TSG-8098,修复icmpv6的校验和

src/tsg_icmp.cpp

@@ -15,8 +15,10 @@
 
 #define ICMPV4_UNREACHABLE                  0x03
 #define ICMPV4_PORT_UNREACHABLE             0x03
+#define ICMPV4_ADMINISTRATIVELY_PROHIBITED  0x0d
 #define ICMPV6_UNREACHABLE                  0x01
 #define ICMPV6_PORT_UNREACHABLE             0X04
+#define ICMPV6_ADMINISTRATIVELY_PROHIBITED  0x01
 
 #define MAC_LEN 6
 #define MAC_LEN_2  ((MAC_LEN)+(MAC_LEN))
@@ -40,10 +42,10 @@
 #define ICMPV4_MAX_LEN  ((ICMPV4_SOURCE_MAX_LEN)+(ICMP_HEAD_LEN))
 #define IPV6_PESUDO_HEAD_LEN        40
 
-//icmpv6的srcPacket len需要再确认
+#define ICMP_MAX_LEN   65535     
-#define ICMP_MAX_LEN   65535       //eth_len(14) + ipv6_len(40) + ICMP_MAX_LEN(8+128)
 #define ICMP_SRCPACKET_MAX_LEN    548  // 548 == ipv4(max_len 576)-ip_len(20)-icmp_head_len(8)
 #define ICMPV6_SRCPACKET_MAX_LEN  1232 // 1232 == ipv6(max_len 1280)-ipv6_len(40)-icmp_head_len(8)
+#define ICMPV6_MTU  1280     
 
 typedef struct icmpv4{
     char type;
@@ -111,7 +113,7 @@ static void format_icmpv4(const char *raw_pkt, char *buf, int *len){
     memset(&icmpst, 0, sizeof(icmpv4_st));
     memcpy(icmpst.srcPacket, raw_pkt, icmp_srcpacket_len); //
     icmpst.type = ICMPV4_UNREACHABLE;
-    icmpst.code = ICMPV4_PORT_UNREACHABLE;
+    icmpst.code = ICMPV4_ADMINISTRATIVELY_PROHIBITED;
     icmpst.checksum = in_checksum((void*)&icmpst, icmp_len);
 
     //format ipv4
@@ -133,10 +135,8 @@ static void format_icmpv4(const char *raw_pkt, char *buf, int *len){
     return;
 }
 
-//int format_icmpv6(char *icmp, short icmp_len, char *eth, const char *data){
-#if 0
 static void format_icmpv6(const char *data, char *buf, int *len){
-    char checksum_str[ICMPV6_SRCPACKET_MAX_LEN] = {0}; 
+    char checksum_str[ICMPV6_MTU] = {0}; 
     char ipv6[IPV6_LEN] = {0};
     icmpv6_st icmpst = {0};
     short src_ipv6_total_len = 0;
@@ -176,7 +176,7 @@ static void format_icmpv6(const char *data, char *buf, int *len){
     //format icmp
     memset(&icmpst, 0, sizeof(icmpv6_st));
     icmpst.type = ICMPV6_UNREACHABLE;
-    icmpst.code = ICMPV6_PORT_UNREACHABLE;
+    icmpst.code = ICMPV6_ADMINISTRATIVELY_PROHIBITED;
     memcpy(icmpst.srcPacket, data, icmp_srcpacket_len);
 
     //补充为4字节
@@ -201,19 +201,16 @@ static void format_icmpv6(const char *data, char *buf, int *len){
 
     return;
 }
-#endif
 
 static void format_icmp(const char *raw_pkt, char *icmp_buf, int *icmp_len, int ip_type){
     if(IPV4_TYPE == ip_type) {
         format_icmpv4(raw_pkt, icmp_buf, icmp_len);
+    } else{ //IPV6_TYPE
+        format_icmpv6(raw_pkt, icmp_buf, icmp_len);
     }
-    //else{ //IPV6_TYPE
-    //    format_icmpv6(raw_pkt, icmp_buf, icmp_len);
-    //}
     return;
 }
 
-//int send_icmp_unreach_xxx(const void *raw_pkt, xxxxx)
 unsigned char send_icmp_unreachable(const struct streaminfo *a_stream, const void *raw_pkt)
 {
     char icmp_buf[ICMP_MAX_LEN]; 
@@ -224,7 +221,7 @@ unsigned char send_icmp_unreachable(const struct streaminfo *a_stream, const voi
 	    return STATE_DROPPKT;
     }
 
-    if((a_stream->curdir==DIR_S2C)||(raw_pkt==NULL)||(a_stream->addr.addrtype!=IPV4_TYPE)){
+    if((a_stream->curdir==DIR_S2C)||(raw_pkt==NULL)){
         return STATE_DROPPKT;
     }
 

src/tsg_tamper.cpp

@@ -69,13 +69,13 @@ unsigned char send_tamper_xxx(const struct streaminfo *a_stream, const void *raw
         return STATE_DROPPKT;   
     }
 
-    if((p_trans_payload==NULL)||(trans_layload_len<=0)||(a_stream->curdir== DIR_S2C)){
+    if((p_trans_payload==NULL)||(trans_layload_len<=0)||(a_stream->curdir==DIR_S2C)){
         return STATE_DROPPKT;   
     }
 
     memcpy(tamper_buf, p_trans_payload, trans_layload_len);
     ret = tamper_calc(tamper_buf, 0, trans_layload_len);
-    if (ret < 0){
+    if(ret < 0){
         return STATE_DROPPKT; 
     }