Changeset 49689 in vbox for trunk/src/VBox/NetworkServices

Timestamp:

Nov 28, 2013 2:34:48 AM (11 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

90959

Message:

Create ICMP sockets for ping proxy.

File:

• trunk/src/VBox/NetworkServices/NAT/VBoxNetLwipNAT.cpp (modified) (6 diffs)

trunk/src/VBox/NetworkServices/NAT/VBoxNetLwipNAT.cpp

@@ -64 +64 @@
 # include <sys/socket.h>
 # include <netinet/in.h>
+# ifdef RT_OS_LINUX
+#  include <linux/icmp.h>       /* ICMP_FILTER */
+# endif
+# include <netinet/icmp6.h>
 #endif
 
@@ -151 +155 @@
     friend class NATNetworkListener;
   public:
-    VBoxNetLwipNAT();
+    VBoxNetLwipNAT(SOCKET icmpsock4, SOCKET icmpsock6);
     virtual ~VBoxNetLwipNAT();
     void usage(){                /* @todo: should be implemented */ };
@@ -758 +762 @@
 
 
-VBoxNetLwipNAT::VBoxNetLwipNAT()
+VBoxNetLwipNAT::VBoxNetLwipNAT(SOCKET icmpsock4, SOCKET icmpsock6)
 {
     LogFlowFuncEnter();
@@ -764 +768 @@
     m_ProxyOptions.ipv6_enabled = 0;
     m_ProxyOptions.ipv6_defroute = 0;
+    m_ProxyOptions.icmpsock4 = icmpsock4;
+    m_ProxyOptions.icmpsock6 = icmpsock6;
     m_ProxyOptions.tftp_root = NULL;
     m_ProxyOptions.src4 = NULL;
@@ -1208 +1214 @@
 #endif
 
+    SOCKET icmpsock4 = INVALID_SOCKET;
+    SOCKET icmpsock6 = INVALID_SOCKET;
+#ifndef RT_OS_DARWIN
+    const int icmpstype = SOCK_RAW;
+#else
+    /* on OS X it's not privileged */
+    const int icmpstype = SOCK_DGRAM;
+#endif
+
+    icmpsock4 = socket(AF_INET, icmpstype, IPPROTO_ICMP);
+    if (icmpsock4 == INVALID_SOCKET)
+    {
+        perror("IPPROTO_ICMP");
+    }
+
+    if (icmpsock4 != INVALID_SOCKET)
+    {
+#ifdef ICMP_FILTER              //  Linux specific; NB: privileged!
+        struct icmp_filter flt = {
+            ~(uint32_t)(
+                  (1U << ICMP_ECHOREPLY)
+                | (1U << ICMP_DEST_UNREACH)
+                | (1U << ICMP_TIME_EXCEEDED)
+            )
+        };
+
+        int status = setsockopt(icmpsock4, icmpstype, ICMP_FILTER,
+                                &flt, sizeof(flt));
+        if (status < 0)
+        {
+            perror("ICMP_FILTER");
+        }
+#endif
+    }
+
+    icmpsock6 = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
+    if (icmpsock6 == INVALID_SOCKET)
+    {
+        perror("IPPROTO_ICMPV6");
+    }
+
+    if (icmpsock6 != INVALID_SOCKET)
+    {
+#ifdef ICMP6_FILTER             // Windows doesn't support RFC 3542 API
+        /*
+         * XXX: We do this here for now, not in pxping.c, to avoid
+         * name clashes between lwIP and system headers.
+         */
+        struct icmp6_filter flt;
+        ICMP6_FILTER_SETBLOCKALL(&flt);
+
+        ICMP6_FILTER_SETPASS(ICMP6_ECHO_REPLY, &flt);
+
+        ICMP6_FILTER_SETPASS(ICMP6_DST_UNREACH, &flt);
+        ICMP6_FILTER_SETPASS(ICMP6_PACKET_TOO_BIG, &flt);
+        ICMP6_FILTER_SETPASS(ICMP6_TIME_EXCEEDED, &flt);
+        ICMP6_FILTER_SETPASS(ICMP6_PARAM_PROB, &flt);
+
+        int status = setsockopt(icmpsock6, IPPROTO_ICMPV6, ICMP6_FILTER,
+                                &flt, sizeof(flt));
+        if (status < 0)
+        {
+            perror("ICMP6_FILTER");
+        }
+#endif
+    }
+
     HRESULT hrc = com::Initialize();
 #ifdef VBOX_WITH_XPCOM
@@ -1221 +1294 @@
         return RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed to initialize COM!");
 
-    g_pLwipNat = new VBoxNetLwipNAT();
+    g_pLwipNat = new VBoxNetLwipNAT(icmpsock4, icmpsock6);
 
     Log2(("NAT: initialization\n"));