]>
Commit | Line | Data |
---|---|---|
ddc93db6 | 1 | /* |
becf027c TB |
2 | * Copyright (C) 2012-2018 Tobias Brunner |
3 | * HSR Hochschule fuer Technik Rapperswil | |
4 | * | |
ddc93db6 MW |
5 | * Copyright (C) 2010 Martin Willi |
6 | * Copyright (C) 2010 revosec AG | |
7 | * | |
8 | * This program is free software; you can redistribute it and/or modify it | |
9 | * under the terms of the GNU General Public License as published by the | |
10 | * Free Software Foundation; either version 2 of the License, or (at your | |
11 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
12 | * | |
13 | * This program is distributed in the hope that it will be useful, but | |
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
15 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
16 | * for more details. | |
17 | */ | |
18 | ||
19 | #include "dhcp_socket.h" | |
20 | ||
21 | #include <unistd.h> | |
22 | #include <errno.h> | |
23 | #include <string.h> | |
24 | #include <netinet/in.h> | |
25 | #include <netinet/ip.h> | |
26 | #include <netinet/udp.h> | |
27 | #include <linux/if_arp.h> | |
20ee54d0 MW |
28 | #include <linux/if_ether.h> |
29 | #include <linux/filter.h> | |
ddc93db6 | 30 | |
12642a68 | 31 | #include <collections/linked_list.h> |
ddc93db6 MW |
32 | #include <utils/identification.h> |
33 | #include <threading/mutex.h> | |
34 | #include <threading/condvar.h> | |
35 | #include <threading/thread.h> | |
36 | ||
37 | #include <daemon.h> | |
38 | #include <processing/jobs/callback_job.h> | |
39 | ||
40 | #define DHCP_SERVER_PORT 67 | |
41 | #define DHCP_CLIENT_PORT 68 | |
4f0932ec | 42 | #define DHCP_TRIES 5 |
ddc93db6 MW |
43 | |
44 | typedef struct private_dhcp_socket_t private_dhcp_socket_t; | |
45 | ||
46 | /** | |
47 | * Private data of an dhcp_socket_t object. | |
48 | */ | |
49 | struct private_dhcp_socket_t { | |
50 | ||
51 | /** | |
52 | * Public dhcp_socket_t interface. | |
53 | */ | |
54 | dhcp_socket_t public; | |
55 | ||
56 | /** | |
57 | * Random number generator | |
58 | */ | |
59 | rng_t *rng; | |
60 | ||
61 | /** | |
20ee54d0 | 62 | * List of transactions in DISCOVER |
ddc93db6 | 63 | */ |
20ee54d0 MW |
64 | linked_list_t *discover; |
65 | ||
66 | /** | |
67 | * List of transactions in REQUEST | |
68 | */ | |
69 | linked_list_t *request; | |
ddc93db6 MW |
70 | |
71 | /** | |
72 | * List of successfully completed transactions | |
73 | */ | |
74 | linked_list_t *completed; | |
75 | ||
76 | /** | |
77 | * Lock for transactions | |
78 | */ | |
79 | mutex_t *mutex; | |
80 | ||
81 | /** | |
82 | * Condvar to wait for transaction completion | |
83 | */ | |
84 | condvar_t *condvar; | |
85 | ||
86 | /** | |
87 | * Threads waiting in condvar | |
88 | */ | |
89 | int waiting; | |
90 | ||
91 | /** | |
20ee54d0 MW |
92 | * DHCP send socket |
93 | */ | |
94 | int send; | |
95 | ||
96 | /** | |
97 | * DHCP receive socket | |
ddc93db6 | 98 | */ |
20ee54d0 | 99 | int receive; |
ddc93db6 | 100 | |
e06a6154 MW |
101 | /** |
102 | * Do we use per-identity or random leases (and MAC addresses) | |
103 | */ | |
104 | bool identity_lease; | |
105 | ||
ddc93db6 MW |
106 | /** |
107 | * DHCP server address, or broadcast | |
108 | */ | |
109 | host_t *dst; | |
bc6ec4de TB |
110 | |
111 | /** | |
112 | * Force configured destination address | |
113 | */ | |
114 | bool force_dst; | |
ddc93db6 MW |
115 | }; |
116 | ||
4f0932ec MW |
117 | /** |
118 | * DHCP opcode (or BOOTP actually) | |
119 | */ | |
ddc93db6 MW |
120 | typedef enum { |
121 | BOOTREQUEST = 1, | |
122 | BOOTREPLY = 2, | |
123 | } dhcp_opcode_t; | |
124 | ||
4f0932ec MW |
125 | /** |
126 | * Some DHCP options used | |
127 | */ | |
ddc93db6 | 128 | typedef enum { |
913eb696 | 129 | DHCP_DNS_SERVER = 6, |
ddc93db6 | 130 | DHCP_HOST_NAME = 12, |
913eb696 | 131 | DHCP_NBNS_SERVER = 44, |
4f0932ec | 132 | DHCP_REQUESTED_IP = 50, |
ddc93db6 | 133 | DHCP_MESSAGE_TYPE = 53, |
4f0932ec | 134 | DHCP_SERVER_ID = 54, |
ddc93db6 | 135 | DHCP_PARAM_REQ_LIST = 55, |
12821bd6 | 136 | DHCP_CLIENT_ID = 61, |
20ee54d0 | 137 | DHCP_OPTEND = 255, |
ddc93db6 MW |
138 | } dhcp_option_type_t; |
139 | ||
4f0932ec MW |
140 | /** |
141 | * DHCP messages types in the DHCP_MESSAGE_TYPE option | |
142 | */ | |
ddc93db6 MW |
143 | typedef enum { |
144 | DHCP_DISCOVER = 1, | |
20ee54d0 MW |
145 | DHCP_OFFER = 2, |
146 | DHCP_REQUEST = 3, | |
147 | DHCP_DECLINE = 4, | |
148 | DHCP_ACK = 5, | |
149 | DHCP_NAK = 6, | |
150 | DHCP_RELEASE = 7, | |
151 | DHCP_INFORM = 8, | |
ddc93db6 | 152 | } dhcp_message_type_t; |
4f0932ec MW |
153 | /** |
154 | * DHCP option encoding, a TLV | |
155 | */ | |
ddc93db6 | 156 | typedef struct __attribute__((packed)) { |
b12c53ce AS |
157 | uint8_t type; |
158 | uint8_t len; | |
ddc93db6 MW |
159 | char data[]; |
160 | } dhcp_option_t; | |
161 | ||
4f0932ec | 162 | /** |
30e886fe | 163 | * DHCP message format, with a minimum size options buffer |
4f0932ec | 164 | */ |
ddc93db6 | 165 | typedef struct __attribute__((packed)) { |
b12c53ce AS |
166 | uint8_t opcode; |
167 | uint8_t hw_type; | |
168 | uint8_t hw_addr_len; | |
169 | uint8_t hop_count; | |
170 | uint32_t transaction_id; | |
171 | uint16_t number_of_seconds; | |
172 | uint16_t flags; | |
173 | uint32_t client_address; | |
174 | uint32_t your_address; | |
175 | uint32_t server_address; | |
176 | uint32_t gateway_address; | |
ddc93db6 MW |
177 | char client_hw_addr[6]; |
178 | char client_hw_padding[10]; | |
179 | char server_hostname[64]; | |
180 | char boot_filename[128]; | |
b12c53ce | 181 | uint32_t magic_cookie; |
30e886fe | 182 | u_char options[308]; |
ddc93db6 MW |
183 | } dhcp_t; |
184 | ||
becf027c TB |
185 | /** |
186 | * Check if the given address equals the broadcast address | |
187 | */ | |
188 | static inline bool is_broadcast(host_t *host) | |
189 | { | |
190 | chunk_t broadcast = chunk_from_chars(0xFF,0xFF,0xFF,0xFF); | |
191 | ||
192 | return chunk_equals(broadcast, host->get_address(host)); | |
193 | } | |
194 | ||
ddc93db6 | 195 | /** |
20ee54d0 | 196 | * Prepare a DHCP message for a given transaction |
ddc93db6 | 197 | */ |
20ee54d0 | 198 | static int prepare_dhcp(private_dhcp_socket_t *this, |
4f0932ec MW |
199 | dhcp_transaction_t *transaction, |
200 | dhcp_message_type_t type, dhcp_t *dhcp) | |
ddc93db6 | 201 | { |
becf027c | 202 | chunk_t chunk; |
ddc93db6 MW |
203 | identification_t *identity; |
204 | dhcp_option_t *option; | |
0e5b94d0 | 205 | int optlen = 0, remaining; |
ddc93db6 | 206 | host_t *src; |
b12c53ce | 207 | uint32_t id; |
ddc93db6 | 208 | |
20ee54d0 MW |
209 | memset(dhcp, 0, sizeof(*dhcp)); |
210 | dhcp->opcode = BOOTREQUEST; | |
211 | dhcp->hw_type = ARPHRD_ETHER; | |
212 | dhcp->hw_addr_len = 6; | |
213 | dhcp->transaction_id = transaction->get_id(transaction); | |
becf027c | 214 | if (is_broadcast(this->dst)) |
ddc93db6 | 215 | { |
2b3c87b4 MW |
216 | /* Set broadcast flag to get broadcasted replies, as we actually |
217 | * do not own the MAC we request an address for. */ | |
218 | dhcp->flags = htons(0x8000); | |
ddc93db6 MW |
219 | /* TODO: send with 0.0.0.0 source address */ |
220 | } | |
221 | else | |
222 | { | |
223 | /* act as relay agent */ | |
8394ea2a | 224 | src = charon->kernel->get_source_addr(charon->kernel, this->dst, NULL); |
ddc93db6 MW |
225 | if (src) |
226 | { | |
20ee54d0 MW |
227 | memcpy(&dhcp->gateway_address, src->get_address(src).ptr, |
228 | sizeof(dhcp->gateway_address)); | |
ddc93db6 MW |
229 | src->destroy(src); |
230 | } | |
231 | } | |
232 | ||
233 | identity = transaction->get_identity(transaction); | |
20ee54d0 | 234 | chunk = identity->get_encoding(identity); |
ddc93db6 | 235 | /* magic bytes, a locally administered unicast MAC */ |
20ee54d0 MW |
236 | dhcp->client_hw_addr[0] = 0x7A; |
237 | dhcp->client_hw_addr[1] = 0xA7; | |
ddc93db6 | 238 | /* with ID specific postfix */ |
e06a6154 MW |
239 | if (this->identity_lease) |
240 | { | |
50daffb7 | 241 | id = htonl(chunk_hash_static(chunk)); |
e06a6154 MW |
242 | } |
243 | else | |
244 | { | |
245 | id = transaction->get_id(transaction); | |
246 | } | |
247 | memcpy(&dhcp->client_hw_addr[2], &id, sizeof(id)); | |
ddc93db6 | 248 | |
20ee54d0 | 249 | dhcp->magic_cookie = htonl(0x63825363); |
ddc93db6 | 250 | |
20ee54d0 | 251 | option = (dhcp_option_t*)&dhcp->options[optlen]; |
ddc93db6 MW |
252 | option->type = DHCP_MESSAGE_TYPE; |
253 | option->len = 1; | |
4f0932ec | 254 | option->data[0] = type; |
ddc93db6 MW |
255 | optlen += sizeof(dhcp_option_t) + option->len; |
256 | ||
0e5b94d0 TB |
257 | /* the REQUEST message has the most static overhead in the 'options' field |
258 | * with 17 bytes */ | |
259 | remaining = sizeof(dhcp->options) - optlen - 17; | |
260 | ||
12821bd6 AS |
261 | if (identity->get_type(identity) == ID_FQDN) |
262 | { | |
263 | option = (dhcp_option_t*)&dhcp->options[optlen]; | |
264 | option->type = DHCP_HOST_NAME; | |
0e5b94d0 | 265 | option->len = min(min(chunk.len, remaining-sizeof(dhcp_option_t)), 255); |
12821bd6 AS |
266 | memcpy(option->data, chunk.ptr, option->len); |
267 | optlen += sizeof(dhcp_option_t) + option->len; | |
0e5b94d0 | 268 | remaining -= sizeof(dhcp_option_t) + option->len; |
12821bd6 AS |
269 | } |
270 | ||
0e5b94d0 TB |
271 | if (remaining >= sizeof(dhcp_option_t) + 2) |
272 | { | |
273 | option = (dhcp_option_t*)&dhcp->options[optlen]; | |
274 | option->type = DHCP_CLIENT_ID; | |
275 | option->len = min(min(chunk.len, remaining-sizeof(dhcp_option_t)), 255); | |
276 | memcpy(option->data, chunk.ptr, option->len); | |
277 | optlen += sizeof(dhcp_option_t) + option->len; | |
278 | } | |
20ee54d0 MW |
279 | return optlen; |
280 | } | |
281 | ||
4f0932ec MW |
282 | /** |
283 | * Send a DHCP message with given options length | |
284 | */ | |
285 | static bool send_dhcp(private_dhcp_socket_t *this, | |
286 | dhcp_transaction_t *transaction, dhcp_t *dhcp, int optlen) | |
287 | { | |
288 | host_t *dst; | |
289 | ssize_t len; | |
290 | ||
291 | dst = transaction->get_server(transaction); | |
bc6ec4de | 292 | if (!dst || this->force_dst) |
4f0932ec MW |
293 | { |
294 | dst = this->dst; | |
295 | } | |
30e886fe | 296 | len = offsetof(dhcp_t, magic_cookie) + optlen + 4; |
4f0932ec MW |
297 | return sendto(this->send, dhcp, len, 0, dst->get_sockaddr(dst), |
298 | *dst->get_sockaddr_len(dst)) == len; | |
299 | } | |
300 | ||
20ee54d0 MW |
301 | /** |
302 | * Send DHCP discover using a given transaction | |
303 | */ | |
304 | static bool discover(private_dhcp_socket_t *this, | |
305 | dhcp_transaction_t *transaction) | |
306 | { | |
913eb696 | 307 | dhcp_option_t *option; |
20ee54d0 | 308 | dhcp_t dhcp; |
20ee54d0 MW |
309 | int optlen; |
310 | ||
4f0932ec | 311 | optlen = prepare_dhcp(this, transaction, DHCP_DISCOVER, &dhcp); |
20ee54d0 MW |
312 | |
313 | DBG1(DBG_CFG, "sending DHCP DISCOVER to %H", this->dst); | |
314 | ||
913eb696 MW |
315 | option = (dhcp_option_t*)&dhcp.options[optlen]; |
316 | option->type = DHCP_PARAM_REQ_LIST; | |
317 | option->len = 2; | |
318 | option->data[0] = DHCP_DNS_SERVER; | |
319 | option->data[1] = DHCP_NBNS_SERVER; | |
320 | optlen += sizeof(dhcp_option_t) + option->len; | |
321 | ||
20ee54d0 | 322 | dhcp.options[optlen++] = DHCP_OPTEND; |
ddc93db6 | 323 | |
4f0932ec | 324 | if (!send_dhcp(this, transaction, &dhcp, optlen)) |
ddc93db6 MW |
325 | { |
326 | DBG1(DBG_CFG, "sending DHCP DISCOVER failed: %s", strerror(errno)); | |
20ee54d0 | 327 | return FALSE; |
ddc93db6 | 328 | } |
20ee54d0 MW |
329 | return TRUE; |
330 | } | |
331 | ||
332 | /** | |
333 | * Send DHCP request using a given transaction | |
334 | */ | |
335 | static bool request(private_dhcp_socket_t *this, | |
4f0932ec | 336 | dhcp_transaction_t *transaction) |
20ee54d0 | 337 | { |
4f0932ec MW |
338 | dhcp_option_t *option; |
339 | dhcp_t dhcp; | |
340 | host_t *offer, *server; | |
341 | chunk_t chunk; | |
342 | int optlen; | |
343 | ||
344 | optlen = prepare_dhcp(this, transaction, DHCP_REQUEST, &dhcp); | |
345 | ||
346 | offer = transaction->get_address(transaction); | |
347 | server = transaction->get_server(transaction); | |
348 | if (!offer || !server) | |
349 | { | |
350 | return FALSE; | |
351 | } | |
352 | DBG1(DBG_CFG, "sending DHCP REQUEST for %H to %H", offer, server); | |
353 | ||
354 | option = (dhcp_option_t*)&dhcp.options[optlen]; | |
355 | option->type = DHCP_REQUESTED_IP; | |
356 | option->len = 4; | |
357 | chunk = offer->get_address(offer); | |
358 | memcpy(option->data, chunk.ptr, min(chunk.len, option->len)); | |
359 | optlen += sizeof(dhcp_option_t) + option->len; | |
360 | ||
361 | option = (dhcp_option_t*)&dhcp.options[optlen]; | |
362 | option->type = DHCP_SERVER_ID; | |
363 | option->len = 4; | |
364 | chunk = server->get_address(server); | |
365 | memcpy(option->data, chunk.ptr, min(chunk.len, option->len)); | |
366 | optlen += sizeof(dhcp_option_t) + option->len; | |
367 | ||
913eb696 MW |
368 | option = (dhcp_option_t*)&dhcp.options[optlen]; |
369 | option->type = DHCP_PARAM_REQ_LIST; | |
370 | option->len = 2; | |
371 | option->data[0] = DHCP_DNS_SERVER; | |
372 | option->data[1] = DHCP_NBNS_SERVER; | |
373 | optlen += sizeof(dhcp_option_t) + option->len; | |
374 | ||
4f0932ec MW |
375 | dhcp.options[optlen++] = DHCP_OPTEND; |
376 | ||
377 | if (!send_dhcp(this, transaction, &dhcp, optlen)) | |
378 | { | |
379 | DBG1(DBG_CFG, "sending DHCP REQUEST failed: %s", strerror(errno)); | |
380 | return FALSE; | |
381 | } | |
382 | return TRUE; | |
ddc93db6 MW |
383 | } |
384 | ||
385 | METHOD(dhcp_socket_t, enroll, dhcp_transaction_t*, | |
386 | private_dhcp_socket_t *this, identification_t *identity) | |
387 | { | |
388 | dhcp_transaction_t *transaction; | |
b12c53ce | 389 | uint32_t id; |
4f0932ec | 390 | int try; |
ddc93db6 | 391 | |
b12c53ce | 392 | if (!this->rng->get_bytes(this->rng, sizeof(id), (uint8_t*)&id)) |
7ae26710 TB |
393 | { |
394 | DBG1(DBG_CFG, "DHCP DISCOVER failed, no transaction ID"); | |
395 | return NULL; | |
396 | } | |
ddc93db6 | 397 | transaction = dhcp_transaction_create(id, identity); |
ddc93db6 | 398 | |
20ee54d0 MW |
399 | this->mutex->lock(this->mutex); |
400 | this->discover->insert_last(this->discover, transaction); | |
4f0932ec MW |
401 | try = 1; |
402 | while (try <= DHCP_TRIES && discover(this, transaction)) | |
20ee54d0 | 403 | { |
4f0932ec | 404 | if (!this->condvar->timed_wait(this->condvar, this->mutex, 1000 * try) && |
2e4d110d | 405 | this->request->find_first(this->request, NULL, (void**)&transaction)) |
20ee54d0 MW |
406 | { |
407 | break; | |
408 | } | |
4f0932ec | 409 | try++; |
20ee54d0 MW |
410 | } |
411 | if (this->discover->remove(this->discover, transaction, NULL)) | |
412 | { /* no OFFER received */ | |
413 | this->mutex->unlock(this->mutex); | |
414 | transaction->destroy(transaction); | |
500a6d38 | 415 | DBG1(DBG_CFG, "DHCP DISCOVER timed out"); |
20ee54d0 MW |
416 | return NULL; |
417 | } | |
418 | ||
4f0932ec MW |
419 | try = 1; |
420 | while (try <= DHCP_TRIES && request(this, transaction)) | |
20ee54d0 | 421 | { |
4f0932ec MW |
422 | if (!this->condvar->timed_wait(this->condvar, this->mutex, 1000 * try) && |
423 | this->completed->remove(this->completed, transaction, NULL)) | |
20ee54d0 MW |
424 | { |
425 | break; | |
426 | } | |
4f0932ec | 427 | try++; |
20ee54d0 MW |
428 | } |
429 | if (this->request->remove(this->request, transaction, NULL)) | |
430 | { /* no ACK received */ | |
431 | this->mutex->unlock(this->mutex); | |
432 | transaction->destroy(transaction); | |
19d49af5 | 433 | DBG1(DBG_CFG, "DHCP REQUEST timed out"); |
20ee54d0 MW |
434 | return NULL; |
435 | } | |
436 | this->mutex->unlock(this->mutex); | |
437 | ||
4f0932ec | 438 | return transaction; |
ddc93db6 MW |
439 | } |
440 | ||
913eb696 MW |
441 | METHOD(dhcp_socket_t, release, void, |
442 | private_dhcp_socket_t *this, dhcp_transaction_t *transaction) | |
443 | { | |
444 | dhcp_option_t *option; | |
445 | dhcp_t dhcp; | |
446 | host_t *release, *server; | |
447 | chunk_t chunk; | |
448 | int optlen; | |
449 | ||
450 | optlen = prepare_dhcp(this, transaction, DHCP_RELEASE, &dhcp); | |
451 | ||
452 | release = transaction->get_address(transaction); | |
453 | server = transaction->get_server(transaction); | |
454 | if (!release || !server) | |
455 | { | |
456 | return; | |
457 | } | |
458 | DBG1(DBG_CFG, "sending DHCP RELEASE for %H to %H", release, server); | |
459 | ||
460 | chunk = release->get_address(release); | |
e433d512 | 461 | memcpy((char*)&dhcp.client_address, chunk.ptr, |
913eb696 MW |
462 | min(chunk.len, sizeof(dhcp.client_address))); |
463 | ||
464 | option = (dhcp_option_t*)&dhcp.options[optlen]; | |
465 | option->type = DHCP_SERVER_ID; | |
466 | option->len = 4; | |
467 | chunk = server->get_address(server); | |
468 | memcpy(option->data, chunk.ptr, min(chunk.len, option->len)); | |
469 | optlen += sizeof(dhcp_option_t) + option->len; | |
470 | ||
471 | dhcp.options[optlen++] = DHCP_OPTEND; | |
472 | ||
473 | if (!send_dhcp(this, transaction, &dhcp, optlen)) | |
474 | { | |
475 | DBG1(DBG_CFG, "sending DHCP RELEASE failed: %s", strerror(errno)); | |
476 | } | |
477 | } | |
478 | ||
20ee54d0 | 479 | /** |
4f0932ec | 480 | * Handle a DHCP OFFER |
20ee54d0 MW |
481 | */ |
482 | static void handle_offer(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen) | |
483 | { | |
b262429e | 484 | dhcp_transaction_t *transaction = NULL; |
20ee54d0 | 485 | enumerator_t *enumerator; |
9bac426b | 486 | host_t *offer, *server = NULL; |
20ee54d0 MW |
487 | |
488 | offer = host_create_from_chunk(AF_INET, | |
4f0932ec | 489 | chunk_from_thing(dhcp->your_address), 0); |
20ee54d0 MW |
490 | |
491 | this->mutex->lock(this->mutex); | |
492 | enumerator = this->discover->create_enumerator(this->discover); | |
493 | while (enumerator->enumerate(enumerator, &transaction)) | |
494 | { | |
495 | if (transaction->get_id(transaction) == dhcp->transaction_id) | |
496 | { | |
497 | this->discover->remove_at(this->discover, enumerator); | |
498 | this->request->insert_last(this->request, transaction); | |
4f0932ec MW |
499 | break; |
500 | } | |
501 | } | |
502 | enumerator->destroy(enumerator); | |
b262429e MW |
503 | |
504 | if (transaction) | |
505 | { | |
506 | int optsize, optpos = 0, pos; | |
507 | dhcp_option_t *option; | |
508 | ||
509 | while (optlen > sizeof(dhcp_option_t)) | |
510 | { | |
511 | option = (dhcp_option_t*)&dhcp->options[optpos]; | |
512 | optsize = sizeof(dhcp_option_t) + option->len; | |
513 | if (option->type == DHCP_OPTEND || optlen < optsize) | |
514 | { | |
515 | break; | |
516 | } | |
517 | if (option->type == DHCP_DNS_SERVER || | |
518 | option->type == DHCP_NBNS_SERVER) | |
519 | { | |
520 | for (pos = 0; pos + 4 <= option->len; pos += 4) | |
521 | { | |
522 | transaction->add_attribute(transaction, option->type == | |
523 | DHCP_DNS_SERVER ? INTERNAL_IP4_DNS : INTERNAL_IP4_NBNS, | |
524 | chunk_create((char*)&option->data[pos], 4)); | |
525 | } | |
526 | } | |
9bac426b | 527 | if (!server && option->type == DHCP_SERVER_ID && option->len == 4) |
e3bde0ef MW |
528 | { |
529 | server = host_create_from_chunk(AF_INET, | |
530 | chunk_create(option->data, 4), DHCP_SERVER_PORT); | |
531 | } | |
b262429e MW |
532 | optlen -= optsize; |
533 | optpos += optsize; | |
534 | } | |
e3bde0ef MW |
535 | if (!server) |
536 | { | |
537 | server = host_create_from_chunk(AF_INET, | |
538 | chunk_from_thing(dhcp->server_address), DHCP_SERVER_PORT); | |
539 | } | |
540 | DBG1(DBG_CFG, "received DHCP OFFER %H from %H", offer, server); | |
541 | transaction->set_address(transaction, offer->clone(offer)); | |
9bac426b | 542 | transaction->set_server(transaction, server); |
b262429e | 543 | } |
4f0932ec MW |
544 | this->mutex->unlock(this->mutex); |
545 | this->condvar->broadcast(this->condvar); | |
546 | offer->destroy(offer); | |
4f0932ec MW |
547 | } |
548 | ||
549 | /** | |
550 | * Handle a DHCP ACK | |
551 | */ | |
552 | static void handle_ack(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen) | |
553 | { | |
554 | dhcp_transaction_t *transaction; | |
555 | enumerator_t *enumerator; | |
556 | host_t *offer; | |
557 | ||
558 | offer = host_create_from_chunk(AF_INET, | |
559 | chunk_from_thing(dhcp->your_address), 0); | |
4f0932ec MW |
560 | |
561 | this->mutex->lock(this->mutex); | |
562 | enumerator = this->request->create_enumerator(this->request); | |
563 | while (enumerator->enumerate(enumerator, &transaction)) | |
564 | { | |
565 | if (transaction->get_id(transaction) == dhcp->transaction_id) | |
566 | { | |
f0212e88 | 567 | DBG1(DBG_CFG, "received DHCP ACK for %H", offer); |
4f0932ec MW |
568 | this->request->remove_at(this->request, enumerator); |
569 | this->completed->insert_last(this->completed, transaction); | |
20ee54d0 MW |
570 | break; |
571 | } | |
572 | } | |
573 | enumerator->destroy(enumerator); | |
574 | this->mutex->unlock(this->mutex); | |
575 | this->condvar->broadcast(this->condvar); | |
576 | offer->destroy(offer); | |
577 | } | |
578 | ||
579 | /** | |
580 | * Receive DHCP responses | |
581 | */ | |
c0db5d38 MW |
582 | static bool receive_dhcp(private_dhcp_socket_t *this, int fd, |
583 | watcher_event_t event) | |
20ee54d0 MW |
584 | { |
585 | struct sockaddr_ll addr; | |
586 | socklen_t addr_len = sizeof(addr); | |
587 | struct __attribute__((packed)) { | |
588 | struct iphdr ip; | |
589 | struct udphdr udp; | |
590 | dhcp_t dhcp; | |
591 | } packet; | |
c0db5d38 | 592 | int optlen, origoptlen, optsize, optpos = 0; |
20ee54d0 MW |
593 | ssize_t len; |
594 | dhcp_option_t *option; | |
595 | ||
c0db5d38 | 596 | len = recvfrom(fd, &packet, sizeof(packet), MSG_DONTWAIT, |
20ee54d0 | 597 | (struct sockaddr*)&addr, &addr_len); |
20ee54d0 MW |
598 | |
599 | if (len >= sizeof(struct iphdr) + sizeof(struct udphdr) + | |
600 | offsetof(dhcp_t, options)) | |
601 | { | |
602 | origoptlen = optlen = len - sizeof(struct iphdr) + | |
603 | sizeof(struct udphdr) + offsetof(dhcp_t, options); | |
604 | while (optlen > sizeof(dhcp_option_t)) | |
605 | { | |
606 | option = (dhcp_option_t*)&packet.dhcp.options[optpos]; | |
607 | optsize = sizeof(dhcp_option_t) + option->len; | |
608 | if (option->type == DHCP_OPTEND || optlen < optsize) | |
609 | { | |
610 | break; | |
611 | } | |
612 | if (option->type == DHCP_MESSAGE_TYPE && option->len == 1) | |
613 | { | |
614 | switch (option->data[0]) | |
615 | { | |
616 | case DHCP_OFFER: | |
617 | handle_offer(this, &packet.dhcp, origoptlen); | |
618 | break; | |
4f0932ec MW |
619 | case DHCP_ACK: |
620 | handle_ack(this, &packet.dhcp, origoptlen); | |
20ee54d0 MW |
621 | default: |
622 | break; | |
623 | } | |
624 | break; | |
625 | } | |
626 | optlen -= optsize; | |
627 | optpos += optsize; | |
628 | } | |
629 | } | |
c0db5d38 | 630 | return TRUE; |
20ee54d0 MW |
631 | } |
632 | ||
ddc93db6 MW |
633 | METHOD(dhcp_socket_t, destroy, void, |
634 | private_dhcp_socket_t *this) | |
635 | { | |
ddc93db6 MW |
636 | while (this->waiting) |
637 | { | |
638 | this->condvar->signal(this->condvar); | |
639 | } | |
20ee54d0 MW |
640 | if (this->send > 0) |
641 | { | |
642 | close(this->send); | |
643 | } | |
644 | if (this->receive > 0) | |
ddc93db6 | 645 | { |
c0db5d38 | 646 | lib->watcher->remove(lib->watcher, this->receive); |
20ee54d0 | 647 | close(this->receive); |
ddc93db6 MW |
648 | } |
649 | this->mutex->destroy(this->mutex); | |
650 | this->condvar->destroy(this->condvar); | |
20ee54d0 MW |
651 | this->discover->destroy_offset(this->discover, |
652 | offsetof(dhcp_transaction_t, destroy)); | |
653 | this->request->destroy_offset(this->request, | |
654 | offsetof(dhcp_transaction_t, destroy)); | |
655 | this->completed->destroy_offset(this->completed, | |
656 | offsetof(dhcp_transaction_t, destroy)); | |
ddc93db6 MW |
657 | DESTROY_IF(this->rng); |
658 | DESTROY_IF(this->dst); | |
659 | free(this); | |
660 | } | |
661 | ||
3711f66e TE |
662 | /** |
663 | * Bind a socket to a particular interface name | |
664 | */ | |
665 | static bool bind_to_device(int fd, char *iface) | |
666 | { | |
667 | struct ifreq ifreq; | |
668 | ||
669 | if (strlen(iface) > sizeof(ifreq.ifr_name)) | |
670 | { | |
671 | DBG1(DBG_CFG, "name for DHCP interface too long: '%s'", iface); | |
672 | return FALSE; | |
673 | } | |
674 | memcpy(ifreq.ifr_name, iface, sizeof(ifreq.ifr_name)); | |
675 | if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, &ifreq, sizeof(ifreq))) | |
676 | { | |
677 | DBG1(DBG_CFG, "binding DHCP socket to '%s' failed: %s", | |
678 | iface, strerror(errno)); | |
679 | return FALSE; | |
680 | } | |
681 | return TRUE; | |
682 | } | |
683 | ||
ddc93db6 MW |
684 | /** |
685 | * See header | |
686 | */ | |
687 | dhcp_socket_t *dhcp_socket_create() | |
688 | { | |
689 | private_dhcp_socket_t *this; | |
9d5b688a TB |
690 | struct sockaddr_in src = { |
691 | .sin_family = AF_INET, | |
692 | .sin_port = htons(DHCP_CLIENT_PORT), | |
693 | .sin_addr = { | |
694 | .s_addr = INADDR_ANY, | |
695 | }, | |
696 | }; | |
3711f66e | 697 | char *iface; |
13edecdc | 698 | int on = 1, rcvbuf = 0; |
20ee54d0 MW |
699 | struct sock_filter dhcp_filter_code[] = { |
700 | BPF_STMT(BPF_LD+BPF_B+BPF_ABS, | |
701 | offsetof(struct iphdr, protocol)), | |
f0212e88 | 702 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, IPPROTO_UDP, 0, 16), |
20ee54d0 MW |
703 | BPF_STMT(BPF_LD+BPF_H+BPF_ABS, sizeof(struct iphdr) + |
704 | offsetof(struct udphdr, source)), | |
f0212e88 | 705 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_SERVER_PORT, 0, 14), |
20ee54d0 MW |
706 | BPF_STMT(BPF_LD+BPF_H+BPF_ABS, sizeof(struct iphdr) + |
707 | offsetof(struct udphdr, dest)), | |
e8b5c7b9 TB |
708 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_CLIENT_PORT, 2, 0), |
709 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_SERVER_PORT, 1, 0), | |
710 | BPF_JUMP(BPF_JMP+BPF_JA, 10, 0, 0), | |
20ee54d0 MW |
711 | BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) + |
712 | sizeof(struct udphdr) + offsetof(dhcp_t, opcode)), | |
713 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, BOOTREPLY, 0, 8), | |
714 | BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) + | |
715 | sizeof(struct udphdr) + offsetof(dhcp_t, hw_type)), | |
716 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARPHRD_ETHER, 0, 6), | |
717 | BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) + | |
718 | sizeof(struct udphdr) + offsetof(dhcp_t, hw_addr_len)), | |
719 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 6, 0, 4), | |
720 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, sizeof(struct iphdr) + | |
721 | sizeof(struct udphdr) + offsetof(dhcp_t, magic_cookie)), | |
722 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0x63825363, 0, 2), | |
723 | BPF_STMT(BPF_LD+BPF_W+BPF_LEN, 0), | |
724 | BPF_STMT(BPF_RET+BPF_A, 0), | |
725 | BPF_STMT(BPF_RET+BPF_K, 0), | |
726 | }; | |
727 | struct sock_fprog dhcp_filter = { | |
728 | sizeof(dhcp_filter_code) / sizeof(struct sock_filter), | |
729 | dhcp_filter_code, | |
730 | }; | |
ddc93db6 MW |
731 | |
732 | INIT(this, | |
733 | .public = { | |
734 | .enroll = _enroll, | |
913eb696 | 735 | .release = _release, |
ddc93db6 MW |
736 | .destroy = _destroy, |
737 | }, | |
738 | .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK), | |
739 | .mutex = mutex_create(MUTEX_TYPE_DEFAULT), | |
740 | .condvar = condvar_create(CONDVAR_TYPE_DEFAULT), | |
20ee54d0 MW |
741 | .discover = linked_list_create(), |
742 | .request = linked_list_create(), | |
ddc93db6 MW |
743 | .completed = linked_list_create(), |
744 | ); | |
745 | ||
746 | if (!this->rng) | |
747 | { | |
748 | DBG1(DBG_CFG, "unable to create RNG"); | |
749 | destroy(this); | |
750 | return NULL; | |
751 | } | |
e06a6154 | 752 | this->identity_lease = lib->settings->get_bool(lib->settings, |
42500c27 | 753 | "%s.plugins.dhcp.identity_lease", FALSE, |
d223fe80 | 754 | lib->ns); |
bc6ec4de TB |
755 | this->force_dst = lib->settings->get_str(lib->settings, |
756 | "%s.plugins.dhcp.force_server_address", FALSE, | |
d223fe80 | 757 | lib->ns); |
ddc93db6 | 758 | this->dst = host_create_from_string(lib->settings->get_str(lib->settings, |
42500c27 | 759 | "%s.plugins.dhcp.server", "255.255.255.255", |
d223fe80 | 760 | lib->ns), DHCP_SERVER_PORT); |
3711f66e | 761 | iface = lib->settings->get_str(lib->settings, "%s.plugins.dhcp.interface", |
d223fe80 | 762 | NULL, lib->ns); |
ddc93db6 MW |
763 | if (!this->dst) |
764 | { | |
765 | DBG1(DBG_CFG, "configured DHCP server address invalid"); | |
766 | destroy(this); | |
767 | return NULL; | |
768 | } | |
769 | ||
20ee54d0 MW |
770 | this->send = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); |
771 | if (this->send == -1) | |
ddc93db6 MW |
772 | { |
773 | DBG1(DBG_CFG, "unable to create DHCP send socket: %s", strerror(errno)); | |
774 | destroy(this); | |
775 | return NULL; | |
776 | } | |
20ee54d0 | 777 | if (setsockopt(this->send, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1) |
ddc93db6 MW |
778 | { |
779 | DBG1(DBG_CFG, "unable to reuse DHCP socket address: %s", strerror(errno)); | |
780 | destroy(this); | |
781 | return NULL; | |
782 | } | |
20ee54d0 | 783 | if (setsockopt(this->send, SOL_SOCKET, SO_BROADCAST, &on, sizeof(on)) == -1) |
ddc93db6 MW |
784 | { |
785 | DBG1(DBG_CFG, "unable to broadcast on DHCP socket: %s", strerror(errno)); | |
786 | destroy(this); | |
787 | return NULL; | |
788 | } | |
13edecdc TB |
789 | /* we won't read any data from this socket, so reduce the buffer to save |
790 | * some memory (there is some minimum, still try 0, though). | |
791 | * note that we might steal some packets from other processes if e.g. a DHCP | |
792 | * client (or server) is running on the same host, but by reducing the | |
793 | * buffer size the impact should be minimized */ | |
794 | if (setsockopt(this->send, SOL_SOCKET, SO_RCVBUF, &rcvbuf, | |
795 | sizeof(rcvbuf)) == -1) | |
796 | { | |
797 | DBG1(DBG_CFG, "unable to reduce receive buffer on DHCP send socket: %s", | |
798 | strerror(errno)); | |
799 | destroy(this); | |
800 | return NULL; | |
801 | } | |
becf027c TB |
802 | if (!is_broadcast(this->dst)) |
803 | { | |
804 | /* when setting giaddr (which we do when we don't broadcast), the server | |
805 | * should respond to the server port on that IP, according to RFC 2131, | |
806 | * section 4.1. while we do receive such messages via raw socket, the | |
807 | * kernel will respond with an ICMP port unreachable if there is no | |
808 | * socket bound to that port, which might be problematic with certain | |
809 | * DHCP servers. instead of opening an additional socket, that we don't | |
810 | * actually use, we can also just send our requests from port 67 */ | |
811 | src.sin_port = htons(DHCP_SERVER_PORT); | |
812 | } | |
20ee54d0 | 813 | if (bind(this->send, (struct sockaddr*)&src, sizeof(src)) == -1) |
ddc93db6 MW |
814 | { |
815 | DBG1(DBG_CFG, "unable to bind DHCP send socket: %s", strerror(errno)); | |
816 | destroy(this); | |
817 | return NULL; | |
818 | } | |
819 | ||
20ee54d0 MW |
820 | this->receive = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_IP)); |
821 | if (this->receive == -1) | |
822 | { | |
823 | DBG1(DBG_NET, "opening DHCP receive socket failed: %s", strerror(errno)); | |
824 | destroy(this); | |
825 | return NULL; | |
826 | } | |
827 | if (setsockopt(this->receive, SOL_SOCKET, SO_ATTACH_FILTER, | |
828 | &dhcp_filter, sizeof(dhcp_filter)) < 0) | |
829 | { | |
830 | DBG1(DBG_CFG, "installing DHCP socket filter failed: %s", | |
831 | strerror(errno)); | |
832 | destroy(this); | |
833 | return NULL; | |
834 | } | |
3711f66e TE |
835 | if (iface) |
836 | { | |
837 | if (!bind_to_device(this->send, iface) || | |
838 | !bind_to_device(this->receive, iface)) | |
839 | { | |
840 | destroy(this); | |
841 | return NULL; | |
842 | } | |
843 | } | |
20ee54d0 | 844 | |
c0db5d38 MW |
845 | lib->watcher->add(lib->watcher, this->receive, WATCHER_READ, |
846 | (watcher_cb_t)receive_dhcp, this); | |
20ee54d0 | 847 | |
ddc93db6 MW |
848 | return &this->public; |
849 | } |