1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
package tap
import (
"net"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
log "github.com/sirupsen/logrus"
"gvisor.dev/gvisor/pkg/tcpip"
"gvisor.dev/gvisor/pkg/tcpip/header"
"gvisor.dev/gvisor/pkg/tcpip/stack"
)
type LinkEndpoint struct {
debug bool
mtu int
mac tcpip.LinkAddress
ip string
virtualIPs map[string]struct{}
dispatcher stack.NetworkDispatcher
networkSwitch NetworkSwitch
}
func NewLinkEndpoint(debug bool, mtu int, macAddress string, ip string, virtualIPs []string) (*LinkEndpoint, error) {
linkAddr, err := net.ParseMAC(macAddress)
if err != nil {
return nil, err
}
set := make(map[string]struct{})
for _, virtualIP := range virtualIPs {
set[virtualIP] = struct{}{}
}
return &LinkEndpoint{
debug: debug,
mtu: mtu,
mac: tcpip.LinkAddress(linkAddr),
ip: ip,
virtualIPs: set,
}, nil
}
func (e *LinkEndpoint) ARPHardwareType() header.ARPHardwareType {
return header.ARPHardwareEther
}
func (e *LinkEndpoint) Connect(networkSwitch NetworkSwitch) {
e.networkSwitch = networkSwitch
}
func (e *LinkEndpoint) Attach(dispatcher stack.NetworkDispatcher) {
e.dispatcher = dispatcher
}
func (e *LinkEndpoint) IsAttached() bool {
return e.dispatcher != nil
}
func (e *LinkEndpoint) DeliverNetworkPacket(protocol tcpip.NetworkProtocolNumber, pkt *stack.PacketBuffer) {
e.dispatcher.DeliverNetworkPacket(protocol, pkt)
}
func (e *LinkEndpoint) AddHeader(_ *stack.PacketBuffer) {
}
func (e *LinkEndpoint) ParseHeader(*stack.PacketBuffer) bool { return true }
func (e *LinkEndpoint) Capabilities() stack.LinkEndpointCapabilities {
return stack.CapabilityResolutionRequired | stack.CapabilityRXChecksumOffload
}
func (e *LinkEndpoint) LinkAddress() tcpip.LinkAddress {
return e.mac
}
func (e *LinkEndpoint) SetLinkAddress(addr tcpip.LinkAddress) {
e.mac = addr
}
func (e *LinkEndpoint) MaxHeaderLength() uint16 {
return uint16(header.EthernetMinimumSize)
}
func (e *LinkEndpoint) MTU() uint32 {
return uint32(e.mtu)
}
func (e *LinkEndpoint) SetMTU(mtu uint32) {
e.mtu = int(mtu)
}
func (e *LinkEndpoint) Wait() {}
func (e *LinkEndpoint) Close() {}
func (e *LinkEndpoint) SetOnCloseAction(_ func()) {}
func (e *LinkEndpoint) WritePackets(pkts stack.PacketBufferList) (int, tcpip.Error) {
n := 0
for _, p := range pkts.AsSlice() {
if err := e.writePacket(p.EgressRoute, p.NetworkProtocolNumber, p); err != nil {
return n, err
}
n++
}
return n, nil
}
func (e *LinkEndpoint) writePacket(r stack.RouteInfo, protocol tcpip.NetworkProtocolNumber, pkt *stack.PacketBuffer) tcpip.Error {
// Preserve the src address if it's set in the route.
srcAddr := e.LinkAddress()
if r.LocalLinkAddress != "" {
srcAddr = r.LocalLinkAddress
}
eth := header.Ethernet(pkt.LinkHeader().Push(header.EthernetMinimumSize))
eth.Encode(&header.EthernetFields{
Type: protocol,
SrcAddr: srcAddr,
DstAddr: r.RemoteLinkAddress,
})
h := header.ARP(pkt.NetworkHeader().Slice())
if h.IsValid() &&
h.Op() == header.ARPReply {
ip := tcpip.AddrFromSlice(h.ProtocolAddressSender()).String()
_, ok := e.virtualIPs[ip]
if ip != e.IP() && !ok {
log.Debugf("dropping spoofing packets from the gateway about IP %s", ip)
return nil
}
}
if e.debug {
packet := gopacket.NewPacket(pkt.ToView().AsSlice(), layers.LayerTypeEthernet, gopacket.Default)
log.Info(packet.String())
}
e.networkSwitch.DeliverNetworkPacket(protocol, pkt)
return nil
}
func (e *LinkEndpoint) WriteRawPacket(_ *stack.PacketBuffer) tcpip.Error {
return &tcpip.ErrNotSupported{}
}
func (e *LinkEndpoint) IP() string {
return e.ip
}
|
