mirror of
https://github.com/slackhq/nebula.git
synced 2026-07-02 03:20:29 +02:00
add IPv6 support to CreateICMPEchoResponse (#1767)
smoke-extra / freebsd-amd64 (push) Failing after 16s
smoke-extra / linux-amd64-ipv6disable (push) Failing after 17s
smoke-extra / netbsd-amd64 (push) Failing after 14s
smoke-extra / openbsd-amd64 (push) Failing after 14s
smoke-extra / linux-386 (push) Failing after 15s
smoke / Run multi node smoke test (push) Failing after 1m28s
Build and test / Static checks (push) Successful in 42s
Build and test / Test linux (push) Failing after 1m29s
Build and test / Test linux-boringcrypto (push) Failing after 2m51s
Build and test / Test linux-pkcs11 (push) Failing after 2m51s
Build and test / Cross-build linux-arm (push) Successful in 3m9s
Build and test / Cross-build linux-mips (push) Successful in 3m51s
Build and test / Cross-build linux-other (push) Successful in 3m16s
Build and test / Cross-build windows (push) Successful in 1m3s
Build and test / Cross-build freebsd (push) Successful in 1m38s
Build and test / Cross-build netbsd (push) Successful in 1m36s
Build and test / Cross-build openbsd (push) Successful in 1m36s
Build and test / Cross-build mobile (push) Successful in 3m20s
smoke-extra / Run windows smoke test (push) Has been cancelled
Build and test / Test macos (push) Has been cancelled
Build and test / Test windows (push) Has been cancelled
Build and test / CI status (push) Has been cancelled
smoke-extra / freebsd-amd64 (push) Failing after 16s
smoke-extra / linux-amd64-ipv6disable (push) Failing after 17s
smoke-extra / netbsd-amd64 (push) Failing after 14s
smoke-extra / openbsd-amd64 (push) Failing after 14s
smoke-extra / linux-386 (push) Failing after 15s
smoke / Run multi node smoke test (push) Failing after 1m28s
Build and test / Static checks (push) Successful in 42s
Build and test / Test linux (push) Failing after 1m29s
Build and test / Test linux-boringcrypto (push) Failing after 2m51s
Build and test / Test linux-pkcs11 (push) Failing after 2m51s
Build and test / Cross-build linux-arm (push) Successful in 3m9s
Build and test / Cross-build linux-mips (push) Successful in 3m51s
Build and test / Cross-build linux-other (push) Successful in 3m16s
Build and test / Cross-build windows (push) Successful in 1m3s
Build and test / Cross-build freebsd (push) Successful in 1m38s
Build and test / Cross-build netbsd (push) Successful in 1m36s
Build and test / Cross-build openbsd (push) Successful in 1m36s
Build and test / Cross-build mobile (push) Successful in 3m20s
smoke-extra / Run windows smoke test (push) Has been cancelled
Build and test / Test macos (push) Has been cancelled
Build and test / Test windows (push) Has been cancelled
Build and test / CI status (push) Has been cancelled
The function previously only handled IPv4 ICMP Echo Request packets. This adds handling for IPv6 ICMPv6 Echo Request (type 128) by generating a proper Echo Reply (type 129) with correct pseudo-header checksum.
This commit is contained in:
@@ -378,6 +378,21 @@ func ipv6FindUpperProtocolOffset(packet []byte) int {
|
||||
}
|
||||
|
||||
func CreateICMPEchoResponse(packet, out []byte) []byte {
|
||||
if len(packet) < 1 {
|
||||
return nil
|
||||
}
|
||||
|
||||
switch packet[0] >> 4 {
|
||||
case 4:
|
||||
return createICMPv4EchoResponse(packet, out)
|
||||
case 6:
|
||||
return createICMPv6EchoResponse(packet, out)
|
||||
default:
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
func createICMPv4EchoResponse(packet, out []byte) []byte {
|
||||
// Return early if this is not a simple ICMP Echo Request
|
||||
//TODO: make constants out of these
|
||||
if !(len(packet) >= 28 && len(packet) <= 9001 && packet[0] == 0x45 && packet[9] == 0x01 && packet[20] == 0x08) {
|
||||
@@ -411,6 +426,43 @@ func CreateICMPEchoResponse(packet, out []byte) []byte {
|
||||
return out
|
||||
}
|
||||
|
||||
func createICMPv6EchoResponse(packet, out []byte) []byte {
|
||||
// IPv6 header (40 bytes) + ICMPv6 header (8 bytes minimum)
|
||||
if len(packet) < ipv6.HeaderLen+8 || len(packet) > 9001 {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Next Header must be ICMPv6 (58)
|
||||
if packet[6] != 58 {
|
||||
return nil
|
||||
}
|
||||
|
||||
// ICMPv6 type must be Echo Request (128)
|
||||
if packet[ipv6.HeaderLen] != 128 {
|
||||
return nil
|
||||
}
|
||||
|
||||
out = out[:len(packet)]
|
||||
copy(out, packet)
|
||||
|
||||
// Swap src/dst addresses (bytes 8-23 and 24-39)
|
||||
copy(out[8:24], packet[24:40])
|
||||
copy(out[24:40], packet[8:24])
|
||||
|
||||
// Change ICMPv6 type to Echo Reply (129)
|
||||
icmp := out[ipv6.HeaderLen:]
|
||||
icmp[0] = 129
|
||||
icmp[2] = 0
|
||||
icmp[3] = 0
|
||||
|
||||
// ICMPv6 checksum uses a pseudo-header with src, dst, length, and next header
|
||||
payloadLen := uint32(len(icmp))
|
||||
csum := ipv6PseudoheaderChecksum(out[8:24], out[24:40], 58, payloadLen)
|
||||
binary.BigEndian.PutUint16(icmp[2:], tcpipChecksum(icmp, csum))
|
||||
|
||||
return out
|
||||
}
|
||||
|
||||
// calculates the TCP/IP checksum defined in rfc1071. The passed-in
|
||||
// csum is any initial checksum data that's already been computed.
|
||||
//
|
||||
|
||||
Reference in New Issue
Block a user