shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-14 15:21:37 +03:00
Code
34e8c5a23c
systemd/src/libsystemd-network/dhcp-packet.c

199 lines
6.1 KiB
C
Raw Normal View History

sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
/***
This file is part of systemd.
Copyright (C) 2013 Intel Corporation. All rights reserved.
Copyright (C) 2014 Tom Gundersen
systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <stdio.h>
#include <net/ethernet.h>
#include <net/if_arp.h>
#include <sys/param.h>
#include "util.h"
#include "list.h"
#include "dhcp-protocol.h"
sd-network: add new library This is similar to sd-login, but exposes the state of networkd rather than logind. Include it in libsystemd-dhcp and rename it to libsystemd-network.
2014-02-27 04:24:05 +04:00
#include "dhcp-lease-internal.h"
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
#include "dhcp-internal.h"
sd-network: add new library This is similar to sd-login, but exposes the state of networkd rather than logind. Include it in libsystemd-dhcp and rename it to libsystemd-network.
2014-02-27 04:24:05 +04:00
#include "sd-dhcp-lease.h"
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
#include "sd-dhcp-client.h"
#define DHCP_CLIENT_MIN_OPTIONS_SIZE 312
int dhcp_message_init(DHCPMessage *message, uint8_t op, uint32_t xid,
sd-dhcp: option_append - support falling back to 'sname' and 'file'
2014-05-21 17:55:02 +04:00
uint8_t type, size_t optlen, size_t *optoffset) {
sd-dhcp: refactor dhcp_option_append Store a pointer to the options in the DHCPMessage struct, and pass this together with an offset around, rather than a uint8_t**. This avoids us having to (re)compute the pointer; and changes dhcp_option_append from adjusting both the pointer to the next option and the remaining size of the options, to just adjusting the current offset. This makes the code a bit simpler to follow IMHO, but there should be no functional change.
2014-05-20 13:04:50 +04:00
size_t offset = 0;
int r;
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
sd-dhcp: message_init - only set secs in the client
2014-02-24 01:07:07 +04:00
assert(op == BOOTREQUEST || op == BOOTREPLY);
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
message->op = op;
message->htype = ARPHRD_ETHER;
message->hlen = ETHER_ADDR_LEN;
message->xid = htobe32(xid);
sd-dhcp-client: move magic cookie into DHCPMessage struct Also move the checking of it to the main message handler, rather than the options parser. Fix a bug, so we now drop the packet if any of the magic bytes don't match. Before we used to only drop the packet if they were all wrong.
2014-04-06 16:05:32 +04:00
message->magic = htobe32(DHCP_MAGIC_COOKIE);
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
sd-dhcp: option_append - support falling back to 'sname' and 'file'
2014-05-21 17:55:02 +04:00
r = dhcp_option_append(message, optlen, &offset, 0,
DHCP_OPTION_MESSAGE_TYPE, 1, &type);
sd-dhcp: refactor dhcp_option_append Store a pointer to the options in the DHCPMessage struct, and pass this together with an offset around, rather than a uint8_t**. This avoids us having to (re)compute the pointer; and changes dhcp_option_append from adjusting both the pointer to the next option and the remaining size of the options, to just adjusting the current offset. This makes the code a bit simpler to follow IMHO, but there should be no functional change.
2014-05-20 13:04:50 +04:00
if (r < 0)
return r;
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
sd-dhcp: refactor dhcp_option_append Store a pointer to the options in the DHCPMessage struct, and pass this together with an offset around, rather than a uint8_t**. This avoids us having to (re)compute the pointer; and changes dhcp_option_append from adjusting both the pointer to the next option and the remaining size of the options, to just adjusting the current offset. This makes the code a bit simpler to follow IMHO, but there should be no functional change.
2014-05-20 13:04:50 +04:00
*optoffset = offset;
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
return 0;
}
sd-dhcp: checksum - make endianess-neutral For efficiency, we group bytes together before adding them up. This is guaranteed to always work (regardless of the byte order) as long as the i-th byte in each group lign up with the i-th byte in each other group. On big-endian machines this broke when handling the trailing few bytes which did not make up a full group of 4 bytes. This patch fixes the problem by explicitly creating a 4 byte zero-padded group out of the trailing bytes. Reported and tested by Thomas Ritter <th.ritter@gmx.at>.
2014-06-16 17:24:28 +04:00
uint16_t dhcp_packet_checksum(uint8_t *buf, size_t len) {
uint64_t *buf_64 = (uint64_t*)buf;
uint64_t *end_64 = buf_64 + (len / sizeof(uint64_t));
libsystemd-network: Speed up checksum computation using 64 bit integers Improve the checksum computation by using 64 bit integers instead of the 16 bit integers in the existing implementation. This change speeds up the computation with approximately 78% both on 64 bit and 32 bit systems. Please see RFC 1071 for details.
2014-04-02 12:00:31 +04:00
uint64_t sum = 0;
sd-dhcp: checksum - make endianess-neutral For efficiency, we group bytes together before adding them up. This is guaranteed to always work (regardless of the byte order) as long as the i-th byte in each group lign up with the i-th byte in each other group. On big-endian machines this broke when handling the trailing few bytes which did not make up a full group of 4 bytes. This patch fixes the problem by explicitly creating a 4 byte zero-padded group out of the trailing bytes. Reported and tested by Thomas Ritter <th.ritter@gmx.at>.
2014-06-16 17:24:28 +04:00
/* See RFC1071 */
libsystemd-network: Speed up checksum computation using 64 bit integers Improve the checksum computation by using 64 bit integers instead of the 16 bit integers in the existing implementation. This change speeds up the computation with approximately 78% both on 64 bit and 32 bit systems. Please see RFC 1071 for details.
2014-04-02 12:00:31 +04:00
while (buf_64 < end_64) {
sum += *buf_64;
if (sum < *buf_64)
sd-dhcp: checksum - make endianess-neutral For efficiency, we group bytes together before adding them up. This is guaranteed to always work (regardless of the byte order) as long as the i-th byte in each group lign up with the i-th byte in each other group. On big-endian machines this broke when handling the trailing few bytes which did not make up a full group of 4 bytes. This patch fixes the problem by explicitly creating a 4 byte zero-padded group out of the trailing bytes. Reported and tested by Thomas Ritter <th.ritter@gmx.at>.
2014-06-16 17:24:28 +04:00
/* wrap around in one's complement */
libsystemd-network: Speed up checksum computation using 64 bit integers Improve the checksum computation by using 64 bit integers instead of the 16 bit integers in the existing implementation. This change speeds up the computation with approximately 78% both on 64 bit and 32 bit systems. Please see RFC 1071 for details.
2014-04-02 12:00:31 +04:00
sum++;
buf_64 ++;
}
sd-dhcp: checksum - make endianess-neutral For efficiency, we group bytes together before adding them up. This is guaranteed to always work (regardless of the byte order) as long as the i-th byte in each group lign up with the i-th byte in each other group. On big-endian machines this broke when handling the trailing few bytes which did not make up a full group of 4 bytes. This patch fixes the problem by explicitly creating a 4 byte zero-padded group out of the trailing bytes. Reported and tested by Thomas Ritter <th.ritter@gmx.at>.
2014-06-16 17:24:28 +04:00
if (len % sizeof(uint64_t)) {
/* If the buffer is not aligned to 64-bit, we need
to zero-pad the last few bytes and add them in */
uint64_t buf_tail = 0;
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
sd-dhcp: checksum - make endianess-neutral For efficiency, we group bytes together before adding them up. This is guaranteed to always work (regardless of the byte order) as long as the i-th byte in each group lign up with the i-th byte in each other group. On big-endian machines this broke when handling the trailing few bytes which did not make up a full group of 4 bytes. This patch fixes the problem by explicitly creating a 4 byte zero-padded group out of the trailing bytes. Reported and tested by Thomas Ritter <th.ritter@gmx.at>.
2014-06-16 17:24:28 +04:00
memcpy(&buf_tail, buf_64, len % sizeof(uint64_t));
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
sd-dhcp: checksum - make endianess-neutral For efficiency, we group bytes together before adding them up. This is guaranteed to always work (regardless of the byte order) as long as the i-th byte in each group lign up with the i-th byte in each other group. On big-endian machines this broke when handling the trailing few bytes which did not make up a full group of 4 bytes. This patch fixes the problem by explicitly creating a 4 byte zero-padded group out of the trailing bytes. Reported and tested by Thomas Ritter <th.ritter@gmx.at>.
2014-06-16 17:24:28 +04:00
sum += buf_tail;
if (sum < buf_tail)
/* wrap around */
libsystemd-network: Speed up checksum computation using 64 bit integers Improve the checksum computation by using 64 bit integers instead of the 16 bit integers in the existing implementation. This change speeds up the computation with approximately 78% both on 64 bit and 32 bit systems. Please see RFC 1071 for details.
2014-04-02 12:00:31 +04:00
sum++;
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
}
while (sum >> 16)
sum = (sum & 0xffff) + (sum >> 16);
return ~sum;
}
sd-dhcp: generalise ip header generation This will be needed for sd-dhcp-server.
2014-03-10 01:51:07 +04:00
void dhcp_packet_append_ip_headers(DHCPPacket *packet, be32_t source_addr,
uint16_t source_port, be32_t destination_addr,
uint16_t destination_port, uint16_t len) {
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
packet->ip.version = IPVERSION;
packet->ip.ihl = DHCP_IP_SIZE / 4;
packet->ip.tot_len = htobe16(len);
sd-dhcp: network - set TOS on outgoing packets This should improve performance on busy wireless networks and the like. Inspired by a similar change in dnsmasq.
2014-05-07 00:02:14 +04:00
packet->ip.tos = IPTOS_CLASS_CS6;
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
packet->ip.protocol = IPPROTO_UDP;
sd-dhcp: generalise ip header generation This will be needed for sd-dhcp-server.
2014-03-10 01:51:07 +04:00
packet->ip.saddr = source_addr;
packet->ip.daddr = destination_addr;
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
sd-dhcp: generalise ip header generation This will be needed for sd-dhcp-server.
2014-03-10 01:51:07 +04:00
packet->udp.source = htobe16(source_port);
packet->udp.dest = htobe16(destination_port);
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
packet->udp.len = htobe16(len - DHCP_IP_SIZE);
packet->ip.check = packet->udp.len;
sd-dhcp: checksum - make endianess-neutral For efficiency, we group bytes together before adding them up. This is guaranteed to always work (regardless of the byte order) as long as the i-th byte in each group lign up with the i-th byte in each other group. On big-endian machines this broke when handling the trailing few bytes which did not make up a full group of 4 bytes. This patch fixes the problem by explicitly creating a 4 byte zero-padded group out of the trailing bytes. Reported and tested by Thomas Ritter <th.ritter@gmx.at>.
2014-06-16 17:24:28 +04:00
packet->udp.check = dhcp_packet_checksum((uint8_t*)&packet->ip.ttl, len - 8);
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
packet->ip.ttl = IPDEFTTL;
packet->ip.check = 0;
sd-dhcp: checksum - make endianess-neutral For efficiency, we group bytes together before adding them up. This is guaranteed to always work (regardless of the byte order) as long as the i-th byte in each group lign up with the i-th byte in each other group. On big-endian machines this broke when handling the trailing few bytes which did not make up a full group of 4 bytes. This patch fixes the problem by explicitly creating a 4 byte zero-padded group out of the trailing bytes. Reported and tested by Thomas Ritter <th.ritter@gmx.at>.
2014-06-16 17:24:28 +04:00
packet->ip.check = dhcp_packet_checksum((uint8_t*)&packet->ip, DHCP_IP_SIZE);
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
}
sd-dhcp-client: respect TP_STATUS_CSUMNOTREADY If an UDP packet has not passed through a hardware device, its checksum may not have been computed. This is exposed through the TP_STATUS_CSUMNOTREADY sockopt. When using raw sockets, skip checksum validation when TP_STATUS_CSUMNOTREADY is set. This is necessary for dhcp to work directly over a veth tunnel, e.g. as done in systemd-nspawn.
2014-02-24 04:09:21 +04:00
int dhcp_packet_verify_headers(DHCPPacket *packet, size_t len, bool checksum) {
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
size_t hdrlen;
sd-dhcp: use FIONREAD to get correct size of incoming DHCP packet This avoids the problem of broken DHCP servers sending us too big packets that don't fit in our buffer.
2014-02-23 20:30:13 +04:00
assert(packet);
sd-dhcp: equally verify udp and raw dhcp messages Also be more explicit about why packages are ignored.
2014-02-23 17:15:05 +04:00
/* IP */
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
sd-dhcp: check for ipv4 packets
2014-03-30 22:33:57 +04:00
if (packet->ip.version != IPVERSION) {
sd-dhcp-client: include client id in debug messages
2014-04-07 22:00:53 +04:00
log_debug("ignoring packet: not IPv4");
sd-dhcp: check for ipv4 packets
2014-03-30 22:33:57 +04:00
return -EINVAL;
}
sd-dhcp: equally verify udp and raw dhcp messages Also be more explicit about why packages are ignored.
2014-02-23 17:15:05 +04:00
if (packet->ip.ihl < 5) {
sd-dhcp-client: include client id in debug messages
2014-04-07 22:00:53 +04:00
log_debug("ignoring packet: IPv4 IHL (%u words) invalid",
packet->ip.ihl);
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
return -EINVAL;
sd-dhcp: be more detailed about invalid headers This may be a common problem, so let's make it simpler to debug, at least for now.
2014-02-23 04:34:05 +04:00
}
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
hdrlen = packet->ip.ihl * 4;
sd-dhcp: equally verify udp and raw dhcp messages Also be more explicit about why packages are ignored.
2014-02-23 17:15:05 +04:00
if (hdrlen < 20) {
sd-dhcp-client: include client id in debug messages
2014-04-07 22:00:53 +04:00
log_debug("ignoring packet: IPv4 IHL (%zu bytes) "
"smaller than minimum (20 bytes)", hdrlen);
sd-dhcp: equally verify udp and raw dhcp messages Also be more explicit about why packages are ignored.
2014-02-23 17:15:05 +04:00
return -EINVAL;
}
if (len < hdrlen) {
sd-dhcp-client: include client id in debug messages
2014-04-07 22:00:53 +04:00
log_debug("ignoring packet: packet (%zu bytes) "
"smaller than expected (%zu) by IP header", len,
hdrlen);
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
return -EINVAL;
sd-dhcp: be more detailed about invalid headers This may be a common problem, so let's make it simpler to debug, at least for now.
2014-02-23 04:34:05 +04:00
}
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
sd-dhcp: equally verify udp and raw dhcp messages Also be more explicit about why packages are ignored.
2014-02-23 17:15:05 +04:00
/* UDP */
sd-dhcp: check for udp packets Do not try to parse ICMP packets [tomegun: slightly tweaked debug message]
2014-03-30 21:09:14 +04:00
if (packet->ip.protocol != IPPROTO_UDP) {
sd-dhcp-client: include client id in debug messages
2014-04-07 22:00:53 +04:00
log_debug("ignoring packet: not UDP");
sd-dhcp: check for udp packets Do not try to parse ICMP packets [tomegun: slightly tweaked debug message]
2014-03-30 21:09:14 +04:00
return -EINVAL;
}
sd-dhcp: don't reject packets with the 'wrong' source port The RFC does not specify that the packets from the DHCP server must come from the DHCP server port, only that that's where they should be sent. This fixes a problem when running networkd in VirtualBox. Thanks to Sébastien Luttringer for reporting the bug and very patiently testing various fixes.
2014-02-23 22:21:50 +04:00
if (len < hdrlen + be16toh(packet->udp.len)) {
sd-dhcp-client: include client id in debug messages
2014-04-07 22:00:53 +04:00
log_debug("ignoring packet: packet (%zu bytes) "
"smaller than expected (%zu) by UDP header", len,
hdrlen + be16toh(packet->udp.len));
sd-dhcp: be more detailed about invalid headers This may be a common problem, so let's make it simpler to debug, at least for now.
2014-02-23 04:34:05 +04:00
return -EINVAL;
}
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
sd-dhcp: avoid checksum calculation if possible When receiving lots of packets that are not meant for us, we waste a relatively large amount of cpu time computing their checksums before discarding them. Move the checksum calculation last so we never compute it for packets which would otherwise be discarded.
2014-03-30 22:36:44 +04:00
if (be16toh(packet->udp.dest) != DHCP_PORT_CLIENT) {
sd-dhcp-client: include client id in debug messages
2014-04-07 22:00:53 +04:00
log_debug("ignoring packet: to port %u, which "
"is not the DHCP client port (%u)",
be16toh(packet->udp.dest), DHCP_PORT_CLIENT);
sd-dhcp: avoid checksum calculation if possible When receiving lots of packets that are not meant for us, we waste a relatively large amount of cpu time computing their checksums before discarding them. Move the checksum calculation last so we never compute it for packets which would otherwise be discarded.
2014-03-30 22:36:44 +04:00
return -EINVAL;
}
/* checksums - computing these is relatively expensive, so only do it
if all the other checks have passed
*/
sd-dhcp: checksum - make endianess-neutral For efficiency, we group bytes together before adding them up. This is guaranteed to always work (regardless of the byte order) as long as the i-th byte in each group lign up with the i-th byte in each other group. On big-endian machines this broke when handling the trailing few bytes which did not make up a full group of 4 bytes. This patch fixes the problem by explicitly creating a 4 byte zero-padded group out of the trailing bytes. Reported and tested by Thomas Ritter <th.ritter@gmx.at>.
2014-06-16 17:24:28 +04:00
if (dhcp_packet_checksum((uint8_t*)&packet->ip, hdrlen)) {
sd-dhcp-client: include client id in debug messages
2014-04-07 22:00:53 +04:00
log_debug("ignoring packet: invalid IP checksum");
sd-dhcp: avoid checksum calculation if possible When receiving lots of packets that are not meant for us, we waste a relatively large amount of cpu time computing their checksums before discarding them. Move the checksum calculation last so we never compute it for packets which would otherwise be discarded.
2014-03-30 22:36:44 +04:00
return -EINVAL;
}
sd-dhcp-client: respect TP_STATUS_CSUMNOTREADY If an UDP packet has not passed through a hardware device, its checksum may not have been computed. This is exposed through the TP_STATUS_CSUMNOTREADY sockopt. When using raw sockets, skip checksum validation when TP_STATUS_CSUMNOTREADY is set. This is necessary for dhcp to work directly over a veth tunnel, e.g. as done in systemd-nspawn.
2014-02-24 04:09:21 +04:00
if (checksum && packet->udp.check) {
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
packet->ip.check = packet->udp.len;
packet->ip.ttl = 0;
sd-dhcp: checksum - make endianess-neutral For efficiency, we group bytes together before adding them up. This is guaranteed to always work (regardless of the byte order) as long as the i-th byte in each group lign up with the i-th byte in each other group. On big-endian machines this broke when handling the trailing few bytes which did not make up a full group of 4 bytes. This patch fixes the problem by explicitly creating a 4 byte zero-padded group out of the trailing bytes. Reported and tested by Thomas Ritter <th.ritter@gmx.at>.
2014-06-16 17:24:28 +04:00
if (dhcp_packet_checksum((uint8_t*)&packet->ip.ttl,
sd-dhcp: be more detailed about invalid headers This may be a common problem, so let's make it simpler to debug, at least for now.
2014-02-23 04:34:05 +04:00
be16toh(packet->udp.len) + 12)) {
sd-dhcp-client: include client id in debug messages
2014-04-07 22:00:53 +04:00
log_debug("ignoring packet: invalid UDP checksum");
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
return -EINVAL;
sd-dhcp: be more detailed about invalid headers This may be a common problem, so let's make it simpler to debug, at least for now.
2014-02-23 04:34:05 +04:00
}
sd-dhcp: split out packet handling from client
2014-02-11 16:11:18 +04:00
}
return 0;
}
Copy Permalink