TUN-8640: Refactor ICMPRouter to support new ICMPResponders

A new ICMPResponder interface is introduced to provide different
implementations of how the ICMP flows should return to the QUIC
connection muxer.

Improves usages of netip.AddrPort to leverage the embedded zone
field for IPv6 addresses.

Closes TUN-8640

ingress/origin_icmp_proxy.go

@@ -14,6 +14,7 @@ import (
 	"golang.org/x/net/ipv6"
 
 	"github.com/cloudflare/cloudflared/packet"
+	"github.com/cloudflare/cloudflared/tracing"
 )
 
 const (
@@ -26,17 +27,46 @@ var (
 	errPacketNil = fmt.Errorf("packet is nil")
 )
 
+// ICMPRouterServer is a parent interface over-top of ICMPRouter that allows for the operation of the proxy origin listeners.
+type ICMPRouterServer interface {
+	ICMPRouter
+	// Serve runs the ICMPRouter proxy origin listeners for any of the IPv4 or IPv6 interfaces configured.
+	Serve(ctx context.Context) error
+}
+
+// ICMPRouter manages out-going ICMP requests towards the origin.
+type ICMPRouter interface {
+	// Request will send an ICMP packet towards the origin with an ICMPResponder to attach to the ICMP flow for the
+	// response to utilize.
+	Request(ctx context.Context, pk *packet.ICMP, responder ICMPResponder) error
+	// ConvertToTTLExceeded will take an ICMP packet and create a ICMP TTL Exceeded response origininating from the
+	// ICMPRouter's IP interface.
+	ConvertToTTLExceeded(pk *packet.ICMP, rawPacket packet.RawPacket) *packet.ICMP
+}
+
+// ICMPResponder manages how to handle incoming ICMP messages coming from the origin to the edge.
+type ICMPResponder interface {
+	ConnectionIndex() uint8
+	ReturnPacket(pk *packet.ICMP) error
+	AddTraceContext(tracedCtx *tracing.TracedContext, serializedIdentity []byte)
+	RequestSpan(ctx context.Context, pk *packet.ICMP) (context.Context, trace.Span)
+	ReplySpan(ctx context.Context, logger *zerolog.Logger) (context.Context, trace.Span)
+	ExportSpan()
+}
+
 type icmpRouter struct {
 	ipv4Proxy *icmpProxy
+	ipv4Src   netip.Addr
 	ipv6Proxy *icmpProxy
+	ipv6Src   netip.Addr
 }
 
 // NewICMPRouter doesn't return an error if either ipv4 proxy or ipv6 proxy can be created. The machine might only
 // support one of them.
 // funnelIdleTimeout controls how long to wait to close a funnel without send/return
-func NewICMPRouter(ipv4Addr, ipv6Addr netip.Addr, ipv6Zone string, logger *zerolog.Logger, funnelIdleTimeout time.Duration) (*icmpRouter, error) {
-	ipv4Proxy, ipv4Err := newICMPProxy(ipv4Addr, "", logger, funnelIdleTimeout)
-	ipv6Proxy, ipv6Err := newICMPProxy(ipv6Addr, ipv6Zone, logger, funnelIdleTimeout)
+func NewICMPRouter(ipv4Addr, ipv6Addr netip.Addr, logger *zerolog.Logger, funnelIdleTimeout time.Duration) (ICMPRouterServer, error) {
+	ipv4Proxy, ipv4Err := newICMPProxy(ipv4Addr, logger, funnelIdleTimeout)
+	ipv6Proxy, ipv6Err := newICMPProxy(ipv6Addr, logger, funnelIdleTimeout)
 	if ipv4Err != nil && ipv6Err != nil {
 		err := fmt.Errorf("cannot create ICMPv4 proxy: %v nor ICMPv6 proxy: %v", ipv4Err, ipv6Err)
 		logger.Debug().Err(err).Msg("ICMP proxy feature is disabled")
@@ -52,7 +82,9 @@ func NewICMPRouter(ipv4Addr, ipv6Addr netip.Addr, ipv6Zone string, logger *zerol
 	}
 	return &icmpRouter{
 		ipv4Proxy: ipv4Proxy,
+		ipv4Src:   ipv4Addr,
 		ipv6Proxy: ipv6Proxy,
+		ipv6Src:   ipv6Addr,
 	}, nil
 }
 
@@ -76,7 +108,7 @@ func (ir *icmpRouter) Serve(ctx context.Context) error {
 	return fmt.Errorf("ICMPv4 proxy and ICMPv6 proxy are both nil")
 }
 
-func (ir *icmpRouter) Request(ctx context.Context, pk *packet.ICMP, responder *packetResponder) error {
+func (ir *icmpRouter) Request(ctx context.Context, pk *packet.ICMP, responder ICMPResponder) error {
 	if pk == nil {
 		return errPacketNil
 	}
@@ -92,6 +124,16 @@ func (ir *icmpRouter) Request(ctx context.Context, pk *packet.ICMP, responder *p
 	return fmt.Errorf("ICMPv6 proxy was not instantiated")
 }
 
+func (ir *icmpRouter) ConvertToTTLExceeded(pk *packet.ICMP, rawPacket packet.RawPacket) *packet.ICMP {
+	var srcIP netip.Addr
+	if pk.Dst.Is4() {
+		srcIP = ir.ipv4Src
+	} else {
+		srcIP = ir.ipv6Src
+	}
+	return packet.NewICMPTTLExceedPacket(pk.IP, rawPacket, srcIP)
+}
+
 func getICMPEcho(msg *icmp.Message) (*icmp.Echo, error) {
 	echo, ok := msg.Body.(*icmp.Echo)
 	if !ok {