Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Allow the user to arbitrarily change the packet

Rename the filter function record members and allow the functions to
return a new IPv6 packet.
  • Loading branch information...
commit 166604400fd062d626501bcc80ebb688162128e1 1 parent 6920bd2
@msantos authored
View
25 README.md
@@ -46,8 +46,8 @@ sut, an IPv6 in IPv4 Userlspace Tunnel (RFC 4213)
| {serverv4, IPv4Address}
| {clientv4, IPv4Address}
| {clientv6, IPv6Address}
- | {out, Fun}
- | {in, Fun}
+ | {filter_out, Fun}
+ | {filter_in, Fun}
Ifname = string() | binary()
IPv4Address = string() | tuple()
IPv6Address = string() | tuple()
@@ -69,12 +69,13 @@ sut, an IPv6 in IPv4 Userlspace Tunnel (RFC 4213)
{clientv6, Client6} is the IPv6 address of the local end. This
address will usually be assigned by the tunnel broker.
- {in, Fun} allows filtering of IPv6 packets received from the
- network. All packets undergo the mandatory checks specified by
- RFC 4213 before being passed to user checks.
+ {filter_in, Fun} allows filtering and arbititrary transformation
+ of IPv6 packets received from the network. All packets undergo
+ the mandatory checks specified by RFC 4213 before being passed
+ to user checks.
- {out, Fun} allows filtering of IPv6 packets received from the
- tun device.
+ {filter_out, Fun} allows filtering and manipulation of IPv6
+ packets received from the tun device.
Filtering functions take 2 argments: the packet payload (a binary)
and the tunnel state:
@@ -87,9 +88,11 @@ sut, an IPv6 in IPv4 Userlspace Tunnel (RFC 4213)
clientv6
}.
- Filtering functions return ok to allow the packet. Any other
- return value causes the packet to be dropped. The default filter
- for both incoming and outgoing packets is a noop:
+ Filtering functions should return ok to allow the packet or {ok,
+ binary()} if the packet has been altered by the function.
+
+ Any other return value causes the packet to be dropped. The
+ default filter for both incoming and outgoing packets is a noop:
fun(_Packet, _State) -> ok end.
@@ -105,8 +108,6 @@ sut, an IPv6 in IPv4 Userlspace Tunnel (RFC 4213)
* Support other checks required by RFC
-* Support inbound/outbound IPv6 firewalling
-
* Decide how to handle write failures to the network and tun device
* possible packets may fail before interface is fully configured
View
4 examples/basic_firewall.erl
@@ -42,8 +42,8 @@
%%% Then start using:
%%%
%%% sut:start([
-%%% {out, fun(Packet, State) -> basic_firewall:out(Packet, State) end},
-%%% {in, fun(Packet, State) -> basic_firewall:in(Packet, State) end},
+%%% {filter_out, fun(Packet, State) -> basic_firewall:out(Packet, State) end},
+%%% {filter_in, fun(Packet, State) -> basic_firewall:in(Packet, State) end},
%%%
%%% {serverv4, Server4},
%%% {clientv4, Client4},
View
4 include/sut.hrl
@@ -44,8 +44,8 @@
serverv4,
clientv4,
clientv6,
- out = fun(_Packet, _State) -> ok end,
- in = fun(_Packet, _State) -> ok end,
+ filter_out = fun(_Packet, _State) -> ok end,
+ filter_in = fun(_Packet, _State) -> ok end,
s,
fd,
View
20 src/sut_fw.erl
@@ -41,21 +41,29 @@
%% tun device -> socket
out(Packet, #sut_state{
- out = Fun,
+ filter_out = Fun,
s = Socket,
serverv4 = Server
} = State) ->
- ok = Fun(Packet, State),
- ok = gen_udp:send(Socket, Server, 0, Packet).
+ {ok, Packet1} = case Fun(Packet, State) of
+ ok -> {ok, Packet};
+ {ok, N} -> {ok, N};
+ Err -> Err
+ end,
+ ok = gen_udp:send(Socket, Server, 0, Packet1).
%% socket -> tun device
in(Packet, #sut_state{
- in = Fun,
+ filter_in = Fun,
dev = Dev
} = State) ->
ok = valid(Packet),
- ok = Fun(Packet, State),
- ok = tuncer:send(Dev, Packet).
+ {ok, Packet1} = case Fun(Packet, State) of
+ ok -> {ok, Packet};
+ {ok, N} -> {ok, N};
+ Err -> Err
+ end,
+ ok = tuncer:send(Dev, Packet1).
%%
Please sign in to comment.
Something went wrong with that request. Please try again.