[thirdparty/systemd.git] / src / libsystemd-network / dhcp-packet.c

/* SPDX-License-Identifier: LGPL-2.1+ */
/***
  Copyright © 2013 Intel Corporation. All rights reserved.
***/

#include <errno.h>
#include <net/ethernet.h>
#include <net/if_arp.h>
#include <string.h>

#include "dhcp-internal.h"
#include "dhcp-protocol.h"

#define DHCP_CLIENT_MIN_OPTIONS_SIZE            312

int dhcp_message_init(DHCPMessage *message, uint8_t op, uint32_t xid,
                      uint8_t type, uint16_t arp_type, size_t optlen,
                      size_t *optoffset) {
        size_t offset = 0;
        int r;

        assert(IN_SET(op, BOOTREQUEST, BOOTREPLY));
        assert(IN_SET(arp_type, ARPHRD_ETHER, ARPHRD_INFINIBAND));

        message->op = op;
        message->htype = arp_type;
        message->hlen = (arp_type == ARPHRD_ETHER) ? ETHER_ADDR_LEN : 0;
        message->xid = htobe32(xid);
        message->magic = htobe32(DHCP_MAGIC_COOKIE);

        r = dhcp_option_append(message, optlen, &offset, 0,
                               SD_DHCP_OPTION_MESSAGE_TYPE, 1, &type);
        if (r < 0)
                return r;

        *optoffset = offset;

        return 0;
}

uint16_t dhcp_packet_checksum(uint8_t *buf, size_t len) {
        uint64_t *buf_64 = (uint64_t*)buf;
        uint64_t *end_64 = buf_64 + (len / sizeof(uint64_t));
        uint64_t sum = 0;

        /* See RFC1071 */

        while (buf_64 < end_64) {
                sum += *buf_64;
                if (sum < *buf_64)
                        /* wrap around in one's complement */
                        sum++;

                buf_64++;
        }

        if (len % sizeof(uint64_t)) {
                /* If the buffer is not aligned to 64-bit, we need
                   to zero-pad the last few bytes and add them in */
                uint64_t buf_tail = 0;

                memcpy(&buf_tail, buf_64, len % sizeof(uint64_t));

                sum += buf_tail;
                if (sum < buf_tail)
                        /* wrap around */
                        sum++;
        }

        while (sum >> 16)
                sum = (sum & 0xffff) + (sum >> 16);

        return ~sum;
}

void dhcp_packet_append_ip_headers(DHCPPacket *packet, be32_t source_addr,
                                   uint16_t source_port, be32_t destination_addr,
                                   uint16_t destination_port, uint16_t len) {
        packet->ip.version = IPVERSION;
        packet->ip.ihl = DHCP_IP_SIZE / 4;
        packet->ip.tot_len = htobe16(len);

        packet->ip.tos = IPTOS_CLASS_CS6;

        packet->ip.protocol = IPPROTO_UDP;
        packet->ip.saddr = source_addr;
        packet->ip.daddr = destination_addr;

        packet->udp.source = htobe16(source_port);
        packet->udp.dest = htobe16(destination_port);

        packet->udp.len = htobe16(len - DHCP_IP_SIZE);

        packet->ip.check = packet->udp.len;
        packet->udp.check = dhcp_packet_checksum((uint8_t*)&packet->ip.ttl, len - 8);

        packet->ip.ttl = IPDEFTTL;
        packet->ip.check = 0;
        packet->ip.check = dhcp_packet_checksum((uint8_t*)&packet->ip, DHCP_IP_SIZE);
}

int dhcp_packet_verify_headers(DHCPPacket *packet, size_t len, bool checksum, uint16_t port) {
        size_t hdrlen;

        assert(packet);

        /* IP */

        if (packet->ip.version != IPVERSION) {
                log_debug("ignoring packet: not IPv4");
                return -EINVAL;
        }

        if (packet->ip.ihl < 5) {
                log_debug("ignoring packet: IPv4 IHL (%u words) invalid",
                          packet->ip.ihl);
                return -EINVAL;
        }

        hdrlen = packet->ip.ihl * 4;
        if (hdrlen < 20) {
                log_debug("ignoring packet: IPv4 IHL (%zu bytes) "
                          "smaller than minimum (20 bytes)", hdrlen);
                return -EINVAL;
        }

        if (len < hdrlen) {
                log_debug("ignoring packet: packet (%zu bytes) "
                          "smaller than expected (%zu) by IP header", len,
                          hdrlen);
                return -EINVAL;
        }

        /* UDP */

        if (packet->ip.protocol != IPPROTO_UDP) {
                log_debug("ignoring packet: not UDP");
                return -EINVAL;
        }

        if (len < hdrlen + be16toh(packet->udp.len)) {
                log_debug("ignoring packet: packet (%zu bytes) "
                          "smaller than expected (%zu) by UDP header", len,
                          hdrlen + be16toh(packet->udp.len));
                return -EINVAL;
        }

        if (be16toh(packet->udp.dest) != port) {
                log_debug("ignoring packet: to port %u, which "
                          "is not the DHCP client port (%u)",
                          be16toh(packet->udp.dest), port);
                return -EINVAL;
        }

        /* checksums - computing these is relatively expensive, so only do it
           if all the other checks have passed
         */

        if (dhcp_packet_checksum((uint8_t*)&packet->ip, hdrlen)) {
                log_debug("ignoring packet: invalid IP checksum");
                return -EINVAL;
        }

        if (checksum && packet->udp.check) {
                packet->ip.check = packet->udp.len;
                packet->ip.ttl = 0;

                if (dhcp_packet_checksum((uint8_t*)&packet->ip.ttl,
                                  be16toh(packet->udp.len) + 12)) {
                        log_debug("ignoring packet: invalid UDP checksum");
                        return -EINVAL;
                }
        }

        return 0;
}
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
cf597f65	2	/***
810adae9	3	Copyright © 2013 Intel Corporation. All rights reserved.
cf597f65 TG	4	***/
cf597f65 TG	5
cf597f65	6	#include <errno.h>
cf597f65 TG	7	#include <net/ethernet.h>
cf597f65 TG	8	#include <net/if_arp.h>
cf0fbc49	9	#include <string.h>
cf597f65	10
cf597f65	11	#include "dhcp-internal.h"
cf0fbc49	12	#include "dhcp-protocol.h"
cf597f65 TG	13
	14	#define DHCP_CLIENT_MIN_OPTIONS_SIZE 312
	15
	16	int dhcp_message_init(DHCPMessage *message, uint8_t op, uint32_t xid,
76253e73 DW	17	uint8_t type, uint16_t arp_type, size_t optlen,
76253e73 DW	18	size_t *optoffset) {
20b958bf TG	19	size_t offset = 0;
20b958bf TG	20	int r;
cf597f65	21
3742095b AR	22	assert(IN_SET(op, BOOTREQUEST, BOOTREPLY));
3742095b AR	23	assert(IN_SET(arp_type, ARPHRD_ETHER, ARPHRD_INFINIBAND));
0a1b6da8	24
cf597f65	25	message->op = op;
76253e73 DW	26	message->htype = arp_type;
76253e73 DW	27	message->hlen = (arp_type == ARPHRD_ETHER) ? ETHER_ADDR_LEN : 0;
cf597f65	28	message->xid = htobe32(xid);
3b7ca119	29	message->magic = htobe32(DHCP_MAGIC_COOKIE);
cf597f65	30
04b28be1	31	r = dhcp_option_append(message, optlen, &offset, 0,
22805d92	32	SD_DHCP_OPTION_MESSAGE_TYPE, 1, &type);
20b958bf TG	33	if (r < 0)
20b958bf TG	34	return r;
cf597f65	35
20b958bf	36	*optoffset = offset;
cf597f65 TG	37
	38	return 0;
	39	}
	40
0bbc2c1f TG	41	uint16_t dhcp_packet_checksum(uint8_t *buf, size_t len) {
	42	uint64_t buf_64 = (uint64_t)buf;
	43	uint64_t *end_64 = buf_64 + (len / sizeof(uint64_t));
d5761274 TG	44	uint64_t sum = 0;
d5761274 TG	45
0bbc2c1f TG	46	/* See RFC1071 */
0bbc2c1f TG	47
d5761274 TG	48	while (buf_64 < end_64) {
	49	sum += *buf_64;
	50	if (sum < *buf_64)
0bbc2c1f	51	/* wrap around in one's complement */
d5761274 TG	52	sum++;
d5761274 TG	53
313cefa1	54	buf_64++;
d5761274 TG	55	}
d5761274 TG	56
0bbc2c1f TG	57	if (len % sizeof(uint64_t)) {
	58	/* If the buffer is not aligned to 64-bit, we need
	59	to zero-pad the last few bytes and add them in */
	60	uint64_t buf_tail = 0;
cf597f65	61
0bbc2c1f	62	memcpy(&buf_tail, buf_64, len % sizeof(uint64_t));
cf597f65	63
0bbc2c1f TG	64	sum += buf_tail;
	65	if (sum < buf_tail)
	66	/* wrap around */
d5761274	67	sum++;
cf597f65 TG	68	}
	69
	70	while (sum >> 16)
	71	sum = (sum & 0xffff) + (sum >> 16);
	72
	73	return ~sum;
	74	}
	75
63edaa62 TG	76	void dhcp_packet_append_ip_headers(DHCPPacket *packet, be32_t source_addr,
	77	uint16_t source_port, be32_t destination_addr,
	78	uint16_t destination_port, uint16_t len) {
cf597f65 TG	79	packet->ip.version = IPVERSION;
	80	packet->ip.ihl = DHCP_IP_SIZE / 4;
	81	packet->ip.tot_len = htobe16(len);
	82
85923f79 TG	83	packet->ip.tos = IPTOS_CLASS_CS6;
85923f79 TG	84
cf597f65	85	packet->ip.protocol = IPPROTO_UDP;
63edaa62 TG	86	packet->ip.saddr = source_addr;
63edaa62 TG	87	packet->ip.daddr = destination_addr;
cf597f65	88
63edaa62 TG	89	packet->udp.source = htobe16(source_port);
63edaa62 TG	90	packet->udp.dest = htobe16(destination_port);
cf597f65 TG	91
	92	packet->udp.len = htobe16(len - DHCP_IP_SIZE);
	93
	94	packet->ip.check = packet->udp.len;
0bbc2c1f	95	packet->udp.check = dhcp_packet_checksum((uint8_t*)&packet->ip.ttl, len - 8);
cf597f65 TG	96
	97	packet->ip.ttl = IPDEFTTL;
	98	packet->ip.check = 0;
0bbc2c1f	99	packet->ip.check = dhcp_packet_checksum((uint8_t*)&packet->ip, DHCP_IP_SIZE);
cf597f65 TG	100	}
cf597f65 TG	101
9faed222	102	int dhcp_packet_verify_headers(DHCPPacket *packet, size_t len, bool checksum, uint16_t port) {
cf597f65 TG	103	size_t hdrlen;
cf597f65 TG	104
5266a81e TG	105	assert(packet);
5266a81e TG	106
06b44be7	107	/* IP */
cf597f65	108
6e34949d	109	if (packet->ip.version != IPVERSION) {
aa6fc9b8	110	log_debug("ignoring packet: not IPv4");
6e34949d TG	111	return -EINVAL;
	112	}
	113
06b44be7	114	if (packet->ip.ihl < 5) {
aa6fc9b8 TG	115	log_debug("ignoring packet: IPv4 IHL (%u words) invalid",
aa6fc9b8 TG	116	packet->ip.ihl);
cf597f65	117	return -EINVAL;
ac4f16ab	118	}
cf597f65 TG	119
cf597f65 TG	120	hdrlen = packet->ip.ihl * 4;
06b44be7	121	if (hdrlen < 20) {
aa6fc9b8 TG	122	log_debug("ignoring packet: IPv4 IHL (%zu bytes) "
aa6fc9b8 TG	123	"smaller than minimum (20 bytes)", hdrlen);
06b44be7 TG	124	return -EINVAL;
	125	}
	126
	127	if (len < hdrlen) {
aa6fc9b8 TG	128	log_debug("ignoring packet: packet (%zu bytes) "
	129	"smaller than expected (%zu) by IP header", len,
	130	hdrlen);
cf597f65	131	return -EINVAL;
ac4f16ab	132	}
cf597f65	133
06b44be7 TG	134	/* UDP */
06b44be7 TG	135
d454a674	136	if (packet->ip.protocol != IPPROTO_UDP) {
aa6fc9b8	137	log_debug("ignoring packet: not UDP");
d454a674 UTL	138	return -EINVAL;
	139	}
	140
8fa2eeac	141	if (len < hdrlen + be16toh(packet->udp.len)) {
aa6fc9b8 TG	142	log_debug("ignoring packet: packet (%zu bytes) "
	143	"smaller than expected (%zu) by UDP header", len,
	144	hdrlen + be16toh(packet->udp.len));
ac4f16ab TG	145	return -EINVAL;
ac4f16ab TG	146	}
cf597f65	147
9faed222	148	if (be16toh(packet->udp.dest) != port) {
aa6fc9b8 TG	149	log_debug("ignoring packet: to port %u, which "
aa6fc9b8 TG	150	"is not the DHCP client port (%u)",
9faed222	151	be16toh(packet->udp.dest), port);
2ad7561f TG	152	return -EINVAL;
	153	}
	154
	155	/* checksums - computing these is relatively expensive, so only do it
	156	if all the other checks have passed
	157	*/
	158
0bbc2c1f	159	if (dhcp_packet_checksum((uint8_t*)&packet->ip, hdrlen)) {
aa6fc9b8	160	log_debug("ignoring packet: invalid IP checksum");
2ad7561f TG	161	return -EINVAL;
	162	}
	163
55dab2ed	164	if (checksum && packet->udp.check) {
cf597f65 TG	165	packet->ip.check = packet->udp.len;
	166	packet->ip.ttl = 0;
	167
0bbc2c1f	168	if (dhcp_packet_checksum((uint8_t*)&packet->ip.ttl,
ac4f16ab	169	be16toh(packet->udp.len) + 12)) {
aa6fc9b8	170	log_debug("ignoring packet: invalid UDP checksum");
cf597f65	171	return -EINVAL;
ac4f16ab	172	}
cf597f65 TG	173	}
cf597f65 TG	174
cf597f65 TG	175	return 0;
cf597f65 TG	176	}