diff --git a/tun/src/options.rs b/tun/src/options.rs index e21bf5f..bb364e5 100644 --- a/tun/src/options.rs +++ b/tun/src/options.rs @@ -1,5 +1,7 @@ +#[cfg(all(any(target_os = "linux", target_vendor = "apple"), feature = "tokio"))] use std::io::Error; +#[cfg(all(any(target_os = "linux", target_vendor = "apple"), feature = "tokio"))] use fehler::throws; #[cfg(any(target_os = "linux", target_vendor = "apple"))] diff --git a/tun/src/unix/address.rs b/tun/src/unix/address.rs new file mode 100644 index 0000000..dc84e96 --- /dev/null +++ b/tun/src/unix/address.rs @@ -0,0 +1,120 @@ +use std::io::{Error, ErrorKind}; +use std::net::IpAddr; + +use fehler::throws; + +#[throws] +pub(crate) fn ensure_valid_ipv6_prefix(prefix_len: u8) { + if prefix_len > 128 { + Err(Error::new( + ErrorKind::InvalidInput, + "IPv6 prefix length must be between 0 and 128", + ))?; + } +} + +#[cfg_attr(not(any(test, target_vendor = "apple")), allow(dead_code))] +#[throws] +pub(crate) fn ipv6_prefix_octets(prefix_len: u8) -> [u8; 16] { + ensure_valid_ipv6_prefix(prefix_len)?; + + let mut octets = [0u8; 16]; + for bit in 0..prefix_len { + let idx = (bit / 8) as usize; + let offset = (bit % 8) as u8; + octets[idx] |= 0x80 >> offset; + } + + octets +} + +#[cfg_attr(not(any(test, target_vendor = "apple")), allow(dead_code))] +pub(crate) fn parse_addr_spec(spec: &str) -> Result)>, Error> { + let (addr_str, prefix) = match spec.split_once('/') { + Some((addr, prefix)) => (addr, Some(prefix)), + None => (spec, None), + }; + + let addr: IpAddr = match addr_str.parse() { + Ok(addr) => addr, + Err(_) => return Ok(None), + }; + + let prefix_len = if let Some(prefix) = prefix { + let parsed = prefix + .parse::() + .map_err(|_| Error::new(ErrorKind::InvalidInput, "Invalid prefix length"))?; + ensure_valid_ipv6_prefix(parsed)?; + Some(parsed) + } else { + None + }; + + Ok(Some((addr, prefix_len))) +} + +#[cfg(test)] +mod tests { + use super::*; + use std::net::{IpAddr, Ipv4Addr, Ipv6Addr}; + + #[test] + fn parse_ipv4_without_prefix() { + let parsed = parse_addr_spec("192.0.2.1").expect("parse succeeds"); + assert_eq!( + parsed, + Some((IpAddr::V4(Ipv4Addr::new(192, 0, 2, 1)), None)) + ); + } + + #[test] + fn parse_ipv6_with_prefix() { + let parsed = parse_addr_spec("2001:db8::1/64").expect("parse succeeds"); + assert_eq!( + parsed, + Some(( + IpAddr::V6("2001:db8::1".parse::().unwrap()), + Some(64), + )) + ); + } + + #[test] + fn parse_invalid_addr_returns_none() { + assert_eq!(parse_addr_spec("not-an-ip").unwrap(), None); + } + + #[test] + fn parse_invalid_prefix_string_errors() { + assert!(parse_addr_spec("::1/not-a-number").is_err()); + } + + #[test] + fn parse_prefix_out_of_range_errors() { + assert!(parse_addr_spec("::1/129").is_err()); + } + + #[test] + fn ensure_valid_ipv6_prefix_accepts_bounds() { + ensure_valid_ipv6_prefix(0).expect("zero prefix is allowed"); + ensure_valid_ipv6_prefix(128).expect("max prefix is allowed"); + } + + #[test] + fn ensure_valid_ipv6_prefix_rejects_invalid() { + assert!(ensure_valid_ipv6_prefix(129).is_err()); + } + + #[test] + fn ipv6_prefix_octets_zero_prefix() { + assert_eq!(ipv6_prefix_octets(0).unwrap(), [0u8; 16]); + } + + #[test] + fn ipv6_prefix_octets_sets_bits_correctly() { + let mask = ipv6_prefix_octets(65).unwrap(); + assert_eq!(mask[0..8], [0xFF; 8]); + assert_eq!(mask[8], 0x80); + assert_eq!(mask[9..], [0u8; 7]); + } +} diff --git a/tun/src/unix/apple/mod.rs b/tun/src/unix/apple/mod.rs index 0d60aa7..0fc701e 100644 --- a/tun/src/unix/apple/mod.rs +++ b/tun/src/unix/apple/mod.rs @@ -1,8 +1,8 @@ use std::{ ffi::CStr, - io::{Error, IoSlice}, + io::{Error, ErrorKind, IoSlice}, mem, - net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddrV4}, + net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddrV4, SocketAddrV6}, os::fd::{AsRawFd, FromRawFd, RawFd}, }; @@ -17,6 +17,7 @@ pub mod sys; use kern_control::SysControlSocket; +use super::address::{ensure_valid_ipv6_prefix, ipv6_prefix_octets, parse_addr_spec}; use super::{ifname_to_string, string_to_ifname}; use crate::TunOptions; @@ -72,11 +73,11 @@ impl TunInterface { #[throws] fn configure(&self, options: TunOptions) { - for addr in options.address { - if let Ok(addr) = addr.parse::() { + for spec in options.address { + if let Some((addr, prefix_len)) = parse_addr_spec(&spec)? { match addr { IpAddr::V4(addr) => self.set_ipv4_addr(addr)?, - IpAddr::V6(addr) => self.set_ipv6_addr(addr)?, + IpAddr::V6(addr) => self.add_ipv6_addr(addr, prefix_len.unwrap_or(128))?, } } } @@ -149,18 +150,38 @@ impl TunInterface { } #[throws] - pub fn set_ipv6_addr(&self, _addr: Ipv6Addr) { - // let addr = SockAddr::from(SocketAddrV6::new(addr, 0, 0, 0)); - // println!("addr: {:?}", addr); - // let mut iff = self.in6_ifreq()?; - // let sto = addr.as_storage(); - // let ifadddr_ptr: *const sockaddr_in6 = addr_of!(sto).cast(); - // iff.ifr_ifru.ifru_addr = unsafe { *ifadddr_ptr }; - // println!("ifru addr set"); - // println!("{:?}", sys::SIOCSIFADDR_IN6); - // self.perform6(|fd| unsafe { sys::if_set_addr6(fd, &iff) })?; - // tracing::info!("ipv6_addr_set"); - tracing::warn!("Setting IPV6 address on MacOS CLI mode is not supported yet."); + #[instrument] + pub fn add_ipv6_addr(&self, addr: Ipv6Addr, prefix_len: u8) { + ensure_valid_ipv6_prefix(prefix_len)?; + + let mut req: sys::in6_aliasreq = unsafe { mem::zeroed() }; + req.ifra_name = string_to_ifname(&self.name()?); + req.ifra_addr = ipv6_to_sockaddr(addr); + req.ifra_prefixmask = ipv6_prefix_mask(prefix_len)?; + self.perform6(|fd| unsafe { sys::if_add_addr6(fd, &req) })?; + tracing::info!( + "ipv6_addr_added: {:?}/{} (fd: {:?})", + addr, + prefix_len, + self.as_raw_fd() + ); + } + + #[throws] + #[instrument] + pub fn remove_ipv6_addr(&self, addr: Ipv6Addr, prefix_len: u8) { + ensure_valid_ipv6_prefix(prefix_len)?; + + let mut iff = self.in6_ifreq()?; + iff.ifr_ifru.ifru_addr = ipv6_to_sockaddr(addr); + iff.ifr_ifru.ifru_prefixmask = ipv6_prefix_mask(prefix_len)?; + self.perform6(|fd| unsafe { sys::if_del_addr6(fd, &iff) })?; + tracing::info!( + "ipv6_addr_removed: {:?}/{} (fd: {:?})", + addr, + prefix_len, + self.as_raw_fd() + ); } #[throws] @@ -269,7 +290,6 @@ impl TunInterface { #[throws] #[instrument] pub fn send(&self, buf: &[u8]) -> usize { - use std::io::ErrorKind; let proto = match buf[0] >> 4 { 6 => Ok(AF_INET6), 4 => Ok(AF_INET), @@ -294,5 +314,16 @@ impl TunInterface { #[inline] fn in6_addr_octets(addr: libc::in6_addr) -> [u8; 16] { - unsafe { addr.__u6_addr.__u6_addr8 } + addr.s6_addr +} + +fn ipv6_to_sockaddr(addr: Ipv6Addr) -> libc::sockaddr_in6 { + let sockaddr = SockAddr::from(SocketAddrV6::new(addr, 0, 0, 0)); + unsafe { *(sockaddr.as_ptr() as *const libc::sockaddr_in6) } +} + +#[throws] +fn ipv6_prefix_mask(prefix_len: u8) -> libc::sockaddr_in6 { + let octets = ipv6_prefix_octets(prefix_len)?; + ipv6_to_sockaddr(Ipv6Addr::from(octets)) } diff --git a/tun/src/unix/apple/sys.rs b/tun/src/unix/apple/sys.rs index d48d6ee..282ee34 100644 --- a/tun/src/unix/apple/sys.rs +++ b/tun/src/unix/apple/sys.rs @@ -2,20 +2,11 @@ use std::mem; use libc::{c_char, c_int, c_short, c_uint, c_ulong, sockaddr, sockaddr_in6, time_t}; pub use libc::{ - c_void, - sockaddr_ctl, - sockaddr_in, - socklen_t, - AF_SYSTEM, - AF_SYS_CONTROL, - IFNAMSIZ, + c_void, sockaddr_ctl, sockaddr_in, socklen_t, AF_SYSTEM, AF_SYS_CONTROL, IFNAMSIZ, SYSPROTO_CONTROL, }; use nix::{ - ioctl_read_bad, - ioctl_readwrite, - ioctl_write_ptr_bad, - request_code_readwrite, + ioctl_read_bad, ioctl_readwrite, ioctl_write_ptr_bad, request_code_readwrite, request_code_write, }; @@ -77,7 +68,7 @@ pub struct ifreq { #[repr(C)] #[derive(Copy, Clone, Debug)] -pub struct in6_addrlifetime{ +pub struct in6_addrlifetime { pub ia6t_expire: time_t, pub ia6t_preferred: time_t, pub ia6t_vltime: u32, @@ -157,6 +148,7 @@ pub struct icmp6_ifstat { pub union ifr_ifru6 { pub ifru_addr: sockaddr_in6, pub ifru_dstaddr: sockaddr_in6, + pub ifru_prefixmask: sockaddr_in6, pub ifru_flags: c_int, pub ifru_flags6: c_int, pub ifru_metric: c_int, @@ -165,7 +157,7 @@ pub union ifr_ifru6 { pub ifru_lifetime: in6_addrlifetime, // ifru_lifetime pub ifru_stat: in6_ifstat, pub ifru_icmp6stat: icmp6_ifstat, - pub ifru_scope_id: [u32; SCOPE6_ID_MAX] + pub ifru_scope_id: [u32; SCOPE6_ID_MAX], } #[repr(C)] @@ -174,8 +166,21 @@ pub struct in6_ifreq { pub ifr_ifru: ifr_ifru6, } +#[repr(C)] +#[derive(Copy, Clone, Debug)] +pub struct in6_aliasreq { + pub ifra_name: [c_char; IFNAMSIZ], + pub ifra_addr: sockaddr_in6, + pub ifra_dstaddr: sockaddr_in6, + pub ifra_prefixmask: sockaddr_in6, + pub ifra_lifetime: in6_addrlifetime, + pub ifra_flags: c_int, +} + pub const SIOCSIFADDR: c_ulong = request_code_write!(b'i', 12, mem::size_of::()); pub const SIOCSIFADDR_IN6: c_ulong = request_code_write!(b'i', 12, mem::size_of::()); +pub const SIOCAIFADDR_IN6: c_ulong = request_code_write!(b'i', 30, mem::size_of::()); +pub const SIOCDIFADDR_IN6: c_ulong = request_code_write!(b'i', 25, mem::size_of::()); pub const SIOCGIFMTU: c_ulong = request_code_readwrite!(b'i', 51, mem::size_of::()); pub const SIOCSIFMTU: c_ulong = request_code_write!(b'i', 52, mem::size_of::()); pub const SIOCGIFNETMASK: c_ulong = request_code_readwrite!(b'i', 37, mem::size_of::()); @@ -198,6 +203,7 @@ ioctl_read_bad!(if_get_addr, libc::SIOCGIFADDR, ifreq); ioctl_read_bad!(if_get_mtu, SIOCGIFMTU, ifreq); ioctl_read_bad!(if_get_netmask, SIOCGIFNETMASK, ifreq); ioctl_write_ptr_bad!(if_set_addr, SIOCSIFADDR, ifreq); -ioctl_write_ptr_bad!(if_set_addr6, SIOCSIFADDR_IN6, in6_ifreq); +ioctl_write_ptr_bad!(if_add_addr6, SIOCAIFADDR_IN6, in6_aliasreq); +ioctl_write_ptr_bad!(if_del_addr6, SIOCDIFADDR_IN6, in6_ifreq); ioctl_write_ptr_bad!(if_set_mtu, SIOCSIFMTU, ifreq); ioctl_write_ptr_bad!(if_set_netmask, SIOCSIFNETMASK, ifreq); diff --git a/tun/src/unix/linux/mod.rs b/tun/src/unix/linux/mod.rs index 829c875..03b6f09 100644 --- a/tun/src/unix/linux/mod.rs +++ b/tun/src/unix/linux/mod.rs @@ -15,6 +15,7 @@ use libc::{in6_ifreq, AF_INET6}; use socket2::{Domain, SockAddr, Socket, Type}; use tracing::{info, instrument}; +use super::address::ensure_valid_ipv6_prefix; use super::{ifname_to_string, string_to_ifname}; use crate::TunOptions; @@ -141,11 +142,36 @@ impl TunInterface { #[throws] #[instrument] - pub fn set_ipv6_addr(&self, addr: Ipv6Addr) { + pub fn add_ipv6_addr(&self, addr: Ipv6Addr, prefix_len: u8) { + ensure_valid_ipv6_prefix(prefix_len)?; + let mut iff = self.in6_ifreq()?; iff.ifr6_addr.s6_addr = addr.octets(); - self.perform6(|fd| unsafe { sys::if_set_addr6(fd, &iff) })?; - info!("ipv6_addr_set: {:?} (fd: {:?})", addr, self.as_raw_fd()) + iff.ifr6_prefixlen = prefix_len.into(); + self.perform6(|fd| unsafe { sys::if_add_addr6(fd, &iff) })?; + info!( + "ipv6_addr_added: {:?}/{} (fd: {:?})", + addr, + prefix_len, + self.as_raw_fd() + ) + } + + #[throws] + #[instrument] + pub fn remove_ipv6_addr(&self, addr: Ipv6Addr, prefix_len: u8) { + ensure_valid_ipv6_prefix(prefix_len)?; + + let mut iff = self.in6_ifreq()?; + iff.ifr6_addr.s6_addr = addr.octets(); + iff.ifr6_prefixlen = prefix_len.into(); + self.perform6(|fd| unsafe { sys::if_del_addr6(fd, &iff) })?; + info!( + "ipv6_addr_removed: {:?}/{} (fd: {:?})", + addr, + prefix_len, + self.as_raw_fd() + ) } #[throws] diff --git a/tun/src/unix/linux/sys.rs b/tun/src/unix/linux/sys.rs index 25839dc..cba5554 100644 --- a/tun/src/unix/linux/sys.rs +++ b/tun/src/unix/linux/sys.rs @@ -20,7 +20,8 @@ ioctl_read_bad!(if_get_mtu, libc::SIOCGIFMTU, libc::ifreq); ioctl_read_bad!(if_get_netmask, libc::SIOCGIFNETMASK, libc::ifreq); ioctl_write_ptr_bad!(if_set_addr, libc::SIOCSIFADDR, libc::ifreq); -ioctl_write_ptr_bad!(if_set_addr6, libc::SIOCSIFADDR, libc::in6_ifreq); +ioctl_write_ptr_bad!(if_add_addr6, libc::SIOCSIFADDR, libc::in6_ifreq); +ioctl_write_ptr_bad!(if_del_addr6, libc::SIOCDIFADDR, libc::in6_ifreq); ioctl_write_ptr_bad!(if_set_brdaddr, libc::SIOCSIFBRDADDR, libc::ifreq); ioctl_write_ptr_bad!(if_set_mtu, libc::SIOCSIFMTU, libc::ifreq); ioctl_write_ptr_bad!(if_set_netmask, libc::SIOCSIFNETMASK, libc::ifreq); diff --git a/tun/src/unix/mod.rs b/tun/src/unix/mod.rs index ae0b77a..f1d7da1 100644 --- a/tun/src/unix/mod.rs +++ b/tun/src/unix/mod.rs @@ -6,6 +6,7 @@ use std::{ use tracing::instrument; +mod address; mod queue; #[cfg(target_vendor = "apple")] diff --git a/tun/tests/configure.rs b/tun/tests/configure.rs index e7e2c6d..7c05959 100644 --- a/tun/tests/configure.rs +++ b/tun/tests/configure.rs @@ -46,7 +46,7 @@ fn test_set_get_ipv6() { let tun = TunInterface::new()?; let addr = Ipv6Addr::new(1, 1, 1, 1, 1, 1, 1, 1); - tun.set_ipv6_addr(addr)?; + tun.add_ipv6_addr(addr, 128)?; // let result = tun.ipv6_addr()?; // assert_eq!(addr, result); diff --git a/tun/tests/packets.rs b/tun/tests/packets.rs index 80c078b..b9607b3 100644 --- a/tun/tests/packets.rs +++ b/tun/tests/packets.rs @@ -1,5 +1,5 @@ -use std::{io::Error, net::Ipv4Addr}; use std::net::Ipv6Addr; +use std::{io::Error, net::Ipv4Addr}; use fehler::throws; use tun::TunInterface; @@ -44,5 +44,5 @@ fn set_ipv6() { println!("tun name: {:?}", tun.name()?); let targ_addr: Ipv6Addr = "::1".parse().unwrap(); println!("v6 addr: {:?}", targ_addr); - tun.set_ipv6_addr(targ_addr)?; -} \ No newline at end of file + tun.add_ipv6_addr(targ_addr, 128)?; +} diff --git a/tun/tests/tokio.rs b/tun/tests/tokio.rs index f7cb273..097387c 100644 --- a/tun/tests/tokio.rs +++ b/tun/tests/tokio.rs @@ -1,3 +1,4 @@ +#[cfg(all(feature = "tokio", not(target_os = "windows")))] use std::net::Ipv4Addr; #[tokio::test]