", "subtle", ] @@ -1443,7 +1344,7 @@ version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" dependencies = [ - "digest 0.10.7", + "digest", ] [[package]] @@ -1541,12 +1442,6 @@ dependencies = [ "cc 1.0.79 (registry+https://github.com/rust-lang/crates.io-index)", ] -[[package]] -name = "ident_case" -version = "1.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" - [[package]] name = "idna" version = "0.4.0" @@ -1578,8 +1473,7 @@ dependencies = [ [[package]] name = "interceptor" version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c142385498b53584546abbfa50188b2677af8e4f879da1ee5d905cb7de5b97a" +source = "git+https://github.com/firezone/webrtc?rev=85bf9c8#85bf9c80028af2a6a0970c44d2fbab8c97aaf85d" dependencies = [ "async-trait", "bytes", @@ -1771,7 +1665,7 @@ dependencies = [ "os_info", "parking_lot", "rand", - "rand_core 0.6.4", + "rand_core", "rtnetlink", "serde", "serde_json", @@ -1834,7 +1728,7 @@ version = "0.10.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6365506850d44bff6e2fbcb5176cf63650e48bd45ef2fe2665ae1570e0f4b9ca" dependencies = [ - "digest 0.10.7", + "digest", ] [[package]] @@ -1851,9 +1745,9 @@ checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" [[package]] name = "memoffset" -version = "0.6.5" +version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5aa361d4faea93603064a027415f07bd8e1d5c88c9fbf68bf56a285428fd79ce" +checksum = "5de893c32cde5f383baa4c04c5d6dbdd735cfd4a794b0debdb2bb1b421da5ff4" dependencies = [ "autocfg", ] @@ -1956,18 +1850,6 @@ dependencies = [ "tokio", ] -[[package]] -name = "nix" -version = "0.24.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa52e972a9a719cecb6864fb88568781eb706bac2cd1d4f04a648542dbf78069" -dependencies = [ - "bitflags 1.3.2", - "cfg-if 1.0.0", - "libc", - "memoffset", -] - [[package]] name = "nix" version = "0.25.1" @@ -1989,6 +1871,8 @@ dependencies = [ "bitflags 1.3.2", "cfg-if 1.0.0", "libc", + "memoffset", + "pin-utils", "static_assertions", ] @@ -2207,7 +2091,7 @@ version = "0.1.0" dependencies = [ "base64 0.21.2", "futures", - "rand_core 0.6.4", + "rand_core", "serde", "serde_json", "thiserror", @@ -2411,7 +2295,7 @@ checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" dependencies = [ "libc", "rand_chacha", - "rand_core 0.6.4", + "rand_core", ] [[package]] @@ -2421,16 +2305,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" dependencies = [ "ppv-lite86", - "rand_core 0.6.4", -] - -[[package]] -name = "rand_core" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19" -dependencies = [ - "getrandom 0.1.16", + "rand_core", ] [[package]] @@ -2439,7 +2314,7 @@ version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" dependencies = [ - "getrandom 0.2.10", + "getrandom", ] [[package]] @@ -2448,7 +2323,7 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d25bf25ec5ae4a3f1b92f929810509a2f53d7dca2f50b794ff57e3face536c8f" dependencies = [ - "rand_core 0.6.4", + "rand_core", ] [[package]] @@ -2589,8 +2464,7 @@ dependencies = [ [[package]] name = "rtcp" version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6423493804221c276d27f3cc383cd5cbe1a1f10f210909fd4951b579b01293cd" +source = "git+https://github.com/firezone/webrtc?rev=85bf9c8#85bf9c80028af2a6a0970c44d2fbab8c97aaf85d" dependencies = [ "bytes", "thiserror", @@ -2618,8 +2492,7 @@ dependencies = [ [[package]] name = "rtp" version = "0.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b728adb99b88d932f2f0622b540bf7ccb196f81e9823b5b0eeb166526c88138c" +source = "git+https://github.com/firezone/webrtc?rev=85bf9c8#85bf9c80028af2a6a0970c44d2fbab8c97aaf85d" dependencies = [ "bytes", "rand", @@ -2806,8 +2679,7 @@ dependencies = [ [[package]] name = "sdp" version = "0.5.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d22a5ef407871893fd72b4562ee15e4742269b173959db4b8df6f538c414e13" +source = "git+https://github.com/firezone/webrtc?rev=85bf9c8#85bf9c80028af2a6a0970c44d2fbab8c97aaf85d" dependencies = [ "rand", "substring", @@ -2903,7 +2775,7 @@ checksum = "f04293dc80c3993519f2d7f6f511707ee7094fe0c6d3406feb330cdb3540eba3" dependencies = [ "cfg-if 1.0.0", "cpufeatures", - "digest 0.10.7", + "digest", ] [[package]] @@ -2914,7 +2786,7 @@ checksum = "479fb9d862239e610720565ca91403019f2f00410f1864c5aa7479b950a76ed8" dependencies = [ "cfg-if 1.0.0", "cpufeatures", - "digest 0.10.7", + "digest", ] [[package]] @@ -2941,8 +2813,8 @@ version = "1.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c" dependencies = [ - "digest 0.10.7", - "rand_core 0.6.4", + "digest", + "rand_core", ] [[package]] @@ -3043,10 +2915,9 @@ dependencies = [ [[package]] name = "stun" version = "0.4.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a7e94b1ec00bad60e6410e058b52f1c66de3dc5fe4d62d09b3e52bb7d3b73e25" +source = "git+https://github.com/firezone/webrtc?rev=85bf9c8#85bf9c80028af2a6a0970c44d2fbab8c97aaf85d" dependencies = [ - "base64 0.13.1", + "base64 0.21.2", "crc", "lazy_static", "md-5", @@ -3538,11 +3409,10 @@ dependencies = [ [[package]] name = "turn" version = "0.6.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4712ee30d123ec7ae26d1e1b218395a16c87cdbaf4b3925d170d684af62ea5e8" +source = "git+https://github.com/firezone/webrtc?rev=85bf9c8#85bf9c80028af2a6a0970c44d2fbab8c97aaf85d" dependencies = [ "async-trait", - "base64 0.13.1", + "base64 0.21.2", "futures", "log", "md-5", @@ -3644,7 +3514,7 @@ version = "1.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "79daa5ed5740825c40b389c5e50312b9c86df53fccd33f281df655642b43869d" dependencies = [ - "getrandom 0.2.10", + "getrandom", "serde", ] @@ -3698,12 +3568,6 @@ dependencies = [ "try-lock", ] -[[package]] -name = "wasi" -version = "0.9.0+wasi-snapshot-preview1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519" - [[package]] name = "wasi" version = "0.10.0+wasi-snapshot-preview1" @@ -3803,8 +3667,7 @@ dependencies = [ [[package]] name = "webrtc" version = "0.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f60dde9fd592872bc371b3842e4616bc4c6984242e3cd2a7d7cb771db278601b" +source = "git+https://github.com/firezone/webrtc?rev=85bf9c8#85bf9c80028af2a6a0970c44d2fbab8c97aaf85d" dependencies = [ "arc-swap", "async-trait", @@ -3846,11 +3709,9 @@ dependencies = [ [[package]] name = "webrtc-data" version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c3c7ba7d11733e448d8d2d054814e97c558f52293f0e0a2eb05840f28b3be12" +source = "git+https://github.com/firezone/webrtc?rev=85bf9c8#85bf9c80028af2a6a0970c44d2fbab8c97aaf85d" dependencies = [ "bytes", - "derive_builder", "log", "thiserror", "tokio", @@ -3861,8 +3722,7 @@ dependencies = [ [[package]] name = "webrtc-dtls" version = "0.7.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c4a00f4242f2db33307347bd5be53263c52a0331c96c14292118c9a6bb48d267" +source = "git+https://github.com/firezone/webrtc?rev=85bf9c8#85bf9c80028af2a6a0970c44d2fbab8c97aaf85d" dependencies = [ "aes 0.6.0", "aes-gcm", @@ -3871,16 +3731,14 @@ dependencies = [ "block-modes", "byteorder", "ccm", - "curve25519-dalek 3.2.0", "der-parser 8.2.0", - "elliptic-curve", "hkdf", "hmac", "log", "p256", "p384", "rand", - "rand_core 0.6.4", + "rand_core", "rcgen", "ring", "rustls 0.19.1", @@ -3888,7 +3746,6 @@ dependencies = [ "serde", "sha1 0.10.5", "sha2", - "signature", "subtle", "thiserror", "tokio", @@ -3901,8 +3758,7 @@ dependencies = [ [[package]] name = "webrtc-ice" version = "0.9.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "465a03cc11e9a7d7b4f9f99870558fe37a102b65b93f8045392fef7c67b39e80" +source = "git+https://github.com/firezone/webrtc?rev=85bf9c8#85bf9c80028af2a6a0970c44d2fbab8c97aaf85d" dependencies = [ "arc-swap", "async-trait", @@ -3925,8 +3781,7 @@ dependencies = [ [[package]] name = "webrtc-mdns" version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f08dfd7a6e3987e255c4dbe710dde5d94d0f0574f8a21afa95d171376c143106" +source = "git+https://github.com/firezone/webrtc?rev=85bf9c8#85bf9c80028af2a6a0970c44d2fbab8c97aaf85d" dependencies = [ "log", "socket2 0.4.9", @@ -3938,8 +3793,7 @@ dependencies = [ [[package]] name = "webrtc-media" version = "0.6.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cd8e3711a321f6a375973144f48065cf705316ab6709672954aace020c668eb6" +source = "git+https://github.com/firezone/webrtc?rev=85bf9c8#85bf9c80028af2a6a0970c44d2fbab8c97aaf85d" dependencies = [ "byteorder", "bytes", @@ -3951,8 +3805,7 @@ dependencies = [ [[package]] name = "webrtc-sctp" version = "0.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7df742d91cfbd982f6ab2bfd45a7c3ddfce5b2f55913b2f63877404d1b3259db" +source = "git+https://github.com/firezone/webrtc?rev=85bf9c8#85bf9c80028af2a6a0970c44d2fbab8c97aaf85d" dependencies = [ "arc-swap", "async-trait", @@ -3968,8 +3821,7 @@ dependencies = [ [[package]] name = "webrtc-srtp" version = "0.10.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5683b597b3c6af47ff11e695697f881bc42acfd8feeb0d4eb20a5ae9caaee6ae" +source = "git+https://github.com/firezone/webrtc?rev=85bf9c8#85bf9c80028af2a6a0970c44d2fbab8c97aaf85d" dependencies = [ "aead 0.4.3", "aes 0.7.5", @@ -3991,8 +3843,7 @@ dependencies = [ [[package]] name = "webrtc-util" version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "93f1db1727772c05cf7a2cfece52c3aca8045ca1e176cd517d323489aa3c6d87" +source = "git+https://github.com/firezone/webrtc?rev=85bf9c8#85bf9c80028af2a6a0970c44d2fbab8c97aaf85d" dependencies = [ "async-trait", "bitflags 1.3.2", @@ -4002,7 +3853,7 @@ dependencies = [ "lazy_static", "libc", "log", - "nix 0.24.3", + "nix 0.26.2", "rand", "thiserror", "tokio", @@ -4208,8 +4059,8 @@ version = "2.0.0-rc.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ec7fae07da688e17059d5886712c933bb0520f15eff2e09cfa18e30968f4e63a" dependencies = [ - "curve25519-dalek 4.0.0-rc.3", - "rand_core 0.6.4", + "curve25519-dalek", + "rand_core", "serde", "zeroize", ] diff --git a/rust/Cargo.toml b/rust/Cargo.toml index 156f003f1..28287bf88 100644 --- a/rust/Cargo.toml +++ b/rust/Cargo.toml @@ -21,3 +21,4 @@ swift-bridge = "0.1.52" # (the `patch` section can't be used for build deps...) [patch.crates-io] ring = { git = "https://github.com/firezone/ring", branch = "v0.16.20-cc-fix" } +webrtc = { git = "https://github.com/firezone/webrtc", rev = "85bf9c8" } diff --git a/rust/connlib/libs/tunnel/src/ip_packet.rs b/rust/connlib/libs/tunnel/src/ip_packet.rs index f75dcce7b..7bd1b7a49 100644 --- a/rust/connlib/libs/tunnel/src/ip_packet.rs +++ b/rust/connlib/libs/tunnel/src/ip_packet.rs @@ -2,6 +2,7 @@ use std::net::IpAddr; use domain::base::message::Message; use pnet_packet::{ + icmpv6::{self, MutableIcmpv6Packet}, ip::{IpNextHeaderProtocol, IpNextHeaderProtocols}, ipv4::{checksum, Ipv4Packet, MutableIpv4Packet}, ipv6::{Ipv6Packet, MutableIpv6Packet}, @@ -56,6 +57,24 @@ impl<'a> MutableIpPacket<'a> { .flatten() } + pub fn set_icmpv6_checksum(&mut self) { + let (src_addr, dst_addr) = match self { + MutableIpPacket::MutableIpv4Packet(_) => return, + MutableIpPacket::MutableIpv6Packet(p) => (p.get_source(), p.get_destination()), + }; + if let Some(mut pkt) = self.as_icmpv6() { + let checksum = icmpv6::checksum(&pkt.to_immutable(), &src_addr, &dst_addr); + pkt.set_checksum(checksum); + } + } + + fn as_icmpv6(&mut self) -> Option { + self.to_immutable() + .is_icmpv6() + .then(|| MutableIcmpv6Packet::new(self.payload_mut())) + .flatten() + } + pub(crate) fn as_immutable_udp(&self) -> Option { self.to_immutable() .is_udp() @@ -118,6 +137,10 @@ impl<'a> IpPacket<'a> { } } + pub(crate) fn is_icmpv6(&self) -> bool { + self.next_header() == IpNextHeaderProtocols::Icmpv6 + } + pub(crate) fn next_header(&self) -> IpNextHeaderProtocol { match self { Self::Ipv4Packet(p) => p.get_next_level_protocol(), diff --git a/rust/connlib/libs/tunnel/src/lib.rs b/rust/connlib/libs/tunnel/src/lib.rs index 7658dfe41..f2cb2925f 100644 --- a/rust/connlib/libs/tunnel/src/lib.rs +++ b/rust/connlib/libs/tunnel/src/lib.rs @@ -540,6 +540,7 @@ where } packet.set_checksum(); + packet.set_icmpv6_checksum(); } ( peer.tunnel.lock().encapsulate(&src[..res], &mut dst[..]), diff --git a/rust/connlib/libs/tunnel/src/resource_sender.rs b/rust/connlib/libs/tunnel/src/resource_sender.rs index 95ebbf01f..daaa76650 100644 --- a/rust/connlib/libs/tunnel/src/resource_sender.rs +++ b/rust/connlib/libs/tunnel/src/resource_sender.rs @@ -3,11 +3,10 @@ use std::{ sync::Arc, }; +use crate::{ip_packet::MutableIpPacket, peer::Peer, ControlSignal, Tunnel}; use boringtun::noise::Tunn; use libs_common::{messages::ResourceDescription, Callbacks, Error}; -use crate::{ip_packet::MutableIpPacket, peer::Peer, ControlSignal, Tunnel}; - impl Tunnel where C: ControlSignal + Send + Sync + 'static, @@ -21,12 +20,15 @@ where let Some(mut pkt) = MutableIpPacket::new(packet) else { return }; pkt.set_dst(dst_addr); pkt.set_checksum(); + pkt.set_icmpv6_checksum(); match dst_addr { - IpAddr::V4(_) => { + IpAddr::V4(addr) => { + tracing::trace!("Sending to packet to {addr}"); self.write4_device_infallible(packet).await; } - IpAddr::V6(_) => { + IpAddr::V6(addr) => { + tracing::trace!("Sending to packet to {addr}"); self.write6_device_infallible(packet).await; } } @@ -38,7 +40,7 @@ where // If there's no associated resource it means that we are in a client, then the packet comes from a gateway // and we just trust gateways. // In gateways this should never happen. - tracing::trace!("Writing to interface"); + tracing::trace!("Writing to interface with addr: {addr}"); match addr { IpAddr::V4(_) => self.write4_device_infallible(packet).await, IpAddr::V6(_) => self.write6_device_infallible(packet).await, diff --git a/rust/connlib/libs/tunnel/src/tun_linux.rs b/rust/connlib/libs/tunnel/src/tun_linux.rs index 84575ee17..b63c43377 100644 --- a/rust/connlib/libs/tunnel/src/tun_linux.rs +++ b/rust/connlib/libs/tunnel/src/tun_linux.rs @@ -5,7 +5,7 @@ use libc::{ IFF_MULTI_QUEUE, IFF_NO_PI, IFF_TUN, IFNAMSIZ, O_NONBLOCK, O_RDWR, }; use libs_common::{Callbacks, Error, Result}; -use netlink_packet_route::rtnl::link::nlas::Nla; +use netlink_packet_route::{rtnl::link::nlas::Nla, RT_SCOPE_UNIVERSE}; use rtnetlink::{new_connection, Handle}; use std::{ ffi::{c_int, c_short, c_uchar}, @@ -21,8 +21,7 @@ pub(crate) struct IfaceConfig(pub(crate) Arc); const TUNSETIFF: u64 = 0x4004_54ca; const TUN_FILE: &[u8] = b"/dev/net/tun\0"; -const RT_SCOPE_LINK: u8 = 253; -const RT_PROT_UNSPEC: u8 = 0; +const RT_PROT_STATIC: u8 = 4; #[repr(C)] union IfrIfru { @@ -188,19 +187,17 @@ impl IfaceConfig { .route() .add() .output_interface(self.0.interface_index) - .protocol(RT_PROT_UNSPEC) - .scope(RT_SCOPE_LINK); + .protocol(RT_PROT_STATIC) + .scope(RT_SCOPE_UNIVERSE); match route { IpNetwork::V4(ipnet) => { req.v4() - .source_prefix(ipnet.network_address(), ipnet.netmask()) .destination_prefix(ipnet.network_address(), ipnet.netmask()) .execute() .await? } IpNetwork::V6(ipnet) => { req.v6() - .source_prefix(ipnet.network_address(), ipnet.netmask()) .destination_prefix(ipnet.network_address(), ipnet.netmask()) .execute() .await? diff --git a/rust/docker-init.sh b/rust/docker-init.sh index ef8dcc0f4..1aec14193 100755 --- a/rust/docker-init.sh +++ b/rust/docker-init.sh @@ -4,4 +4,7 @@ if [ $ENABLE_MASQUERADE = "1" ]; then iptables -A FORWARD -i $IFACE -j ACCEPT iptables -A FORWARD -o $IFACE -j ACCEPT iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE + ip6tables -A FORWARD -i $IFACE -j ACCEPT + ip6tables -A FORWARD -o $IFACE -j ACCEPT + ip6tables -t nat -A POSTROUTING -o eth+ -j MASQUERADE fi