]>
Commit | Line | Data |
---|---|---|
ddc93db6 | 1 | /* |
becf027c TB |
2 | * Copyright (C) 2012-2018 Tobias Brunner |
3 | * HSR Hochschule fuer Technik Rapperswil | |
4 | * | |
ddc93db6 MW |
5 | * Copyright (C) 2010 Martin Willi |
6 | * Copyright (C) 2010 revosec AG | |
7 | * | |
8 | * This program is free software; you can redistribute it and/or modify it | |
9 | * under the terms of the GNU General Public License as published by the | |
10 | * Free Software Foundation; either version 2 of the License, or (at your | |
11 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
12 | * | |
13 | * This program is distributed in the hope that it will be useful, but | |
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
15 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
16 | * for more details. | |
17 | */ | |
18 | ||
19 | #include "dhcp_socket.h" | |
20 | ||
21 | #include <unistd.h> | |
22 | #include <errno.h> | |
23 | #include <string.h> | |
24 | #include <netinet/in.h> | |
25 | #include <netinet/ip.h> | |
26 | #include <netinet/udp.h> | |
27 | #include <linux/if_arp.h> | |
20ee54d0 MW |
28 | #include <linux/if_ether.h> |
29 | #include <linux/filter.h> | |
ddc93db6 | 30 | |
12642a68 | 31 | #include <collections/linked_list.h> |
ddc93db6 MW |
32 | #include <utils/identification.h> |
33 | #include <threading/mutex.h> | |
34 | #include <threading/condvar.h> | |
35 | #include <threading/thread.h> | |
36 | ||
37 | #include <daemon.h> | |
38 | #include <processing/jobs/callback_job.h> | |
39 | ||
40 | #define DHCP_SERVER_PORT 67 | |
41 | #define DHCP_CLIENT_PORT 68 | |
4f0932ec | 42 | #define DHCP_TRIES 5 |
ddc93db6 MW |
43 | |
44 | typedef struct private_dhcp_socket_t private_dhcp_socket_t; | |
45 | ||
46 | /** | |
47 | * Private data of an dhcp_socket_t object. | |
48 | */ | |
49 | struct private_dhcp_socket_t { | |
50 | ||
51 | /** | |
52 | * Public dhcp_socket_t interface. | |
53 | */ | |
54 | dhcp_socket_t public; | |
55 | ||
56 | /** | |
57 | * Random number generator | |
58 | */ | |
59 | rng_t *rng; | |
60 | ||
61 | /** | |
20ee54d0 | 62 | * List of transactions in DISCOVER |
ddc93db6 | 63 | */ |
20ee54d0 MW |
64 | linked_list_t *discover; |
65 | ||
66 | /** | |
67 | * List of transactions in REQUEST | |
68 | */ | |
69 | linked_list_t *request; | |
ddc93db6 MW |
70 | |
71 | /** | |
72 | * List of successfully completed transactions | |
73 | */ | |
74 | linked_list_t *completed; | |
75 | ||
76 | /** | |
77 | * Lock for transactions | |
78 | */ | |
79 | mutex_t *mutex; | |
80 | ||
81 | /** | |
82 | * Condvar to wait for transaction completion | |
83 | */ | |
84 | condvar_t *condvar; | |
85 | ||
86 | /** | |
87 | * Threads waiting in condvar | |
88 | */ | |
89 | int waiting; | |
90 | ||
91 | /** | |
20ee54d0 MW |
92 | * DHCP send socket |
93 | */ | |
94 | int send; | |
95 | ||
96 | /** | |
97 | * DHCP receive socket | |
ddc93db6 | 98 | */ |
20ee54d0 | 99 | int receive; |
ddc93db6 | 100 | |
e06a6154 MW |
101 | /** |
102 | * Do we use per-identity or random leases (and MAC addresses) | |
103 | */ | |
104 | bool identity_lease; | |
105 | ||
ddc93db6 MW |
106 | /** |
107 | * DHCP server address, or broadcast | |
108 | */ | |
109 | host_t *dst; | |
bc6ec4de TB |
110 | |
111 | /** | |
112 | * Force configured destination address | |
113 | */ | |
114 | bool force_dst; | |
ddc93db6 MW |
115 | }; |
116 | ||
4f0932ec MW |
117 | /** |
118 | * DHCP opcode (or BOOTP actually) | |
119 | */ | |
ddc93db6 MW |
120 | typedef enum { |
121 | BOOTREQUEST = 1, | |
122 | BOOTREPLY = 2, | |
123 | } dhcp_opcode_t; | |
124 | ||
4f0932ec MW |
125 | /** |
126 | * Some DHCP options used | |
127 | */ | |
ddc93db6 | 128 | typedef enum { |
913eb696 | 129 | DHCP_DNS_SERVER = 6, |
ddc93db6 | 130 | DHCP_HOST_NAME = 12, |
913eb696 | 131 | DHCP_NBNS_SERVER = 44, |
4f0932ec | 132 | DHCP_REQUESTED_IP = 50, |
ddc93db6 | 133 | DHCP_MESSAGE_TYPE = 53, |
4f0932ec | 134 | DHCP_SERVER_ID = 54, |
ddc93db6 | 135 | DHCP_PARAM_REQ_LIST = 55, |
12821bd6 | 136 | DHCP_CLIENT_ID = 61, |
20ee54d0 | 137 | DHCP_OPTEND = 255, |
ddc93db6 MW |
138 | } dhcp_option_type_t; |
139 | ||
4f0932ec MW |
140 | /** |
141 | * DHCP messages types in the DHCP_MESSAGE_TYPE option | |
142 | */ | |
ddc93db6 MW |
143 | typedef enum { |
144 | DHCP_DISCOVER = 1, | |
20ee54d0 MW |
145 | DHCP_OFFER = 2, |
146 | DHCP_REQUEST = 3, | |
147 | DHCP_DECLINE = 4, | |
148 | DHCP_ACK = 5, | |
149 | DHCP_NAK = 6, | |
150 | DHCP_RELEASE = 7, | |
151 | DHCP_INFORM = 8, | |
ddc93db6 | 152 | } dhcp_message_type_t; |
4f0932ec MW |
153 | /** |
154 | * DHCP option encoding, a TLV | |
155 | */ | |
ddc93db6 | 156 | typedef struct __attribute__((packed)) { |
b12c53ce AS |
157 | uint8_t type; |
158 | uint8_t len; | |
ddc93db6 MW |
159 | char data[]; |
160 | } dhcp_option_t; | |
161 | ||
4f0932ec MW |
162 | /** |
163 | * DHCP message format, with a maximum size options buffer | |
164 | */ | |
ddc93db6 | 165 | typedef struct __attribute__((packed)) { |
b12c53ce AS |
166 | uint8_t opcode; |
167 | uint8_t hw_type; | |
168 | uint8_t hw_addr_len; | |
169 | uint8_t hop_count; | |
170 | uint32_t transaction_id; | |
171 | uint16_t number_of_seconds; | |
172 | uint16_t flags; | |
173 | uint32_t client_address; | |
174 | uint32_t your_address; | |
175 | uint32_t server_address; | |
176 | uint32_t gateway_address; | |
ddc93db6 MW |
177 | char client_hw_addr[6]; |
178 | char client_hw_padding[10]; | |
179 | char server_hostname[64]; | |
180 | char boot_filename[128]; | |
b12c53ce | 181 | uint32_t magic_cookie; |
787cc3a4 | 182 | u_char options[252]; |
ddc93db6 MW |
183 | } dhcp_t; |
184 | ||
becf027c TB |
185 | /** |
186 | * Check if the given address equals the broadcast address | |
187 | */ | |
188 | static inline bool is_broadcast(host_t *host) | |
189 | { | |
190 | chunk_t broadcast = chunk_from_chars(0xFF,0xFF,0xFF,0xFF); | |
191 | ||
192 | return chunk_equals(broadcast, host->get_address(host)); | |
193 | } | |
194 | ||
ddc93db6 | 195 | /** |
20ee54d0 | 196 | * Prepare a DHCP message for a given transaction |
ddc93db6 | 197 | */ |
20ee54d0 | 198 | static int prepare_dhcp(private_dhcp_socket_t *this, |
4f0932ec MW |
199 | dhcp_transaction_t *transaction, |
200 | dhcp_message_type_t type, dhcp_t *dhcp) | |
ddc93db6 | 201 | { |
becf027c | 202 | chunk_t chunk; |
ddc93db6 MW |
203 | identification_t *identity; |
204 | dhcp_option_t *option; | |
ddc93db6 | 205 | int optlen = 0; |
ddc93db6 | 206 | host_t *src; |
b12c53ce | 207 | uint32_t id; |
ddc93db6 | 208 | |
20ee54d0 MW |
209 | memset(dhcp, 0, sizeof(*dhcp)); |
210 | dhcp->opcode = BOOTREQUEST; | |
211 | dhcp->hw_type = ARPHRD_ETHER; | |
212 | dhcp->hw_addr_len = 6; | |
213 | dhcp->transaction_id = transaction->get_id(transaction); | |
becf027c | 214 | if (is_broadcast(this->dst)) |
ddc93db6 | 215 | { |
2b3c87b4 MW |
216 | /* Set broadcast flag to get broadcasted replies, as we actually |
217 | * do not own the MAC we request an address for. */ | |
218 | dhcp->flags = htons(0x8000); | |
ddc93db6 MW |
219 | /* TODO: send with 0.0.0.0 source address */ |
220 | } | |
221 | else | |
222 | { | |
223 | /* act as relay agent */ | |
8394ea2a | 224 | src = charon->kernel->get_source_addr(charon->kernel, this->dst, NULL); |
ddc93db6 MW |
225 | if (src) |
226 | { | |
20ee54d0 MW |
227 | memcpy(&dhcp->gateway_address, src->get_address(src).ptr, |
228 | sizeof(dhcp->gateway_address)); | |
ddc93db6 MW |
229 | src->destroy(src); |
230 | } | |
231 | } | |
232 | ||
233 | identity = transaction->get_identity(transaction); | |
20ee54d0 | 234 | chunk = identity->get_encoding(identity); |
ddc93db6 | 235 | /* magic bytes, a locally administered unicast MAC */ |
20ee54d0 MW |
236 | dhcp->client_hw_addr[0] = 0x7A; |
237 | dhcp->client_hw_addr[1] = 0xA7; | |
ddc93db6 | 238 | /* with ID specific postfix */ |
e06a6154 MW |
239 | if (this->identity_lease) |
240 | { | |
50daffb7 | 241 | id = htonl(chunk_hash_static(chunk)); |
e06a6154 MW |
242 | } |
243 | else | |
244 | { | |
245 | id = transaction->get_id(transaction); | |
246 | } | |
247 | memcpy(&dhcp->client_hw_addr[2], &id, sizeof(id)); | |
ddc93db6 | 248 | |
20ee54d0 | 249 | dhcp->magic_cookie = htonl(0x63825363); |
ddc93db6 | 250 | |
20ee54d0 | 251 | option = (dhcp_option_t*)&dhcp->options[optlen]; |
ddc93db6 MW |
252 | option->type = DHCP_MESSAGE_TYPE; |
253 | option->len = 1; | |
4f0932ec | 254 | option->data[0] = type; |
ddc93db6 MW |
255 | optlen += sizeof(dhcp_option_t) + option->len; |
256 | ||
12821bd6 AS |
257 | if (identity->get_type(identity) == ID_FQDN) |
258 | { | |
259 | option = (dhcp_option_t*)&dhcp->options[optlen]; | |
260 | option->type = DHCP_HOST_NAME; | |
261 | option->len = min(chunk.len, 64); | |
262 | memcpy(option->data, chunk.ptr, option->len); | |
263 | optlen += sizeof(dhcp_option_t) + option->len; | |
264 | } | |
265 | ||
20ee54d0 | 266 | option = (dhcp_option_t*)&dhcp->options[optlen]; |
12821bd6 | 267 | option->type = DHCP_CLIENT_ID; |
20ee54d0 MW |
268 | option->len = min(chunk.len, 64); |
269 | memcpy(option->data, chunk.ptr, option->len); | |
ddc93db6 MW |
270 | optlen += sizeof(dhcp_option_t) + option->len; |
271 | ||
20ee54d0 MW |
272 | return optlen; |
273 | } | |
274 | ||
4f0932ec MW |
275 | /** |
276 | * Send a DHCP message with given options length | |
277 | */ | |
278 | static bool send_dhcp(private_dhcp_socket_t *this, | |
279 | dhcp_transaction_t *transaction, dhcp_t *dhcp, int optlen) | |
280 | { | |
281 | host_t *dst; | |
282 | ssize_t len; | |
283 | ||
284 | dst = transaction->get_server(transaction); | |
bc6ec4de | 285 | if (!dst || this->force_dst) |
4f0932ec MW |
286 | { |
287 | dst = this->dst; | |
288 | } | |
289 | len = offsetof(dhcp_t, magic_cookie) + ((optlen + 4) / 64 * 64 + 64); | |
290 | return sendto(this->send, dhcp, len, 0, dst->get_sockaddr(dst), | |
291 | *dst->get_sockaddr_len(dst)) == len; | |
292 | } | |
293 | ||
20ee54d0 MW |
294 | /** |
295 | * Send DHCP discover using a given transaction | |
296 | */ | |
297 | static bool discover(private_dhcp_socket_t *this, | |
298 | dhcp_transaction_t *transaction) | |
299 | { | |
913eb696 | 300 | dhcp_option_t *option; |
20ee54d0 | 301 | dhcp_t dhcp; |
20ee54d0 MW |
302 | int optlen; |
303 | ||
4f0932ec | 304 | optlen = prepare_dhcp(this, transaction, DHCP_DISCOVER, &dhcp); |
20ee54d0 MW |
305 | |
306 | DBG1(DBG_CFG, "sending DHCP DISCOVER to %H", this->dst); | |
307 | ||
913eb696 MW |
308 | option = (dhcp_option_t*)&dhcp.options[optlen]; |
309 | option->type = DHCP_PARAM_REQ_LIST; | |
310 | option->len = 2; | |
311 | option->data[0] = DHCP_DNS_SERVER; | |
312 | option->data[1] = DHCP_NBNS_SERVER; | |
313 | optlen += sizeof(dhcp_option_t) + option->len; | |
314 | ||
20ee54d0 | 315 | dhcp.options[optlen++] = DHCP_OPTEND; |
ddc93db6 | 316 | |
4f0932ec | 317 | if (!send_dhcp(this, transaction, &dhcp, optlen)) |
ddc93db6 MW |
318 | { |
319 | DBG1(DBG_CFG, "sending DHCP DISCOVER failed: %s", strerror(errno)); | |
20ee54d0 | 320 | return FALSE; |
ddc93db6 | 321 | } |
20ee54d0 MW |
322 | return TRUE; |
323 | } | |
324 | ||
325 | /** | |
326 | * Send DHCP request using a given transaction | |
327 | */ | |
328 | static bool request(private_dhcp_socket_t *this, | |
4f0932ec | 329 | dhcp_transaction_t *transaction) |
20ee54d0 | 330 | { |
4f0932ec MW |
331 | dhcp_option_t *option; |
332 | dhcp_t dhcp; | |
333 | host_t *offer, *server; | |
334 | chunk_t chunk; | |
335 | int optlen; | |
336 | ||
337 | optlen = prepare_dhcp(this, transaction, DHCP_REQUEST, &dhcp); | |
338 | ||
339 | offer = transaction->get_address(transaction); | |
340 | server = transaction->get_server(transaction); | |
341 | if (!offer || !server) | |
342 | { | |
343 | return FALSE; | |
344 | } | |
345 | DBG1(DBG_CFG, "sending DHCP REQUEST for %H to %H", offer, server); | |
346 | ||
347 | option = (dhcp_option_t*)&dhcp.options[optlen]; | |
348 | option->type = DHCP_REQUESTED_IP; | |
349 | option->len = 4; | |
350 | chunk = offer->get_address(offer); | |
351 | memcpy(option->data, chunk.ptr, min(chunk.len, option->len)); | |
352 | optlen += sizeof(dhcp_option_t) + option->len; | |
353 | ||
354 | option = (dhcp_option_t*)&dhcp.options[optlen]; | |
355 | option->type = DHCP_SERVER_ID; | |
356 | option->len = 4; | |
357 | chunk = server->get_address(server); | |
358 | memcpy(option->data, chunk.ptr, min(chunk.len, option->len)); | |
359 | optlen += sizeof(dhcp_option_t) + option->len; | |
360 | ||
913eb696 MW |
361 | option = (dhcp_option_t*)&dhcp.options[optlen]; |
362 | option->type = DHCP_PARAM_REQ_LIST; | |
363 | option->len = 2; | |
364 | option->data[0] = DHCP_DNS_SERVER; | |
365 | option->data[1] = DHCP_NBNS_SERVER; | |
366 | optlen += sizeof(dhcp_option_t) + option->len; | |
367 | ||
4f0932ec MW |
368 | dhcp.options[optlen++] = DHCP_OPTEND; |
369 | ||
370 | if (!send_dhcp(this, transaction, &dhcp, optlen)) | |
371 | { | |
372 | DBG1(DBG_CFG, "sending DHCP REQUEST failed: %s", strerror(errno)); | |
373 | return FALSE; | |
374 | } | |
375 | return TRUE; | |
ddc93db6 MW |
376 | } |
377 | ||
378 | METHOD(dhcp_socket_t, enroll, dhcp_transaction_t*, | |
379 | private_dhcp_socket_t *this, identification_t *identity) | |
380 | { | |
381 | dhcp_transaction_t *transaction; | |
b12c53ce | 382 | uint32_t id; |
4f0932ec | 383 | int try; |
ddc93db6 | 384 | |
b12c53ce | 385 | if (!this->rng->get_bytes(this->rng, sizeof(id), (uint8_t*)&id)) |
7ae26710 TB |
386 | { |
387 | DBG1(DBG_CFG, "DHCP DISCOVER failed, no transaction ID"); | |
388 | return NULL; | |
389 | } | |
ddc93db6 | 390 | transaction = dhcp_transaction_create(id, identity); |
ddc93db6 | 391 | |
20ee54d0 MW |
392 | this->mutex->lock(this->mutex); |
393 | this->discover->insert_last(this->discover, transaction); | |
4f0932ec MW |
394 | try = 1; |
395 | while (try <= DHCP_TRIES && discover(this, transaction)) | |
20ee54d0 | 396 | { |
4f0932ec | 397 | if (!this->condvar->timed_wait(this->condvar, this->mutex, 1000 * try) && |
2e4d110d | 398 | this->request->find_first(this->request, NULL, (void**)&transaction)) |
20ee54d0 MW |
399 | { |
400 | break; | |
401 | } | |
4f0932ec | 402 | try++; |
20ee54d0 MW |
403 | } |
404 | if (this->discover->remove(this->discover, transaction, NULL)) | |
405 | { /* no OFFER received */ | |
406 | this->mutex->unlock(this->mutex); | |
407 | transaction->destroy(transaction); | |
500a6d38 | 408 | DBG1(DBG_CFG, "DHCP DISCOVER timed out"); |
20ee54d0 MW |
409 | return NULL; |
410 | } | |
411 | ||
4f0932ec MW |
412 | try = 1; |
413 | while (try <= DHCP_TRIES && request(this, transaction)) | |
20ee54d0 | 414 | { |
4f0932ec MW |
415 | if (!this->condvar->timed_wait(this->condvar, this->mutex, 1000 * try) && |
416 | this->completed->remove(this->completed, transaction, NULL)) | |
20ee54d0 MW |
417 | { |
418 | break; | |
419 | } | |
4f0932ec | 420 | try++; |
20ee54d0 MW |
421 | } |
422 | if (this->request->remove(this->request, transaction, NULL)) | |
423 | { /* no ACK received */ | |
424 | this->mutex->unlock(this->mutex); | |
425 | transaction->destroy(transaction); | |
19d49af5 | 426 | DBG1(DBG_CFG, "DHCP REQUEST timed out"); |
20ee54d0 MW |
427 | return NULL; |
428 | } | |
429 | this->mutex->unlock(this->mutex); | |
430 | ||
4f0932ec | 431 | return transaction; |
ddc93db6 MW |
432 | } |
433 | ||
913eb696 MW |
434 | METHOD(dhcp_socket_t, release, void, |
435 | private_dhcp_socket_t *this, dhcp_transaction_t *transaction) | |
436 | { | |
437 | dhcp_option_t *option; | |
438 | dhcp_t dhcp; | |
439 | host_t *release, *server; | |
440 | chunk_t chunk; | |
441 | int optlen; | |
442 | ||
443 | optlen = prepare_dhcp(this, transaction, DHCP_RELEASE, &dhcp); | |
444 | ||
445 | release = transaction->get_address(transaction); | |
446 | server = transaction->get_server(transaction); | |
447 | if (!release || !server) | |
448 | { | |
449 | return; | |
450 | } | |
451 | DBG1(DBG_CFG, "sending DHCP RELEASE for %H to %H", release, server); | |
452 | ||
453 | chunk = release->get_address(release); | |
e433d512 | 454 | memcpy((char*)&dhcp.client_address, chunk.ptr, |
913eb696 MW |
455 | min(chunk.len, sizeof(dhcp.client_address))); |
456 | ||
457 | option = (dhcp_option_t*)&dhcp.options[optlen]; | |
458 | option->type = DHCP_SERVER_ID; | |
459 | option->len = 4; | |
460 | chunk = server->get_address(server); | |
461 | memcpy(option->data, chunk.ptr, min(chunk.len, option->len)); | |
462 | optlen += sizeof(dhcp_option_t) + option->len; | |
463 | ||
464 | dhcp.options[optlen++] = DHCP_OPTEND; | |
465 | ||
466 | if (!send_dhcp(this, transaction, &dhcp, optlen)) | |
467 | { | |
468 | DBG1(DBG_CFG, "sending DHCP RELEASE failed: %s", strerror(errno)); | |
469 | } | |
470 | } | |
471 | ||
20ee54d0 | 472 | /** |
4f0932ec | 473 | * Handle a DHCP OFFER |
20ee54d0 MW |
474 | */ |
475 | static void handle_offer(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen) | |
476 | { | |
b262429e | 477 | dhcp_transaction_t *transaction = NULL; |
20ee54d0 | 478 | enumerator_t *enumerator; |
9bac426b | 479 | host_t *offer, *server = NULL; |
20ee54d0 MW |
480 | |
481 | offer = host_create_from_chunk(AF_INET, | |
4f0932ec | 482 | chunk_from_thing(dhcp->your_address), 0); |
20ee54d0 MW |
483 | |
484 | this->mutex->lock(this->mutex); | |
485 | enumerator = this->discover->create_enumerator(this->discover); | |
486 | while (enumerator->enumerate(enumerator, &transaction)) | |
487 | { | |
488 | if (transaction->get_id(transaction) == dhcp->transaction_id) | |
489 | { | |
490 | this->discover->remove_at(this->discover, enumerator); | |
491 | this->request->insert_last(this->request, transaction); | |
4f0932ec MW |
492 | break; |
493 | } | |
494 | } | |
495 | enumerator->destroy(enumerator); | |
b262429e MW |
496 | |
497 | if (transaction) | |
498 | { | |
499 | int optsize, optpos = 0, pos; | |
500 | dhcp_option_t *option; | |
501 | ||
502 | while (optlen > sizeof(dhcp_option_t)) | |
503 | { | |
504 | option = (dhcp_option_t*)&dhcp->options[optpos]; | |
505 | optsize = sizeof(dhcp_option_t) + option->len; | |
506 | if (option->type == DHCP_OPTEND || optlen < optsize) | |
507 | { | |
508 | break; | |
509 | } | |
510 | if (option->type == DHCP_DNS_SERVER || | |
511 | option->type == DHCP_NBNS_SERVER) | |
512 | { | |
513 | for (pos = 0; pos + 4 <= option->len; pos += 4) | |
514 | { | |
515 | transaction->add_attribute(transaction, option->type == | |
516 | DHCP_DNS_SERVER ? INTERNAL_IP4_DNS : INTERNAL_IP4_NBNS, | |
517 | chunk_create((char*)&option->data[pos], 4)); | |
518 | } | |
519 | } | |
9bac426b | 520 | if (!server && option->type == DHCP_SERVER_ID && option->len == 4) |
e3bde0ef MW |
521 | { |
522 | server = host_create_from_chunk(AF_INET, | |
523 | chunk_create(option->data, 4), DHCP_SERVER_PORT); | |
524 | } | |
b262429e MW |
525 | optlen -= optsize; |
526 | optpos += optsize; | |
527 | } | |
e3bde0ef MW |
528 | if (!server) |
529 | { | |
530 | server = host_create_from_chunk(AF_INET, | |
531 | chunk_from_thing(dhcp->server_address), DHCP_SERVER_PORT); | |
532 | } | |
533 | DBG1(DBG_CFG, "received DHCP OFFER %H from %H", offer, server); | |
534 | transaction->set_address(transaction, offer->clone(offer)); | |
9bac426b | 535 | transaction->set_server(transaction, server); |
b262429e | 536 | } |
4f0932ec MW |
537 | this->mutex->unlock(this->mutex); |
538 | this->condvar->broadcast(this->condvar); | |
539 | offer->destroy(offer); | |
4f0932ec MW |
540 | } |
541 | ||
542 | /** | |
543 | * Handle a DHCP ACK | |
544 | */ | |
545 | static void handle_ack(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen) | |
546 | { | |
547 | dhcp_transaction_t *transaction; | |
548 | enumerator_t *enumerator; | |
549 | host_t *offer; | |
550 | ||
551 | offer = host_create_from_chunk(AF_INET, | |
552 | chunk_from_thing(dhcp->your_address), 0); | |
4f0932ec MW |
553 | |
554 | this->mutex->lock(this->mutex); | |
555 | enumerator = this->request->create_enumerator(this->request); | |
556 | while (enumerator->enumerate(enumerator, &transaction)) | |
557 | { | |
558 | if (transaction->get_id(transaction) == dhcp->transaction_id) | |
559 | { | |
f0212e88 | 560 | DBG1(DBG_CFG, "received DHCP ACK for %H", offer); |
4f0932ec MW |
561 | this->request->remove_at(this->request, enumerator); |
562 | this->completed->insert_last(this->completed, transaction); | |
20ee54d0 MW |
563 | break; |
564 | } | |
565 | } | |
566 | enumerator->destroy(enumerator); | |
567 | this->mutex->unlock(this->mutex); | |
568 | this->condvar->broadcast(this->condvar); | |
569 | offer->destroy(offer); | |
570 | } | |
571 | ||
572 | /** | |
573 | * Receive DHCP responses | |
574 | */ | |
c0db5d38 MW |
575 | static bool receive_dhcp(private_dhcp_socket_t *this, int fd, |
576 | watcher_event_t event) | |
20ee54d0 MW |
577 | { |
578 | struct sockaddr_ll addr; | |
579 | socklen_t addr_len = sizeof(addr); | |
580 | struct __attribute__((packed)) { | |
581 | struct iphdr ip; | |
582 | struct udphdr udp; | |
583 | dhcp_t dhcp; | |
584 | } packet; | |
c0db5d38 | 585 | int optlen, origoptlen, optsize, optpos = 0; |
20ee54d0 MW |
586 | ssize_t len; |
587 | dhcp_option_t *option; | |
588 | ||
c0db5d38 | 589 | len = recvfrom(fd, &packet, sizeof(packet), MSG_DONTWAIT, |
20ee54d0 | 590 | (struct sockaddr*)&addr, &addr_len); |
20ee54d0 MW |
591 | |
592 | if (len >= sizeof(struct iphdr) + sizeof(struct udphdr) + | |
593 | offsetof(dhcp_t, options)) | |
594 | { | |
595 | origoptlen = optlen = len - sizeof(struct iphdr) + | |
596 | sizeof(struct udphdr) + offsetof(dhcp_t, options); | |
597 | while (optlen > sizeof(dhcp_option_t)) | |
598 | { | |
599 | option = (dhcp_option_t*)&packet.dhcp.options[optpos]; | |
600 | optsize = sizeof(dhcp_option_t) + option->len; | |
601 | if (option->type == DHCP_OPTEND || optlen < optsize) | |
602 | { | |
603 | break; | |
604 | } | |
605 | if (option->type == DHCP_MESSAGE_TYPE && option->len == 1) | |
606 | { | |
607 | switch (option->data[0]) | |
608 | { | |
609 | case DHCP_OFFER: | |
610 | handle_offer(this, &packet.dhcp, origoptlen); | |
611 | break; | |
4f0932ec MW |
612 | case DHCP_ACK: |
613 | handle_ack(this, &packet.dhcp, origoptlen); | |
20ee54d0 MW |
614 | default: |
615 | break; | |
616 | } | |
617 | break; | |
618 | } | |
619 | optlen -= optsize; | |
620 | optpos += optsize; | |
621 | } | |
622 | } | |
c0db5d38 | 623 | return TRUE; |
20ee54d0 MW |
624 | } |
625 | ||
ddc93db6 MW |
626 | METHOD(dhcp_socket_t, destroy, void, |
627 | private_dhcp_socket_t *this) | |
628 | { | |
ddc93db6 MW |
629 | while (this->waiting) |
630 | { | |
631 | this->condvar->signal(this->condvar); | |
632 | } | |
20ee54d0 MW |
633 | if (this->send > 0) |
634 | { | |
635 | close(this->send); | |
636 | } | |
637 | if (this->receive > 0) | |
ddc93db6 | 638 | { |
c0db5d38 | 639 | lib->watcher->remove(lib->watcher, this->receive); |
20ee54d0 | 640 | close(this->receive); |
ddc93db6 MW |
641 | } |
642 | this->mutex->destroy(this->mutex); | |
643 | this->condvar->destroy(this->condvar); | |
20ee54d0 MW |
644 | this->discover->destroy_offset(this->discover, |
645 | offsetof(dhcp_transaction_t, destroy)); | |
646 | this->request->destroy_offset(this->request, | |
647 | offsetof(dhcp_transaction_t, destroy)); | |
648 | this->completed->destroy_offset(this->completed, | |
649 | offsetof(dhcp_transaction_t, destroy)); | |
ddc93db6 MW |
650 | DESTROY_IF(this->rng); |
651 | DESTROY_IF(this->dst); | |
652 | free(this); | |
653 | } | |
654 | ||
3711f66e TE |
655 | /** |
656 | * Bind a socket to a particular interface name | |
657 | */ | |
658 | static bool bind_to_device(int fd, char *iface) | |
659 | { | |
660 | struct ifreq ifreq; | |
661 | ||
662 | if (strlen(iface) > sizeof(ifreq.ifr_name)) | |
663 | { | |
664 | DBG1(DBG_CFG, "name for DHCP interface too long: '%s'", iface); | |
665 | return FALSE; | |
666 | } | |
667 | memcpy(ifreq.ifr_name, iface, sizeof(ifreq.ifr_name)); | |
668 | if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, &ifreq, sizeof(ifreq))) | |
669 | { | |
670 | DBG1(DBG_CFG, "binding DHCP socket to '%s' failed: %s", | |
671 | iface, strerror(errno)); | |
672 | return FALSE; | |
673 | } | |
674 | return TRUE; | |
675 | } | |
676 | ||
ddc93db6 MW |
677 | /** |
678 | * See header | |
679 | */ | |
680 | dhcp_socket_t *dhcp_socket_create() | |
681 | { | |
682 | private_dhcp_socket_t *this; | |
9d5b688a TB |
683 | struct sockaddr_in src = { |
684 | .sin_family = AF_INET, | |
685 | .sin_port = htons(DHCP_CLIENT_PORT), | |
686 | .sin_addr = { | |
687 | .s_addr = INADDR_ANY, | |
688 | }, | |
689 | }; | |
3711f66e | 690 | char *iface; |
ddc93db6 | 691 | int on = 1; |
20ee54d0 MW |
692 | struct sock_filter dhcp_filter_code[] = { |
693 | BPF_STMT(BPF_LD+BPF_B+BPF_ABS, | |
694 | offsetof(struct iphdr, protocol)), | |
f0212e88 | 695 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, IPPROTO_UDP, 0, 16), |
20ee54d0 MW |
696 | BPF_STMT(BPF_LD+BPF_H+BPF_ABS, sizeof(struct iphdr) + |
697 | offsetof(struct udphdr, source)), | |
f0212e88 | 698 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_SERVER_PORT, 0, 14), |
20ee54d0 MW |
699 | BPF_STMT(BPF_LD+BPF_H+BPF_ABS, sizeof(struct iphdr) + |
700 | offsetof(struct udphdr, dest)), | |
e8b5c7b9 TB |
701 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_CLIENT_PORT, 2, 0), |
702 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_SERVER_PORT, 1, 0), | |
703 | BPF_JUMP(BPF_JMP+BPF_JA, 10, 0, 0), | |
20ee54d0 MW |
704 | BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) + |
705 | sizeof(struct udphdr) + offsetof(dhcp_t, opcode)), | |
706 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, BOOTREPLY, 0, 8), | |
707 | BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) + | |
708 | sizeof(struct udphdr) + offsetof(dhcp_t, hw_type)), | |
709 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARPHRD_ETHER, 0, 6), | |
710 | BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) + | |
711 | sizeof(struct udphdr) + offsetof(dhcp_t, hw_addr_len)), | |
712 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 6, 0, 4), | |
713 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, sizeof(struct iphdr) + | |
714 | sizeof(struct udphdr) + offsetof(dhcp_t, magic_cookie)), | |
715 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0x63825363, 0, 2), | |
716 | BPF_STMT(BPF_LD+BPF_W+BPF_LEN, 0), | |
717 | BPF_STMT(BPF_RET+BPF_A, 0), | |
718 | BPF_STMT(BPF_RET+BPF_K, 0), | |
719 | }; | |
720 | struct sock_fprog dhcp_filter = { | |
721 | sizeof(dhcp_filter_code) / sizeof(struct sock_filter), | |
722 | dhcp_filter_code, | |
723 | }; | |
ddc93db6 MW |
724 | |
725 | INIT(this, | |
726 | .public = { | |
727 | .enroll = _enroll, | |
913eb696 | 728 | .release = _release, |
ddc93db6 MW |
729 | .destroy = _destroy, |
730 | }, | |
731 | .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK), | |
732 | .mutex = mutex_create(MUTEX_TYPE_DEFAULT), | |
733 | .condvar = condvar_create(CONDVAR_TYPE_DEFAULT), | |
20ee54d0 MW |
734 | .discover = linked_list_create(), |
735 | .request = linked_list_create(), | |
ddc93db6 MW |
736 | .completed = linked_list_create(), |
737 | ); | |
738 | ||
739 | if (!this->rng) | |
740 | { | |
741 | DBG1(DBG_CFG, "unable to create RNG"); | |
742 | destroy(this); | |
743 | return NULL; | |
744 | } | |
e06a6154 | 745 | this->identity_lease = lib->settings->get_bool(lib->settings, |
42500c27 | 746 | "%s.plugins.dhcp.identity_lease", FALSE, |
d223fe80 | 747 | lib->ns); |
bc6ec4de TB |
748 | this->force_dst = lib->settings->get_str(lib->settings, |
749 | "%s.plugins.dhcp.force_server_address", FALSE, | |
d223fe80 | 750 | lib->ns); |
ddc93db6 | 751 | this->dst = host_create_from_string(lib->settings->get_str(lib->settings, |
42500c27 | 752 | "%s.plugins.dhcp.server", "255.255.255.255", |
d223fe80 | 753 | lib->ns), DHCP_SERVER_PORT); |
3711f66e | 754 | iface = lib->settings->get_str(lib->settings, "%s.plugins.dhcp.interface", |
d223fe80 | 755 | NULL, lib->ns); |
ddc93db6 MW |
756 | if (!this->dst) |
757 | { | |
758 | DBG1(DBG_CFG, "configured DHCP server address invalid"); | |
759 | destroy(this); | |
760 | return NULL; | |
761 | } | |
762 | ||
20ee54d0 MW |
763 | this->send = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); |
764 | if (this->send == -1) | |
ddc93db6 MW |
765 | { |
766 | DBG1(DBG_CFG, "unable to create DHCP send socket: %s", strerror(errno)); | |
767 | destroy(this); | |
768 | return NULL; | |
769 | } | |
20ee54d0 | 770 | if (setsockopt(this->send, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1) |
ddc93db6 MW |
771 | { |
772 | DBG1(DBG_CFG, "unable to reuse DHCP socket address: %s", strerror(errno)); | |
773 | destroy(this); | |
774 | return NULL; | |
775 | } | |
20ee54d0 | 776 | if (setsockopt(this->send, SOL_SOCKET, SO_BROADCAST, &on, sizeof(on)) == -1) |
ddc93db6 MW |
777 | { |
778 | DBG1(DBG_CFG, "unable to broadcast on DHCP socket: %s", strerror(errno)); | |
779 | destroy(this); | |
780 | return NULL; | |
781 | } | |
becf027c TB |
782 | if (!is_broadcast(this->dst)) |
783 | { | |
784 | /* when setting giaddr (which we do when we don't broadcast), the server | |
785 | * should respond to the server port on that IP, according to RFC 2131, | |
786 | * section 4.1. while we do receive such messages via raw socket, the | |
787 | * kernel will respond with an ICMP port unreachable if there is no | |
788 | * socket bound to that port, which might be problematic with certain | |
789 | * DHCP servers. instead of opening an additional socket, that we don't | |
790 | * actually use, we can also just send our requests from port 67 */ | |
791 | src.sin_port = htons(DHCP_SERVER_PORT); | |
792 | } | |
20ee54d0 | 793 | if (bind(this->send, (struct sockaddr*)&src, sizeof(src)) == -1) |
ddc93db6 MW |
794 | { |
795 | DBG1(DBG_CFG, "unable to bind DHCP send socket: %s", strerror(errno)); | |
796 | destroy(this); | |
797 | return NULL; | |
798 | } | |
799 | ||
20ee54d0 MW |
800 | this->receive = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_IP)); |
801 | if (this->receive == -1) | |
802 | { | |
803 | DBG1(DBG_NET, "opening DHCP receive socket failed: %s", strerror(errno)); | |
804 | destroy(this); | |
805 | return NULL; | |
806 | } | |
807 | if (setsockopt(this->receive, SOL_SOCKET, SO_ATTACH_FILTER, | |
808 | &dhcp_filter, sizeof(dhcp_filter)) < 0) | |
809 | { | |
810 | DBG1(DBG_CFG, "installing DHCP socket filter failed: %s", | |
811 | strerror(errno)); | |
812 | destroy(this); | |
813 | return NULL; | |
814 | } | |
3711f66e TE |
815 | if (iface) |
816 | { | |
817 | if (!bind_to_device(this->send, iface) || | |
818 | !bind_to_device(this->receive, iface)) | |
819 | { | |
820 | destroy(this); | |
821 | return NULL; | |
822 | } | |
823 | } | |
20ee54d0 | 824 | |
c0db5d38 MW |
825 | lib->watcher->add(lib->watcher, this->receive, WATCHER_READ, |
826 | (watcher_cb_t)receive_dhcp, this); | |
20ee54d0 | 827 | |
ddc93db6 MW |
828 | return &this->public; |
829 | } |