From b14cd1ef1677f9d546e1812b8753a302a3a8966b Mon Sep 17 00:00:00 2001 From: Tim Wojtulewicz Date: Thu, 24 Jun 2021 14:36:08 -0700 Subject: [PATCH] GH-1216: Enable Mobile IPv6 support by default This removes the ENABLE_MOBILE_IPV6 #define variable. It also marks the --enable-mobile-ipv6 configure argument as deprecated. --- NEWS | 4 ++++ configure | 10 ++++++++-- src/IP.cc | 20 ------------------- src/IP.h | 16 --------------- src/net_util.cc | 2 -- src/net_util.h | 2 -- src/packet_analysis/protocol/ip/IP.cc | 2 -- testing/btest/core/disable-mobile-ipv6.test | 15 -------------- testing/btest/core/mobile-ipv6-dst-opts.test | 2 -- testing/btest/core/mobile-ipv6-home-addr.test | 2 -- testing/btest/core/mobile-ipv6-routing.test | 2 -- testing/btest/core/mobility-checksums.test | 2 -- testing/btest/core/mobility_msg.test | 2 -- zeek-config.h.in | 3 --- 14 files changed, 12 insertions(+), 72 deletions(-) delete mode 100644 testing/btest/core/disable-mobile-ipv6.test diff --git a/NEWS b/NEWS index da6a1541af..cb968e042d 100644 --- a/NEWS +++ b/NEWS @@ -92,6 +92,10 @@ Removed Functionality - Support for the RocksDB Broker data store was previously broken and unusable, so all code/options related to it are now removed. +- Support for the ENABLE_MOBILE_IPV6 compiler variable has been removed. Mobile + IPv6 is now enabled by default. The --enable-mobile-ipv6 returns a warning + that it will be removed in v5.1 and no longer has any effect. + Deprecated Functionality ------------------------ diff --git a/configure b/configure index 3b07af0ee2..6db1dcfc8d 100755 --- a/configure +++ b/configure @@ -170,10 +170,11 @@ append_cache_entry INSTALL_ZEEK_ARCHIVER BOOL true append_cache_entry INSTALL_ZEEKCTL BOOL true append_cache_entry INSTALL_ZKG BOOL true append_cache_entry CPACK_SOURCE_IGNORE_FILES STRING -append_cache_entry ENABLE_MOBILE_IPV6 BOOL false append_cache_entry ZEEK_SANITIZERS STRING "" append_cache_entry ZEEK_INCLUDE_PLUGINS STRING "" +has_enable_mobile_ipv6=0 + # parse arguments while [ $# -ne 0 ]; do case "$1" in @@ -265,7 +266,7 @@ while [ $# -ne 0 ]; do append_cache_entry ENABLE_DEBUG BOOL true ;; --enable-mobile-ipv6) - append_cache_entry ENABLE_MOBILE_IPV6 BOOL true + has_enable_mobile_ipv6=1 ;; --enable-perftools) append_cache_entry ENABLE_PERFTOOLS BOOL true @@ -440,3 +441,8 @@ fi echo "# This is the command used to configure this build" > config.status echo $command >> config.status chmod u+x config.status + +if [ $has_enable_mobile_ipv6 -eq 1 ]; then + echo + echo "NOTE: The --enable-mobile-ipv6 argument no longer has any effect and will be removed in v5.1." +fi diff --git a/src/IP.cc b/src/IP.cc index 3ee9134304..dc22d7d851 100644 --- a/src/IP.cc +++ b/src/IP.cc @@ -157,7 +157,6 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const } break; -#ifdef ENABLE_MOBILE_IPV6 case IPPROTO_MOBILITY: { static auto ip6_mob_type = id::find_type("ip6_mobility_hdr"); @@ -290,7 +289,6 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const rv->Assign(5, std::move(msg)); } break; -#endif //ENABLE_MOBILE_IPV6 default: break; @@ -445,9 +443,7 @@ static inline bool isIPv6ExtHeader(uint8_t type) case IPPROTO_FRAGMENT: case IPPROTO_AH: case IPPROTO_ESP: -#ifdef ENABLE_MOBILE_IPV6 case IPPROTO_MOBILITY: -#endif return true; default: return false; @@ -457,9 +453,7 @@ static inline bool isIPv6ExtHeader(uint8_t type) IPv6_Hdr_Chain::~IPv6_Hdr_Chain() { for ( size_t i = 0; i < chain.size(); ++i ) delete chain[i]; -#ifdef ENABLE_MOBILE_IPV6 delete homeAddr; -#endif delete finalDst; } @@ -509,11 +503,9 @@ void IPv6_Hdr_Chain::Init(const struct ip6_hdr* ip6, int total_len, if ( current_type == IPPROTO_ROUTING ) ProcessRoutingHeader((const struct ip6_rthdr*) hdrs, cur_len); -#ifdef ENABLE_MOBILE_IPV6 // Only Mobile IPv6 has a destination option we care about right now. if ( current_type == IPPROTO_DSTOPTS ) ProcessDstOpts((const struct ip6_dest*) hdrs, cur_len); -#endif hdrs += cur_len; length += cur_len; @@ -521,9 +513,7 @@ void IPv6_Hdr_Chain::Init(const struct ip6_hdr* ip6, int total_len, } while ( current_type != IPPROTO_FRAGMENT && current_type != IPPROTO_ESP && -#ifdef ENABLE_MOBILE_IPV6 current_type != IPPROTO_MOBILITY && -#endif isIPv6ExtHeader(next_type) ); } @@ -540,10 +530,8 @@ bool IPv6_Hdr_Chain::IsFragment() const IPAddr IPv6_Hdr_Chain::SrcAddr() const { -#ifdef ENABLE_MOBILE_IPV6 if ( homeAddr ) return IPAddr(*homeAddr); -#endif if ( chain.empty() ) { reporter->InternalWarning("empty IPv6 header chain"); @@ -595,7 +583,6 @@ void IPv6_Hdr_Chain::ProcessRoutingHeader(const struct ip6_rthdr* r, uint16_t le } break; -#ifdef ENABLE_MOBILE_IPV6 case 2: // Defined by Mobile IPv6 RFC 6275. { if ( r->ip6r_segleft > 0 ) @@ -607,7 +594,6 @@ void IPv6_Hdr_Chain::ProcessRoutingHeader(const struct ip6_rthdr* r, uint16_t le } } break; -#endif default: reporter->Weird(SrcAddr(), DstAddr(), "unknown_routing_type", @@ -616,7 +602,6 @@ void IPv6_Hdr_Chain::ProcessRoutingHeader(const struct ip6_rthdr* r, uint16_t le } } -#ifdef ENABLE_MOBILE_IPV6 void IPv6_Hdr_Chain::ProcessDstOpts(const struct ip6_dest* d, uint16_t len) { // Skip two bytes to get the beginning of the first option structure. These @@ -672,7 +657,6 @@ void IPv6_Hdr_Chain::ProcessDstOpts(const struct ip6_dest* d, uint16_t len) } } } -#endif VectorValPtr IPv6_Hdr_Chain::ToVal() const { @@ -712,11 +696,9 @@ VectorValPtr IPv6_Hdr_Chain::ToVal() const case IPPROTO_ESP: ext_hdr->Assign(6, std::move(v)); break; -#ifdef ENABLE_MOBILE_IPV6 case IPPROTO_MOBILITY: ext_hdr->Assign(7, std::move(v)); break; -#endif default: reporter->InternalWarning("IPv6_Hdr_Chain bad header %d", type); continue; @@ -749,10 +731,8 @@ IPv6_Hdr_Chain* IPv6_Hdr_Chain::Copy(const ip6_hdr* new_hdr) const IPv6_Hdr_Chain* rval = new IPv6_Hdr_Chain; rval->length = length; -#ifdef ENABLE_MOBILE_IPV6 if ( homeAddr ) rval->homeAddr = new IPAddr(*homeAddr); -#endif if ( finalDst ) rval->finalDst = new IPAddr(*finalDst); diff --git a/src/IP.h b/src/IP.h index 915e105836..79663747df 100644 --- a/src/IP.h +++ b/src/IP.h @@ -26,8 +26,6 @@ using VectorValPtr = IntrusivePtr; namespace detail { class FragReassembler; } -#ifdef ENABLE_MOBILE_IPV6 - #ifndef IPPROTO_MOBILITY #define IPPROTO_MOBILITY 135 #endif @@ -40,8 +38,6 @@ struct ip6_mobility { uint16_t ip6mob_chksum; }; -#endif //ENABLE_MOBILE_IPV6 - /** * Base class for IPv6 header/extensions. */ @@ -66,9 +62,7 @@ public: case IPPROTO_ROUTING: case IPPROTO_FRAGMENT: case IPPROTO_AH: -#ifdef ENABLE_MOBILE_IPV6 case IPPROTO_MOBILITY: -#endif ((ip6_ext*)data)->ip6e_nxt = next_type; break; case IPPROTO_ESP: @@ -93,9 +87,7 @@ public: case IPPROTO_ROUTING: case IPPROTO_FRAGMENT: case IPPROTO_AH: -#ifdef ENABLE_MOBILE_IPV6 case IPPROTO_MOBILITY: -#endif return ((ip6_ext*)data)->ip6e_nxt; case IPPROTO_ESP: default: @@ -114,9 +106,7 @@ public: case IPPROTO_HOPOPTS: case IPPROTO_DSTOPTS: case IPPROTO_ROUTING: -#ifdef ENABLE_MOBILE_IPV6 case IPPROTO_MOBILITY: -#endif return 8 + 8 * ((ip6_ext*)data)->ip6e_len; case IPPROTO_FRAGMENT: return 8; @@ -262,13 +252,11 @@ protected: */ void ProcessRoutingHeader(const struct ip6_rthdr* r, uint16_t len); -#ifdef ENABLE_MOBILE_IPV6 /** * Inspect a Destination Option header's options for things we need to * remember, such as the Home Address option from Mobile IPv6. */ void ProcessDstOpts(const struct ip6_dest* d, uint16_t len); -#endif std::vector chain; @@ -277,12 +265,10 @@ protected: */ uint16_t length = 0; -#ifdef ENABLE_MOBILE_IPV6 /** * Home Address of the packet's source as defined by Mobile IPv6 (RFC 6275). */ IPAddr* homeAddr = nullptr; -#endif /** * The final destination address in chain's first Routing header that has @@ -394,7 +380,6 @@ public: return ((const u_char*) ip6) + ip6_hdrs->TotalLength(); } -#ifdef ENABLE_MOBILE_IPV6 /** * Returns a pointer to the mobility header of the IP packet, if present, * else a null pointer. @@ -408,7 +393,6 @@ public: else return (const ip6_mobility*)(*ip6_hdrs)[ip6_hdrs->Size()-1]->Data(); } -#endif /** * Returns the length of the IP packet's payload (length of packet minus diff --git a/src/net_util.cc b/src/net_util.cc index 630c0c16bf..193de2a103 100644 --- a/src/net_util.cc +++ b/src/net_util.cc @@ -100,7 +100,6 @@ int icmp_checksum(const struct icmp* icmpp, int len) return detail::in_cksum(reinterpret_cast(icmpp), len); } -#ifdef ENABLE_MOBILE_IPV6 int mobility_header_checksum(const IP_Hdr* ip) { const ip6_mobility* mh = ip->MobilityHeader(); @@ -124,7 +123,6 @@ int mobility_header_checksum(const IP_Hdr* ip) return sum; } -#endif int icmp6_checksum(const struct icmp* icmpp, const IP_Hdr* ip, int len) { diff --git a/src/net_util.h b/src/net_util.h index 695b7ec472..613a61ae8c 100644 --- a/src/net_util.h +++ b/src/net_util.h @@ -178,9 +178,7 @@ extern int ones_complement_checksum(const IPAddr& a, uint32_t sum); extern int icmp6_checksum(const struct icmp* icmpp, const IP_Hdr* ip, int len); extern int icmp_checksum(const struct icmp* icmpp, int len); -#ifdef ENABLE_MOBILE_IPV6 extern int mobility_header_checksum(const IP_Hdr* ip); -#endif // True if sequence # a is between b and c (b <= a <= c). It must be true // that b <= c in the sequence space. diff --git a/src/packet_analysis/protocol/ip/IP.cc b/src/packet_analysis/protocol/ip/IP.cc index e384397cd4..b957f9fce6 100644 --- a/src/packet_analysis/protocol/ip/IP.cc +++ b/src/packet_analysis/protocol/ip/IP.cc @@ -196,7 +196,6 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet) return true; } -#ifdef ENABLE_MOBILE_IPV6 // We stop building the chain when seeing IPPROTO_MOBILITY so it's always // last if present. if ( packet->ip_hdr->LastHeader() == IPPROTO_MOBILITY ) @@ -217,7 +216,6 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet) return true; } -#endif // Set the data pointer to match the payload from the IP header. This makes sure that it's also pointing // at the reassembled data for a fragmented packet. diff --git a/testing/btest/core/disable-mobile-ipv6.test b/testing/btest/core/disable-mobile-ipv6.test deleted file mode 100644 index 3387ddf13c..0000000000 --- a/testing/btest/core/disable-mobile-ipv6.test +++ /dev/null @@ -1,15 +0,0 @@ -# @TEST-REQUIRES: grep -q "#undef ENABLE_MOBILE_IPV6" $BUILD/zeek-config.h -# -# @TEST-EXEC: zeek -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT -# @TEST-EXEC: btest-diff unknown_protocols.log - -@load policy/misc/unknown-protocols - -event mobile_ipv6_message(p: pkt_hdr) - { - if ( ! p?$ip6 ) return; - - for ( i in p$ip6$exts ) - if ( p$ip6$exts[i]$id == IPPROTO_MOBILITY ) - print p$ip6; - } diff --git a/testing/btest/core/mobile-ipv6-dst-opts.test b/testing/btest/core/mobile-ipv6-dst-opts.test index be6581f7b3..eb2794b1d9 100644 --- a/testing/btest/core/mobile-ipv6-dst-opts.test +++ b/testing/btest/core/mobile-ipv6-dst-opts.test @@ -1,4 +1,2 @@ -# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/zeek-config.h -# # @TEST-EXEC: zeek -C -r $TRACES/ipv6-mobility-dst-opts.trace # @TEST-EXEC: btest-diff weird.log diff --git a/testing/btest/core/mobile-ipv6-home-addr.test b/testing/btest/core/mobile-ipv6-home-addr.test index 9be171074a..15a8e3d834 100644 --- a/testing/btest/core/mobile-ipv6-home-addr.test +++ b/testing/btest/core/mobile-ipv6-home-addr.test @@ -1,5 +1,3 @@ -# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/zeek-config.h -# # @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/ipv6-mobile-hoa.trace %INPUT >output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/mobile-ipv6-routing.test b/testing/btest/core/mobile-ipv6-routing.test index cca944f9c4..50eab12f0a 100644 --- a/testing/btest/core/mobile-ipv6-routing.test +++ b/testing/btest/core/mobile-ipv6-routing.test @@ -1,5 +1,3 @@ -# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/zeek-config.h -# # @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/ipv6-mobile-routing.trace %INPUT >output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/mobility-checksums.test b/testing/btest/core/mobility-checksums.test index d680fdf406..c2b5a9e75f 100644 --- a/testing/btest/core/mobility-checksums.test +++ b/testing/btest/core/mobility-checksums.test @@ -1,5 +1,3 @@ -# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/zeek-config.h -# # @TEST-EXEC: zeek -r $TRACES/chksums/mip6-bad-mh-chksum.pcap # @TEST-EXEC: mv weird.log bad.out # @TEST-EXEC: zeek -r $TRACES/chksums/ip6-hoa-tcp-bad-chksum.pcap diff --git a/testing/btest/core/mobility_msg.test b/testing/btest/core/mobility_msg.test index 89538fc667..fd961d1aa3 100644 --- a/testing/btest/core/mobility_msg.test +++ b/testing/btest/core/mobility_msg.test @@ -1,5 +1,3 @@ -# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/zeek-config.h -# # @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT >output # @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_be.trace %INPUT >>output # @TEST-EXEC: zeek -b -r $TRACES/mobile-ipv6/mip6_brr.trace %INPUT >>output diff --git a/zeek-config.h.in b/zeek-config.h.in index 8cc0c013d5..0786610807 100644 --- a/zeek-config.h.in +++ b/zeek-config.h.in @@ -116,9 +116,6 @@ /* Use Google's perftools */ #cmakedefine USE_PERFTOOLS_DEBUG -/* Analyze Mobile IPv6 traffic */ -#cmakedefine ENABLE_MOBILE_IPV6 - /* Use libCurl. */ #cmakedefine USE_CURL