]> git.ipfire.org Git - thirdparty/strongswan.git/blame - src/libcharon/plugins/dhcp/dhcp_socket.c
projects / thirdparty / strongswan.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
dhcp: Increase maximum size of client identification option
[thirdparty/strongswan.git] / src / libcharon / plugins / dhcp / dhcp_socket.c
CommitLineData
ddc93db6 1/*
becf027c
TB		 2 * Copyright (C) 2012-2018 Tobias Brunner
3 * HSR Hochschule fuer Technik Rapperswil
4 *
ddc93db6
MW		 5 * Copyright (C) 2010 Martin Willi
6 * Copyright (C) 2010 revosec AG
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19#include "dhcp_socket.h"
20
21#include <unistd.h>
22#include <errno.h>
23#include <string.h>
24#include <netinet/in.h>
25#include <netinet/ip.h>
26#include <netinet/udp.h>
27#include <linux/if_arp.h>
20ee54d0
MW		 28#include <linux/if_ether.h>
29#include <linux/filter.h>
ddc93db6 30
12642a68 31#include <collections/linked_list.h>
ddc93db6
MW		 32#include <utils/identification.h>
33#include <threading/mutex.h>
34#include <threading/condvar.h>
35#include <threading/thread.h>
36
37#include <daemon.h>
38#include <processing/jobs/callback_job.h>
39
40#define DHCP_SERVER_PORT 67
41#define DHCP_CLIENT_PORT 68
4f0932ec 42#define DHCP_TRIES 5
ddc93db6
MW		 43
44typedef struct private_dhcp_socket_t private_dhcp_socket_t;
45
46/**
47 * Private data of an dhcp_socket_t object.
48 */
49struct private_dhcp_socket_t {
50
51 /**
52 * Public dhcp_socket_t interface.
53 */
54 dhcp_socket_t public;
55
56 /**
57 * Random number generator
58 */
59 rng_t *rng;
60
61 /**
20ee54d0 62 * List of transactions in DISCOVER
ddc93db6 63 */
20ee54d0
MW		 64 linked_list_t *discover;
65
66 /**
67 * List of transactions in REQUEST
68 */
69 linked_list_t *request;
ddc93db6
MW		 70
71 /**
72 * List of successfully completed transactions
73 */
74 linked_list_t *completed;
75
76 /**
77 * Lock for transactions
78 */
79 mutex_t *mutex;
80
81 /**
82 * Condvar to wait for transaction completion
83 */
84 condvar_t *condvar;
85
86 /**
87 * Threads waiting in condvar
88 */
89 int waiting;
90
91 /**
20ee54d0
MW		 92 * DHCP send socket
93 */
94 int send;
95
96 /**
97 * DHCP receive socket
ddc93db6 98 */
20ee54d0 99 int receive;
ddc93db6 100
e06a6154
MW		 101 /**
102 * Do we use per-identity or random leases (and MAC addresses)
103 */
104 bool identity_lease;
105
ddc93db6
MW		 106 /**
107 * DHCP server address, or broadcast
108 */
109 host_t *dst;
bc6ec4de
TB		 110
111 /**
112 * Force configured destination address
113 */
114 bool force_dst;
ddc93db6
MW		 115};
116
4f0932ec
MW		 117/**
118 * DHCP opcode (or BOOTP actually)
119 */
ddc93db6
MW		 120typedef enum {
121 BOOTREQUEST = 1,
122 BOOTREPLY = 2,
123} dhcp_opcode_t;
124
4f0932ec
MW		 125/**
126 * Some DHCP options used
127 */
ddc93db6 128typedef enum {
913eb696 129 DHCP_DNS_SERVER = 6,
ddc93db6 130 DHCP_HOST_NAME = 12,
913eb696 131 DHCP_NBNS_SERVER = 44,
4f0932ec 132 DHCP_REQUESTED_IP = 50,
ddc93db6 133 DHCP_MESSAGE_TYPE = 53,
4f0932ec 134 DHCP_SERVER_ID = 54,
ddc93db6 135 DHCP_PARAM_REQ_LIST = 55,
12821bd6 136 DHCP_CLIENT_ID = 61,
20ee54d0 137 DHCP_OPTEND = 255,
ddc93db6
MW		 138} dhcp_option_type_t;
139
4f0932ec
MW		 140/**
141 * DHCP messages types in the DHCP_MESSAGE_TYPE option
142 */
ddc93db6
MW		 143typedef enum {
144 DHCP_DISCOVER = 1,
20ee54d0
MW		 145 DHCP_OFFER = 2,
146 DHCP_REQUEST = 3,
147 DHCP_DECLINE = 4,
148 DHCP_ACK = 5,
149 DHCP_NAK = 6,
150 DHCP_RELEASE = 7,
151 DHCP_INFORM = 8,
ddc93db6 152} dhcp_message_type_t;
4f0932ec
MW		 153/**
154 * DHCP option encoding, a TLV
155 */
ddc93db6 156typedef struct __attribute__((packed)) {
b12c53ce
AS		 157 uint8_t type;
158 uint8_t len;
ddc93db6
MW		 159 char data[];
160} dhcp_option_t;
161
4f0932ec 162/**
30e886fe 163 * DHCP message format, with a minimum size options buffer
4f0932ec 164 */
ddc93db6 165typedef struct __attribute__((packed)) {
b12c53ce
AS		 166 uint8_t opcode;
167 uint8_t hw_type;
168 uint8_t hw_addr_len;
169 uint8_t hop_count;
170 uint32_t transaction_id;
171 uint16_t number_of_seconds;
172 uint16_t flags;
173 uint32_t client_address;
174 uint32_t your_address;
175 uint32_t server_address;
176 uint32_t gateway_address;
ddc93db6
MW		 177 char client_hw_addr[6];
178 char client_hw_padding[10];
179 char server_hostname[64];
180 char boot_filename[128];
b12c53ce 181 uint32_t magic_cookie;
30e886fe 182 u_char options[308];
ddc93db6
MW		 183} dhcp_t;
184
becf027c
TB		 185/**
186 * Check if the given address equals the broadcast address
187 */
188static inline bool is_broadcast(host_t *host)
189{
190 chunk_t broadcast = chunk_from_chars(0xFF,0xFF,0xFF,0xFF);
191
192 return chunk_equals(broadcast, host->get_address(host));
193}
194
ddc93db6 195/**
20ee54d0 196 * Prepare a DHCP message for a given transaction
ddc93db6 197 */
20ee54d0 198static int prepare_dhcp(private_dhcp_socket_t *this,
4f0932ec
MW		 199 dhcp_transaction_t *transaction,
200 dhcp_message_type_t type, dhcp_t *dhcp)
ddc93db6 201{
becf027c 202 chunk_t chunk;
ddc93db6
MW		 203 identification_t *identity;
204 dhcp_option_t *option;
0e5b94d0 205 int optlen = 0, remaining;
ddc93db6 206 host_t *src;
b12c53ce 207 uint32_t id;
ddc93db6 208
20ee54d0
MW		 209 memset(dhcp, 0, sizeof(*dhcp));
210 dhcp->opcode = BOOTREQUEST;
211 dhcp->hw_type = ARPHRD_ETHER;
212 dhcp->hw_addr_len = 6;
213 dhcp->transaction_id = transaction->get_id(transaction);
becf027c 214 if (is_broadcast(this->dst))
ddc93db6 215 {
2b3c87b4
MW		 216 /* Set broadcast flag to get broadcasted replies, as we actually
217 * do not own the MAC we request an address for. */
218 dhcp->flags = htons(0x8000);
ddc93db6
MW		 219 /* TODO: send with 0.0.0.0 source address */
220 }
221 else
222 {
223 /* act as relay agent */
8394ea2a 224 src = charon->kernel->get_source_addr(charon->kernel, this->dst, NULL);
ddc93db6
MW		 225 if (src)
226 {
20ee54d0
MW		 227 memcpy(&dhcp->gateway_address, src->get_address(src).ptr,
228 sizeof(dhcp->gateway_address));
ddc93db6
MW		 229 src->destroy(src);
230 }
231 }
232
233 identity = transaction->get_identity(transaction);
20ee54d0 234 chunk = identity->get_encoding(identity);
ddc93db6 235 /* magic bytes, a locally administered unicast MAC */
20ee54d0
MW		 236 dhcp->client_hw_addr[0] = 0x7A;
237 dhcp->client_hw_addr[1] = 0xA7;
ddc93db6 238 /* with ID specific postfix */
e06a6154
MW		 239 if (this->identity_lease)
240 {
50daffb7 241 id = htonl(chunk_hash_static(chunk));
e06a6154
MW		 242 }
243 else
244 {
245 id = transaction->get_id(transaction);
246 }
247 memcpy(&dhcp->client_hw_addr[2], &id, sizeof(id));
ddc93db6 248
20ee54d0 249 dhcp->magic_cookie = htonl(0x63825363);
ddc93db6 250
20ee54d0 251 option = (dhcp_option_t*)&dhcp->options[optlen];
ddc93db6
MW		 252 option->type = DHCP_MESSAGE_TYPE;
253 option->len = 1;
4f0932ec 254 option->data[0] = type;
ddc93db6
MW		 255 optlen += sizeof(dhcp_option_t) + option->len;
256
0e5b94d0
TB		 257 /* the REQUEST message has the most static overhead in the 'options' field
258 * with 17 bytes */
259 remaining = sizeof(dhcp->options) - optlen - 17;
260
12821bd6
AS		 261 if (identity->get_type(identity) == ID_FQDN)
262 {
263 option = (dhcp_option_t*)&dhcp->options[optlen];
264 option->type = DHCP_HOST_NAME;
0e5b94d0 265 option->len = min(min(chunk.len, remaining-sizeof(dhcp_option_t)), 255);
12821bd6
AS		 266 memcpy(option->data, chunk.ptr, option->len);
267 optlen += sizeof(dhcp_option_t) + option->len;
0e5b94d0 268 remaining -= sizeof(dhcp_option_t) + option->len;
12821bd6
AS		 269 }
270
0e5b94d0
TB		 271 if (remaining >= sizeof(dhcp_option_t) + 2)
272 {
273 option = (dhcp_option_t*)&dhcp->options[optlen];
274 option->type = DHCP_CLIENT_ID;
275 option->len = min(min(chunk.len, remaining-sizeof(dhcp_option_t)), 255);
276 memcpy(option->data, chunk.ptr, option->len);
277 optlen += sizeof(dhcp_option_t) + option->len;
278 }
20ee54d0
MW		 279 return optlen;
280}
281
4f0932ec
MW		 282/**
283 * Send a DHCP message with given options length
284 */
285static bool send_dhcp(private_dhcp_socket_t *this,
286 dhcp_transaction_t *transaction, dhcp_t *dhcp, int optlen)
287{
288 host_t *dst;
289 ssize_t len;
290
291 dst = transaction->get_server(transaction);
bc6ec4de 292 if (!dst || this->force_dst)
4f0932ec
MW		 293 {
294 dst = this->dst;
295 }
30e886fe 296 len = offsetof(dhcp_t, magic_cookie) + optlen + 4;
4f0932ec
MW		 297 return sendto(this->send, dhcp, len, 0, dst->get_sockaddr(dst),
298 *dst->get_sockaddr_len(dst)) == len;
299}
300
20ee54d0
MW		 301/**
302 * Send DHCP discover using a given transaction
303 */
304static bool discover(private_dhcp_socket_t *this,
305 dhcp_transaction_t *transaction)
306{
913eb696 307 dhcp_option_t *option;
20ee54d0 308 dhcp_t dhcp;
20ee54d0
MW		 309 int optlen;
310
4f0932ec 311 optlen = prepare_dhcp(this, transaction, DHCP_DISCOVER, &dhcp);
20ee54d0
MW		 312
313 DBG1(DBG_CFG, "sending DHCP DISCOVER to %H", this->dst);
314
913eb696
MW		 315 option = (dhcp_option_t*)&dhcp.options[optlen];
316 option->type = DHCP_PARAM_REQ_LIST;
317 option->len = 2;
318 option->data[0] = DHCP_DNS_SERVER;
319 option->data[1] = DHCP_NBNS_SERVER;
320 optlen += sizeof(dhcp_option_t) + option->len;
321
20ee54d0 322 dhcp.options[optlen++] = DHCP_OPTEND;
ddc93db6 323
4f0932ec 324 if (!send_dhcp(this, transaction, &dhcp, optlen))
ddc93db6
MW		 325 {
326 DBG1(DBG_CFG, "sending DHCP DISCOVER failed: %s", strerror(errno));
20ee54d0 327 return FALSE;
ddc93db6 328 }
20ee54d0
MW		 329 return TRUE;
330}
331
332/**
333 * Send DHCP request using a given transaction
334 */
335static bool request(private_dhcp_socket_t *this,
4f0932ec 336 dhcp_transaction_t *transaction)
20ee54d0 337{
4f0932ec
MW		 338 dhcp_option_t *option;
339 dhcp_t dhcp;
340 host_t *offer, *server;
341 chunk_t chunk;
342 int optlen;
343
344 optlen = prepare_dhcp(this, transaction, DHCP_REQUEST, &dhcp);
345
346 offer = transaction->get_address(transaction);
347 server = transaction->get_server(transaction);
348 if (!offer || !server)
349 {
350 return FALSE;
351 }
352 DBG1(DBG_CFG, "sending DHCP REQUEST for %H to %H", offer, server);
353
354 option = (dhcp_option_t*)&dhcp.options[optlen];
355 option->type = DHCP_REQUESTED_IP;
356 option->len = 4;
357 chunk = offer->get_address(offer);
358 memcpy(option->data, chunk.ptr, min(chunk.len, option->len));
359 optlen += sizeof(dhcp_option_t) + option->len;
360
361 option = (dhcp_option_t*)&dhcp.options[optlen];
362 option->type = DHCP_SERVER_ID;
363 option->len = 4;
364 chunk = server->get_address(server);
365 memcpy(option->data, chunk.ptr, min(chunk.len, option->len));
366 optlen += sizeof(dhcp_option_t) + option->len;
367
913eb696
MW		 368 option = (dhcp_option_t*)&dhcp.options[optlen];
369 option->type = DHCP_PARAM_REQ_LIST;
370 option->len = 2;
371 option->data[0] = DHCP_DNS_SERVER;
372 option->data[1] = DHCP_NBNS_SERVER;
373 optlen += sizeof(dhcp_option_t) + option->len;
374
4f0932ec
MW		 375 dhcp.options[optlen++] = DHCP_OPTEND;
376
377 if (!send_dhcp(this, transaction, &dhcp, optlen))
378 {
379 DBG1(DBG_CFG, "sending DHCP REQUEST failed: %s", strerror(errno));
380 return FALSE;
381 }
382 return TRUE;
ddc93db6
MW		 383}
384
385METHOD(dhcp_socket_t, enroll, dhcp_transaction_t*,
386 private_dhcp_socket_t *this, identification_t *identity)
387{
388 dhcp_transaction_t *transaction;
b12c53ce 389 uint32_t id;
4f0932ec 390 int try;
ddc93db6 391
b12c53ce 392 if (!this->rng->get_bytes(this->rng, sizeof(id), (uint8_t*)&id))
7ae26710
TB		 393 {
394 DBG1(DBG_CFG, "DHCP DISCOVER failed, no transaction ID");
395 return NULL;
396 }
ddc93db6 397 transaction = dhcp_transaction_create(id, identity);
ddc93db6 398
20ee54d0
MW		 399 this->mutex->lock(this->mutex);
400 this->discover->insert_last(this->discover, transaction);
4f0932ec
MW		 401 try = 1;
402 while (try <= DHCP_TRIES && discover(this, transaction))
20ee54d0 403 {
4f0932ec 404 if (!this->condvar->timed_wait(this->condvar, this->mutex, 1000 * try) &&
2e4d110d 405 this->request->find_first(this->request, NULL, (void**)&transaction))
20ee54d0
MW		 406 {
407 break;
408 }
4f0932ec 409 try++;
20ee54d0
MW		 410 }
411 if (this->discover->remove(this->discover, transaction, NULL))
412 { /* no OFFER received */
413 this->mutex->unlock(this->mutex);
414 transaction->destroy(transaction);
500a6d38 415 DBG1(DBG_CFG, "DHCP DISCOVER timed out");
20ee54d0
MW		 416 return NULL;
417 }
418
4f0932ec
MW		 419 try = 1;
420 while (try <= DHCP_TRIES && request(this, transaction))
20ee54d0 421 {
4f0932ec
MW		 422 if (!this->condvar->timed_wait(this->condvar, this->mutex, 1000 * try) &&
423 this->completed->remove(this->completed, transaction, NULL))
20ee54d0
MW		 424 {
425 break;
426 }
4f0932ec 427 try++;
20ee54d0
MW		 428 }
429 if (this->request->remove(this->request, transaction, NULL))
430 { /* no ACK received */
431 this->mutex->unlock(this->mutex);
432 transaction->destroy(transaction);
19d49af5 433 DBG1(DBG_CFG, "DHCP REQUEST timed out");
20ee54d0
MW		 434 return NULL;
435 }
436 this->mutex->unlock(this->mutex);
437
4f0932ec 438 return transaction;
ddc93db6
MW		 439}
440
913eb696
MW		 441METHOD(dhcp_socket_t, release, void,
442 private_dhcp_socket_t *this, dhcp_transaction_t *transaction)
443{
444 dhcp_option_t *option;
445 dhcp_t dhcp;
446 host_t *release, *server;
447 chunk_t chunk;
448 int optlen;
449
450 optlen = prepare_dhcp(this, transaction, DHCP_RELEASE, &dhcp);
451
452 release = transaction->get_address(transaction);
453 server = transaction->get_server(transaction);
454 if (!release || !server)
455 {
456 return;
457 }
458 DBG1(DBG_CFG, "sending DHCP RELEASE for %H to %H", release, server);
459
460 chunk = release->get_address(release);
e433d512 461 memcpy((char*)&dhcp.client_address, chunk.ptr,
913eb696
MW		 462 min(chunk.len, sizeof(dhcp.client_address)));
463
464 option = (dhcp_option_t*)&dhcp.options[optlen];
465 option->type = DHCP_SERVER_ID;
466 option->len = 4;
467 chunk = server->get_address(server);
468 memcpy(option->data, chunk.ptr, min(chunk.len, option->len));
469 optlen += sizeof(dhcp_option_t) + option->len;
470
471 dhcp.options[optlen++] = DHCP_OPTEND;
472
473 if (!send_dhcp(this, transaction, &dhcp, optlen))
474 {
475 DBG1(DBG_CFG, "sending DHCP RELEASE failed: %s", strerror(errno));
476 }
477}
478
20ee54d0 479/**
4f0932ec 480 * Handle a DHCP OFFER
20ee54d0
MW		 481 */
482static void handle_offer(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen)
483{
b262429e 484 dhcp_transaction_t *transaction = NULL;
20ee54d0 485 enumerator_t *enumerator;
9bac426b 486 host_t *offer, *server = NULL;
20ee54d0
MW		 487
488 offer = host_create_from_chunk(AF_INET,
4f0932ec 489 chunk_from_thing(dhcp->your_address), 0);
20ee54d0
MW		 490
491 this->mutex->lock(this->mutex);
492 enumerator = this->discover->create_enumerator(this->discover);
493 while (enumerator->enumerate(enumerator, &transaction))
494 {
495 if (transaction->get_id(transaction) == dhcp->transaction_id)
496 {
497 this->discover->remove_at(this->discover, enumerator);
498 this->request->insert_last(this->request, transaction);
4f0932ec
MW		 499 break;
500 }
501 }
502 enumerator->destroy(enumerator);
b262429e
MW		 503
504 if (transaction)
505 {
506 int optsize, optpos = 0, pos;
507 dhcp_option_t *option;
508
509 while (optlen > sizeof(dhcp_option_t))
510 {
511 option = (dhcp_option_t*)&dhcp->options[optpos];
512 optsize = sizeof(dhcp_option_t) + option->len;
513 if (option->type == DHCP_OPTEND || optlen < optsize)
514 {
515 break;
516 }
517 if (option->type == DHCP_DNS_SERVER ||
518 option->type == DHCP_NBNS_SERVER)
519 {
520 for (pos = 0; pos + 4 <= option->len; pos += 4)
521 {
522 transaction->add_attribute(transaction, option->type ==
523 DHCP_DNS_SERVER ? INTERNAL_IP4_DNS : INTERNAL_IP4_NBNS,
524 chunk_create((char*)&option->data[pos], 4));
525 }
526 }
9bac426b 527 if (!server && option->type == DHCP_SERVER_ID && option->len == 4)
e3bde0ef
MW		 528 {
529 server = host_create_from_chunk(AF_INET,
530 chunk_create(option->data, 4), DHCP_SERVER_PORT);
531 }
b262429e
MW		 532 optlen -= optsize;
533 optpos += optsize;
534 }
e3bde0ef
MW		 535 if (!server)
536 {
537 server = host_create_from_chunk(AF_INET,
538 chunk_from_thing(dhcp->server_address), DHCP_SERVER_PORT);
539 }
540 DBG1(DBG_CFG, "received DHCP OFFER %H from %H", offer, server);
541 transaction->set_address(transaction, offer->clone(offer));
9bac426b 542 transaction->set_server(transaction, server);
b262429e 543 }
4f0932ec
MW		 544 this->mutex->unlock(this->mutex);
545 this->condvar->broadcast(this->condvar);
546 offer->destroy(offer);
4f0932ec
MW		 547}
548
549/**
550 * Handle a DHCP ACK
551 */
552static void handle_ack(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen)
553{
554 dhcp_transaction_t *transaction;
555 enumerator_t *enumerator;
556 host_t *offer;
557
558 offer = host_create_from_chunk(AF_INET,
559 chunk_from_thing(dhcp->your_address), 0);
4f0932ec
MW		 560
561 this->mutex->lock(this->mutex);
562 enumerator = this->request->create_enumerator(this->request);
563 while (enumerator->enumerate(enumerator, &transaction))
564 {
565 if (transaction->get_id(transaction) == dhcp->transaction_id)
566 {
f0212e88 567 DBG1(DBG_CFG, "received DHCP ACK for %H", offer);
4f0932ec
MW		 568 this->request->remove_at(this->request, enumerator);
569 this->completed->insert_last(this->completed, transaction);
20ee54d0
MW		 570 break;
571 }
572 }
573 enumerator->destroy(enumerator);
574 this->mutex->unlock(this->mutex);
575 this->condvar->broadcast(this->condvar);
576 offer->destroy(offer);
577}
578
579/**
580 * Receive DHCP responses
581 */
c0db5d38
MW		 582static bool receive_dhcp(private_dhcp_socket_t *this, int fd,
583 watcher_event_t event)
20ee54d0
MW		 584{
585 struct sockaddr_ll addr;
586 socklen_t addr_len = sizeof(addr);
587 struct __attribute__((packed)) {
588 struct iphdr ip;
589 struct udphdr udp;
590 dhcp_t dhcp;
591 } packet;
c0db5d38 592 int optlen, origoptlen, optsize, optpos = 0;
20ee54d0
MW		 593 ssize_t len;
594 dhcp_option_t *option;
595
c0db5d38 596 len = recvfrom(fd, &packet, sizeof(packet), MSG_DONTWAIT,
20ee54d0 597 (struct sockaddr*)&addr, &addr_len);
20ee54d0
MW		 598
599 if (len >= sizeof(struct iphdr) + sizeof(struct udphdr) +
600 offsetof(dhcp_t, options))
601 {
602 origoptlen = optlen = len - sizeof(struct iphdr) +
603 sizeof(struct udphdr) + offsetof(dhcp_t, options);
604 while (optlen > sizeof(dhcp_option_t))
605 {
606 option = (dhcp_option_t*)&packet.dhcp.options[optpos];
607 optsize = sizeof(dhcp_option_t) + option->len;
608 if (option->type == DHCP_OPTEND || optlen < optsize)
609 {
610 break;
611 }
612 if (option->type == DHCP_MESSAGE_TYPE && option->len == 1)
613 {
614 switch (option->data[0])
615 {
616 case DHCP_OFFER:
617 handle_offer(this, &packet.dhcp, origoptlen);
618 break;
4f0932ec
MW		 619 case DHCP_ACK:
620 handle_ack(this, &packet.dhcp, origoptlen);
20ee54d0
MW		 621 default:
622 break;
623 }
624 break;
625 }
626 optlen -= optsize;
627 optpos += optsize;
628 }
629 }
c0db5d38 630 return TRUE;
20ee54d0
MW		 631}
632
ddc93db6
MW		 633METHOD(dhcp_socket_t, destroy, void,
634 private_dhcp_socket_t *this)
635{
ddc93db6
MW		 636 while (this->waiting)
637 {
638 this->condvar->signal(this->condvar);
639 }
20ee54d0
MW		 640 if (this->send > 0)
641 {
642 close(this->send);
643 }
644 if (this->receive > 0)
ddc93db6 645 {
c0db5d38 646 lib->watcher->remove(lib->watcher, this->receive);
20ee54d0 647 close(this->receive);
ddc93db6
MW		 648 }
649 this->mutex->destroy(this->mutex);
650 this->condvar->destroy(this->condvar);
20ee54d0
MW		 651 this->discover->destroy_offset(this->discover,
652 offsetof(dhcp_transaction_t, destroy));
653 this->request->destroy_offset(this->request,
654 offsetof(dhcp_transaction_t, destroy));
655 this->completed->destroy_offset(this->completed,
656 offsetof(dhcp_transaction_t, destroy));
ddc93db6
MW		 657 DESTROY_IF(this->rng);
658 DESTROY_IF(this->dst);
659 free(this);
660}
661
3711f66e
TE		 662/**
663 * Bind a socket to a particular interface name
664 */
665static bool bind_to_device(int fd, char *iface)
666{
667 struct ifreq ifreq;
668
669 if (strlen(iface) > sizeof(ifreq.ifr_name))
670 {
671 DBG1(DBG_CFG, "name for DHCP interface too long: '%s'", iface);
672 return FALSE;
673 }
674 memcpy(ifreq.ifr_name, iface, sizeof(ifreq.ifr_name));
675 if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, &ifreq, sizeof(ifreq)))
676 {
677 DBG1(DBG_CFG, "binding DHCP socket to '%s' failed: %s",
678 iface, strerror(errno));
679 return FALSE;
680 }
681 return TRUE;
682}
683
ddc93db6
MW		 684/**
685 * See header
686 */
687dhcp_socket_t *dhcp_socket_create()
688{
689 private_dhcp_socket_t *this;
9d5b688a
TB		 690 struct sockaddr_in src = {
691 .sin_family = AF_INET,
692 .sin_port = htons(DHCP_CLIENT_PORT),
693 .sin_addr = {
694 .s_addr = INADDR_ANY,
695 },
696 };
3711f66e 697 char *iface;
13edecdc 698 int on = 1, rcvbuf = 0;
20ee54d0
MW		 699 struct sock_filter dhcp_filter_code[] = {
700 BPF_STMT(BPF_LD+BPF_B+BPF_ABS,
701 offsetof(struct iphdr, protocol)),
f0212e88 702 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, IPPROTO_UDP, 0, 16),
20ee54d0
MW		 703 BPF_STMT(BPF_LD+BPF_H+BPF_ABS, sizeof(struct iphdr) +
704 offsetof(struct udphdr, source)),
f0212e88 705 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_SERVER_PORT, 0, 14),
20ee54d0
MW		 706 BPF_STMT(BPF_LD+BPF_H+BPF_ABS, sizeof(struct iphdr) +
707 offsetof(struct udphdr, dest)),
e8b5c7b9
TB		 708 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_CLIENT_PORT, 2, 0),
709 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_SERVER_PORT, 1, 0),
710 BPF_JUMP(BPF_JMP+BPF_JA, 10, 0, 0),
20ee54d0
MW		 711 BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) +
712 sizeof(struct udphdr) + offsetof(dhcp_t, opcode)),
713 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, BOOTREPLY, 0, 8),
714 BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) +
715 sizeof(struct udphdr) + offsetof(dhcp_t, hw_type)),
716 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARPHRD_ETHER, 0, 6),
717 BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) +
718 sizeof(struct udphdr) + offsetof(dhcp_t, hw_addr_len)),
719 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 6, 0, 4),
720 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, sizeof(struct iphdr) +
721 sizeof(struct udphdr) + offsetof(dhcp_t, magic_cookie)),
722 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0x63825363, 0, 2),
723 BPF_STMT(BPF_LD+BPF_W+BPF_LEN, 0),
724 BPF_STMT(BPF_RET+BPF_A, 0),
725 BPF_STMT(BPF_RET+BPF_K, 0),
726 };
727 struct sock_fprog dhcp_filter = {
728 sizeof(dhcp_filter_code) / sizeof(struct sock_filter),
729 dhcp_filter_code,
730 };
ddc93db6
MW		 731
732 INIT(this,
733 .public = {
734 .enroll = _enroll,
913eb696 735 .release = _release,
ddc93db6
MW		 736 .destroy = _destroy,
737 },
738 .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
739 .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
740 .condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
20ee54d0
MW		 741 .discover = linked_list_create(),
742 .request = linked_list_create(),
ddc93db6
MW		 743 .completed = linked_list_create(),
744 );
745
746 if (!this->rng)
747 {
748 DBG1(DBG_CFG, "unable to create RNG");
749 destroy(this);
750 return NULL;
751 }
e06a6154 752 this->identity_lease = lib->settings->get_bool(lib->settings,
42500c27 753 "%s.plugins.dhcp.identity_lease", FALSE,
d223fe80 754 lib->ns);
bc6ec4de
TB		 755 this->force_dst = lib->settings->get_str(lib->settings,
756 "%s.plugins.dhcp.force_server_address", FALSE,
d223fe80 757 lib->ns);
ddc93db6 758 this->dst = host_create_from_string(lib->settings->get_str(lib->settings,
42500c27 759 "%s.plugins.dhcp.server", "255.255.255.255",
d223fe80 760 lib->ns), DHCP_SERVER_PORT);
3711f66e 761 iface = lib->settings->get_str(lib->settings, "%s.plugins.dhcp.interface",
d223fe80 762 NULL, lib->ns);
ddc93db6
MW		 763 if (!this->dst)
764 {
765 DBG1(DBG_CFG, "configured DHCP server address invalid");
766 destroy(this);
767 return NULL;
768 }
769
20ee54d0
MW		 770 this->send = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
771 if (this->send == -1)
ddc93db6
MW		 772 {
773 DBG1(DBG_CFG, "unable to create DHCP send socket: %s", strerror(errno));
774 destroy(this);
775 return NULL;
776 }
20ee54d0 777 if (setsockopt(this->send, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1)
ddc93db6
MW		 778 {
779 DBG1(DBG_CFG, "unable to reuse DHCP socket address: %s", strerror(errno));
780 destroy(this);
781 return NULL;
782 }
20ee54d0 783 if (setsockopt(this->send, SOL_SOCKET, SO_BROADCAST, &on, sizeof(on)) == -1)
ddc93db6
MW		 784 {
785 DBG1(DBG_CFG, "unable to broadcast on DHCP socket: %s", strerror(errno));
786 destroy(this);
787 return NULL;
788 }
13edecdc
TB		 789 /* we won't read any data from this socket, so reduce the buffer to save
790 * some memory (there is some minimum, still try 0, though).
791 * note that we might steal some packets from other processes if e.g. a DHCP
792 * client (or server) is running on the same host, but by reducing the
793 * buffer size the impact should be minimized */
794 if (setsockopt(this->send, SOL_SOCKET, SO_RCVBUF, &rcvbuf,
795 sizeof(rcvbuf)) == -1)
796 {
797 DBG1(DBG_CFG, "unable to reduce receive buffer on DHCP send socket: %s",
798 strerror(errno));
799 destroy(this);
800 return NULL;
801 }
becf027c
TB		 802 if (!is_broadcast(this->dst))
803 {
804 /* when setting giaddr (which we do when we don't broadcast), the server
805 * should respond to the server port on that IP, according to RFC 2131,
806 * section 4.1. while we do receive such messages via raw socket, the
807 * kernel will respond with an ICMP port unreachable if there is no
808 * socket bound to that port, which might be problematic with certain
809 * DHCP servers. instead of opening an additional socket, that we don't
810 * actually use, we can also just send our requests from port 67 */
811 src.sin_port = htons(DHCP_SERVER_PORT);
812 }
20ee54d0 813 if (bind(this->send, (struct sockaddr*)&src, sizeof(src)) == -1)
ddc93db6
MW		 814 {
815 DBG1(DBG_CFG, "unable to bind DHCP send socket: %s", strerror(errno));
816 destroy(this);
817 return NULL;
818 }
819
20ee54d0
MW		 820 this->receive = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_IP));
821 if (this->receive == -1)
822 {
823 DBG1(DBG_NET, "opening DHCP receive socket failed: %s", strerror(errno));
824 destroy(this);
825 return NULL;
826 }
827 if (setsockopt(this->receive, SOL_SOCKET, SO_ATTACH_FILTER,
828 &dhcp_filter, sizeof(dhcp_filter)) < 0)
829 {
830 DBG1(DBG_CFG, "installing DHCP socket filter failed: %s",
831 strerror(errno));
832 destroy(this);
833 return NULL;
834 }
3711f66e
TE		 835 if (iface)
836 {
837 if (!bind_to_device(this->send, iface) ||
838 !bind_to_device(this->receive, iface))
839 {
840 destroy(this);
841 return NULL;
842 }
843 }
20ee54d0 844
c0db5d38
MW		 845 lib->watcher->add(lib->watcher, this->receive, WATCHER_READ,
846 (watcher_cb_t)receive_dhcp, this);
20ee54d0 847
ddc93db6
MW		 848 return &this->public;
849}
Unnamed repository; edit this file 'description' to name the repository.