]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/libsystemd-network/sd-ipv4acd.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tree-wide: add FORMAT_TIMESPAN()
[thirdparty/systemd.git] / src / libsystemd-network / sd-ipv4acd.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2 /***
3 Copyright © 2014 Axis Communications AB. All rights reserved.
4 ***/
5
6 #include <arpa/inet.h>
7 #include <errno.h>
8 #include <netinet/if_ether.h>
9 #include <stdio.h>
10 #include <stdlib.h>
11
12 #include "sd-ipv4acd.h"
13
14 #include "alloc-util.h"
15 #include "arp-util.h"
16 #include "ether-addr-util.h"
17 #include "event-util.h"
18 #include "fd-util.h"
19 #include "in-addr-util.h"
20 #include "log-link.h"
21 #include "memory-util.h"
22 #include "network-common.h"
23 #include "random-util.h"
24 #include "siphash24.h"
25 #include "string-table.h"
26 #include "string-util.h"
27 #include "time-util.h"
28
29 /* Constants from the RFC */
30 #define PROBE_WAIT_USEC (1U * USEC_PER_SEC)
31 #define PROBE_NUM 3U
32 #define PROBE_MIN_USEC (1U * USEC_PER_SEC)
33 #define PROBE_MAX_USEC (2U * USEC_PER_SEC)
34 #define ANNOUNCE_WAIT_USEC (2U * USEC_PER_SEC)
35 #define ANNOUNCE_NUM 2U
36 #define ANNOUNCE_INTERVAL_USEC (2U * USEC_PER_SEC)
37 #define MAX_CONFLICTS 10U
38 #define RATE_LIMIT_INTERVAL_USEC (60U * USEC_PER_SEC)
39 #define DEFEND_INTERVAL_USEC (10U * USEC_PER_SEC)
40
41 typedef enum IPv4ACDState {
42 IPV4ACD_STATE_INIT,
43 IPV4ACD_STATE_STARTED,
44 IPV4ACD_STATE_WAITING_PROBE,
45 IPV4ACD_STATE_PROBING,
46 IPV4ACD_STATE_WAITING_ANNOUNCE,
47 IPV4ACD_STATE_ANNOUNCING,
48 IPV4ACD_STATE_RUNNING,
49 _IPV4ACD_STATE_MAX,
50 _IPV4ACD_STATE_INVALID = -EINVAL,
51 } IPv4ACDState;
52
53 struct sd_ipv4acd {
54 unsigned n_ref;
55
56 IPv4ACDState state;
57 int ifindex;
58 int fd;
59
60 char *ifname;
61 unsigned n_iteration;
62 unsigned n_conflict;
63
64 sd_event_source *receive_message_event_source;
65 sd_event_source *timer_event_source;
66
67 usec_t defend_window;
68 struct in_addr address;
69
70 /* External */
71 struct ether_addr mac_addr;
72
73 sd_event *event;
74 int event_priority;
75 sd_ipv4acd_callback_t callback;
76 void *userdata;
77 sd_ipv4acd_check_mac_callback_t check_mac_callback;
78 void *check_mac_userdata;
79 };
80
81 #define log_ipv4acd_errno(acd, error, fmt, ...) \
82 log_interface_prefix_full_errno( \
83 "IPv4ACD: ", \
84 sd_ipv4acd_get_ifname(acd), \
85 error, fmt, ##__VA_ARGS__)
86 #define log_ipv4acd(acd, fmt, ...) \
87 log_interface_prefix_full_errno_zerook( \
88 "IPv4ACD: ", \
89 sd_ipv4acd_get_ifname(acd), \
90 0, fmt, ##__VA_ARGS__)
91
92 static const char * const ipv4acd_state_table[_IPV4ACD_STATE_MAX] = {
93 [IPV4ACD_STATE_INIT] = "init",
94 [IPV4ACD_STATE_STARTED] = "started",
95 [IPV4ACD_STATE_WAITING_PROBE] = "waiting-probe",
96 [IPV4ACD_STATE_PROBING] = "probing",
97 [IPV4ACD_STATE_WAITING_ANNOUNCE] = "waiting-announce",
98 [IPV4ACD_STATE_ANNOUNCING] = "announcing",
99 [IPV4ACD_STATE_RUNNING] = "running",
100 };
101
102 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(ipv4acd_state, IPv4ACDState);
103
104 static void ipv4acd_set_state(sd_ipv4acd *acd, IPv4ACDState st, bool reset_counter) {
105 assert(acd);
106 assert(st < _IPV4ACD_STATE_MAX);
107
108 if (st != acd->state)
109 log_ipv4acd(acd, "%s -> %s", ipv4acd_state_to_string(acd->state), ipv4acd_state_to_string(st));
110
111 if (st == acd->state && !reset_counter)
112 acd->n_iteration++;
113 else {
114 acd->state = st;
115 acd->n_iteration = 0;
116 }
117 }
118
119 static void ipv4acd_reset(sd_ipv4acd *acd) {
120 assert(acd);
121
122 (void) event_source_disable(acd->timer_event_source);
123 acd->receive_message_event_source = sd_event_source_unref(acd->receive_message_event_source);
124
125 acd->fd = safe_close(acd->fd);
126
127 ipv4acd_set_state(acd, IPV4ACD_STATE_INIT, true);
128 }
129
130 static sd_ipv4acd *ipv4acd_free(sd_ipv4acd *acd) {
131 assert(acd);
132
133 acd->timer_event_source = sd_event_source_unref(acd->timer_event_source);
134
135 ipv4acd_reset(acd);
136 sd_ipv4acd_detach_event(acd);
137 free(acd->ifname);
138 return mfree(acd);
139 }
140
141 DEFINE_TRIVIAL_REF_UNREF_FUNC(sd_ipv4acd, sd_ipv4acd, ipv4acd_free);
142
143 int sd_ipv4acd_new(sd_ipv4acd **ret) {
144 _cleanup_(sd_ipv4acd_unrefp) sd_ipv4acd *acd = NULL;
145
146 assert_return(ret, -EINVAL);
147
148 acd = new(sd_ipv4acd, 1);
149 if (!acd)
150 return -ENOMEM;
151
152 *acd = (sd_ipv4acd) {
153 .n_ref = 1,
154 .state = IPV4ACD_STATE_INIT,
155 .ifindex = -1,
156 .fd = -1,
157 };
158
159 *ret = TAKE_PTR(acd);
160
161 return 0;
162 }
163
164 static void ipv4acd_client_notify(sd_ipv4acd *acd, int event) {
165 assert(acd);
166
167 if (!acd->callback)
168 return;
169
170 acd->callback(acd, event, acd->userdata);
171 }
172
173 int sd_ipv4acd_stop(sd_ipv4acd *acd) {
174 IPv4ACDState old_state;
175
176 if (!acd)
177 return 0;
178
179 old_state = acd->state;
180
181 ipv4acd_reset(acd);
182
183 if (old_state == IPV4ACD_STATE_INIT)
184 return 0;
185
186 log_ipv4acd(acd, "STOPPED");
187
188 ipv4acd_client_notify(acd, SD_IPV4ACD_EVENT_STOP);
189
190 return 0;
191 }
192
193 static int ipv4acd_on_timeout(sd_event_source *s, uint64_t usec, void *userdata);
194
195 static int ipv4acd_set_next_wakeup(sd_ipv4acd *acd, usec_t usec, usec_t random_usec) {
196 usec_t next_timeout, time_now;
197
198 assert(acd);
199
200 next_timeout = usec;
201
202 if (random_usec > 0)
203 next_timeout += (usec_t) random_u64() % random_usec;
204
205 assert_se(sd_event_now(acd->event, clock_boottime_or_monotonic(), &time_now) >= 0);
206
207 return event_reset_time(acd->event, &acd->timer_event_source,
208 clock_boottime_or_monotonic(),
209 time_now + next_timeout, 0,
210 ipv4acd_on_timeout, acd,
211 acd->event_priority, "ipv4acd-timer", true);
212 }
213
214 static int ipv4acd_on_timeout(sd_event_source *s, uint64_t usec, void *userdata) {
215 sd_ipv4acd *acd = userdata;
216 int r = 0;
217
218 assert(acd);
219
220 switch (acd->state) {
221
222 case IPV4ACD_STATE_STARTED:
223 acd->defend_window = 0;
224
225 ipv4acd_set_state(acd, IPV4ACD_STATE_WAITING_PROBE, true);
226
227 if (acd->n_conflict >= MAX_CONFLICTS) {
228 log_ipv4acd(acd, "Max conflicts reached, delaying by %s",
229 FORMAT_TIMESPAN(RATE_LIMIT_INTERVAL_USEC, 0));
230 r = ipv4acd_set_next_wakeup(acd, RATE_LIMIT_INTERVAL_USEC, PROBE_WAIT_USEC);
231 } else
232 r = ipv4acd_set_next_wakeup(acd, 0, PROBE_WAIT_USEC);
233 if (r < 0)
234 goto fail;
235
236 break;
237
238 case IPV4ACD_STATE_WAITING_PROBE:
239 case IPV4ACD_STATE_PROBING:
240 /* Send a probe */
241 r = arp_send_probe(acd->fd, acd->ifindex, &acd->address, &acd->mac_addr);
242 if (r < 0) {
243 log_ipv4acd_errno(acd, r, "Failed to send ARP probe: %m");
244 goto fail;
245 }
246
247 log_ipv4acd(acd, "Probing "IPV4_ADDRESS_FMT_STR, IPV4_ADDRESS_FMT_VAL(acd->address));
248
249 if (acd->n_iteration < PROBE_NUM - 2) {
250 ipv4acd_set_state(acd, IPV4ACD_STATE_PROBING, false);
251
252 r = ipv4acd_set_next_wakeup(acd, PROBE_MIN_USEC, (PROBE_MAX_USEC-PROBE_MIN_USEC));
253 if (r < 0)
254 goto fail;
255 } else {
256 ipv4acd_set_state(acd, IPV4ACD_STATE_WAITING_ANNOUNCE, true);
257
258 r = ipv4acd_set_next_wakeup(acd, ANNOUNCE_WAIT_USEC, 0);
259 if (r < 0)
260 goto fail;
261 }
262
263 break;
264
265 case IPV4ACD_STATE_ANNOUNCING:
266 if (acd->n_iteration >= ANNOUNCE_NUM - 1) {
267 ipv4acd_set_state(acd, IPV4ACD_STATE_RUNNING, false);
268 break;
269 }
270
271 _fallthrough_;
272 case IPV4ACD_STATE_WAITING_ANNOUNCE:
273 /* Send announcement packet */
274 r = arp_send_announcement(acd->fd, acd->ifindex, &acd->address, &acd->mac_addr);
275 if (r < 0) {
276 log_ipv4acd_errno(acd, r, "Failed to send ARP announcement: %m");
277 goto fail;
278 }
279
280 log_ipv4acd(acd, "Announcing "IPV4_ADDRESS_FMT_STR, IPV4_ADDRESS_FMT_VAL(acd->address));
281
282 ipv4acd_set_state(acd, IPV4ACD_STATE_ANNOUNCING, false);
283
284 r = ipv4acd_set_next_wakeup(acd, ANNOUNCE_INTERVAL_USEC, 0);
285 if (r < 0)
286 goto fail;
287
288 if (acd->n_iteration == 0) {
289 acd->n_conflict = 0;
290 ipv4acd_client_notify(acd, SD_IPV4ACD_EVENT_BIND);
291 }
292
293 break;
294
295 default:
296 assert_not_reached("Invalid state.");
297 }
298
299 return 0;
300
301 fail:
302 sd_ipv4acd_stop(acd);
303 return 0;
304 }
305
306 static bool ipv4acd_arp_conflict(sd_ipv4acd *acd, const struct ether_arp *arp, bool announced) {
307 assert(acd);
308 assert(arp);
309
310 /* RFC 5227 section 2.1.1.
311 * "the host receives any ARP packet (Request *or* Reply) on the interface where the probe is
312 * being performed, where the packet's 'sender IP address' is the address being probed for,
313 * then the host MUST treat this address as being in use by some other host" */
314 if (memcmp(arp->arp_spa, &acd->address, sizeof(struct in_addr)) == 0)
315 return true;
316
317 if (announced)
318 /* the TPA matched instead of SPA, this is not a conflict */
319 return false;
320
321 /* "any ARP Probe where the packet's 'target IP address' is the address being probed for, and
322 * the packet's 'sender hardware address' is not the hardware address of any of the host's
323 * interfaces, then the host SHOULD similarly treat this as an address conflict" */
324 if (arp->ea_hdr.ar_op != htobe16(ARPOP_REQUEST))
325 return false; /* not ARP Request, ignoring. */
326 if (memeqzero(arp->arp_spa, sizeof(struct in_addr)) == 0)
327 return false; /* not ARP Probe, ignoring. */
328 if (memcmp(arp->arp_tpa, &acd->address, sizeof(struct in_addr)) != 0)
329 return false; /* target IP address does not match, BPF code is broken? */
330
331 if (acd->check_mac_callback &&
332 acd->check_mac_callback(acd, (const struct ether_addr*) arp->arp_sha, acd->check_mac_userdata) > 0)
333 /* sender hardware is one of the host's interfaces, ignoring. */
334 return true;
335
336 return true; /* conflict! */
337 }
338
339 static void ipv4acd_on_conflict(sd_ipv4acd *acd) {
340 assert(acd);
341
342 acd->n_conflict++;
343
344 log_ipv4acd(acd, "Conflict on "IPV4_ADDRESS_FMT_STR" (%u)", IPV4_ADDRESS_FMT_VAL(acd->address), acd->n_conflict);
345
346 ipv4acd_reset(acd);
347 ipv4acd_client_notify(acd, SD_IPV4ACD_EVENT_CONFLICT);
348 }
349
350 static int ipv4acd_on_packet(
351 sd_event_source *s,
352 int fd,
353 uint32_t revents,
354 void *userdata) {
355
356 sd_ipv4acd *acd = userdata;
357 struct ether_arp packet;
358 ssize_t n;
359 int r;
360
361 assert(s);
362 assert(acd);
363 assert(fd >= 0);
364
365 n = recv(fd, &packet, sizeof(struct ether_arp), 0);
366 if (n < 0) {
367 if (IN_SET(errno, EAGAIN, EINTR))
368 return 0;
369
370 log_ipv4acd_errno(acd, errno, "Failed to read ARP packet: %m");
371 goto fail;
372 }
373 if ((size_t) n != sizeof(struct ether_arp)) {
374 log_ipv4acd(acd, "Ignoring too short ARP packet.");
375 return 0;
376 }
377
378 switch (acd->state) {
379
380 case IPV4ACD_STATE_ANNOUNCING:
381 case IPV4ACD_STATE_RUNNING:
382
383 if (ipv4acd_arp_conflict(acd, &packet, true)) {
384 usec_t ts;
385
386 assert_se(sd_event_now(acd->event, clock_boottime_or_monotonic(), &ts) >= 0);
387
388 /* Defend address */
389 if (ts > acd->defend_window) {
390 acd->defend_window = ts + DEFEND_INTERVAL_USEC;
391 r = arp_send_announcement(acd->fd, acd->ifindex, &acd->address, &acd->mac_addr);
392 if (r < 0) {
393 log_ipv4acd_errno(acd, r, "Failed to send ARP announcement: %m");
394 goto fail;
395 }
396
397 log_ipv4acd(acd, "Defending "IPV4_ADDRESS_FMT_STR, IPV4_ADDRESS_FMT_VAL(acd->address));
398
399 } else
400 ipv4acd_on_conflict(acd);
401 }
402 break;
403
404 case IPV4ACD_STATE_WAITING_PROBE:
405 case IPV4ACD_STATE_PROBING:
406 case IPV4ACD_STATE_WAITING_ANNOUNCE:
407 if (ipv4acd_arp_conflict(acd, &packet, false))
408 ipv4acd_on_conflict(acd);
409 break;
410
411 default:
412 assert_not_reached("Invalid state.");
413 }
414
415 return 0;
416
417 fail:
418 sd_ipv4acd_stop(acd);
419 return 0;
420 }
421
422 int sd_ipv4acd_set_ifindex(sd_ipv4acd *acd, int ifindex) {
423 assert_return(acd, -EINVAL);
424 assert_return(ifindex > 0, -EINVAL);
425 assert_return(acd->state == IPV4ACD_STATE_INIT, -EBUSY);
426
427 acd->ifindex = ifindex;
428
429 return 0;
430 }
431
432 int sd_ipv4acd_get_ifindex(sd_ipv4acd *acd) {
433 if (!acd)
434 return -EINVAL;
435
436 return acd->ifindex;
437 }
438
439 int sd_ipv4acd_set_ifname(sd_ipv4acd *acd, const char *ifname) {
440 assert_return(acd, -EINVAL);
441 assert_return(ifname, -EINVAL);
442
443 if (!ifname_valid_full(ifname, IFNAME_VALID_ALTERNATIVE))
444 return -EINVAL;
445
446 return free_and_strdup(&acd->ifname, ifname);
447 }
448
449 const char *sd_ipv4acd_get_ifname(sd_ipv4acd *acd) {
450 if (!acd)
451 return NULL;
452
453 return get_ifname(acd->ifindex, &acd->ifname);
454 }
455
456 int sd_ipv4acd_set_mac(sd_ipv4acd *acd, const struct ether_addr *addr) {
457 int r;
458
459 assert_return(acd, -EINVAL);
460 assert_return(addr, -EINVAL);
461 assert_return(!ether_addr_is_null(addr), -EINVAL);
462
463 acd->mac_addr = *addr;
464
465 if (!sd_ipv4acd_is_running(acd))
466 return 0;
467
468 assert(acd->fd >= 0);
469 r = arp_update_filter(acd->fd, &acd->address, &acd->mac_addr);
470 if (r < 0) {
471 ipv4acd_reset(acd);
472 return r;
473 }
474
475 return 0;
476 }
477
478 int sd_ipv4acd_detach_event(sd_ipv4acd *acd) {
479 assert_return(acd, -EINVAL);
480
481 acd->event = sd_event_unref(acd->event);
482
483 return 0;
484 }
485
486 int sd_ipv4acd_attach_event(sd_ipv4acd *acd, sd_event *event, int64_t priority) {
487 int r;
488
489 assert_return(acd, -EINVAL);
490 assert_return(!acd->event, -EBUSY);
491
492 if (event)
493 acd->event = sd_event_ref(event);
494 else {
495 r = sd_event_default(&acd->event);
496 if (r < 0)
497 return r;
498 }
499
500 acd->event_priority = priority;
501
502 return 0;
503 }
504
505 int sd_ipv4acd_set_callback(sd_ipv4acd *acd, sd_ipv4acd_callback_t cb, void *userdata) {
506 assert_return(acd, -EINVAL);
507
508 acd->callback = cb;
509 acd->userdata = userdata;
510
511 return 0;
512 }
513
514 int sd_ipv4acd_set_check_mac_callback(sd_ipv4acd *acd, sd_ipv4acd_check_mac_callback_t cb, void *userdata) {
515 assert_return(acd, -EINVAL);
516
517 acd->check_mac_callback = cb;
518 acd->check_mac_userdata = userdata;
519 return 0;
520 }
521
522 int sd_ipv4acd_set_address(sd_ipv4acd *acd, const struct in_addr *address) {
523 int r;
524
525 assert_return(acd, -EINVAL);
526 assert_return(address, -EINVAL);
527 assert_return(in4_addr_is_set(address), -EINVAL);
528
529 if (in4_addr_equal(&acd->address, address))
530 return 0;
531
532 acd->address = *address;
533
534 if (!sd_ipv4acd_is_running(acd))
535 return 0;
536
537 assert(acd->fd >= 0);
538 r = arp_update_filter(acd->fd, &acd->address, &acd->mac_addr);
539 if (r < 0)
540 goto fail;
541
542 r = ipv4acd_set_next_wakeup(acd, 0, 0);
543 if (r < 0)
544 goto fail;
545
546 ipv4acd_set_state(acd, IPV4ACD_STATE_STARTED, true);
547 return 0;
548
549 fail:
550 ipv4acd_reset(acd);
551 return r;
552 }
553
554 int sd_ipv4acd_get_address(sd_ipv4acd *acd, struct in_addr *address) {
555 assert_return(acd, -EINVAL);
556 assert_return(address, -EINVAL);
557
558 *address = acd->address;
559
560 return 0;
561 }
562
563 int sd_ipv4acd_is_running(sd_ipv4acd *acd) {
564 assert_return(acd, false);
565
566 return acd->state != IPV4ACD_STATE_INIT;
567 }
568
569 int sd_ipv4acd_start(sd_ipv4acd *acd, bool reset_conflicts) {
570 int r;
571
572 assert_return(acd, -EINVAL);
573 assert_return(acd->event, -EINVAL);
574 assert_return(acd->ifindex > 0, -EINVAL);
575 assert_return(in4_addr_is_set(&acd->address), -EINVAL);
576 assert_return(!ether_addr_is_null(&acd->mac_addr), -EINVAL);
577 assert_return(acd->state == IPV4ACD_STATE_INIT, -EBUSY);
578
579 r = arp_network_bind_raw_socket(acd->ifindex, &acd->address, &acd->mac_addr);
580 if (r < 0)
581 return r;
582
583 CLOSE_AND_REPLACE(acd->fd, r);
584
585 if (reset_conflicts)
586 acd->n_conflict = 0;
587
588 r = sd_event_add_io(acd->event, &acd->receive_message_event_source, acd->fd, EPOLLIN, ipv4acd_on_packet, acd);
589 if (r < 0)
590 goto fail;
591
592 r = sd_event_source_set_priority(acd->receive_message_event_source, acd->event_priority);
593 if (r < 0)
594 goto fail;
595
596 (void) sd_event_source_set_description(acd->receive_message_event_source, "ipv4acd-receive-message");
597
598 r = ipv4acd_set_next_wakeup(acd, 0, 0);
599 if (r < 0)
600 goto fail;
601
602 ipv4acd_set_state(acd, IPV4ACD_STATE_STARTED, true);
603 return 0;
604
605 fail:
606 ipv4acd_reset(acd);
607 return r;
608 }
Unnamed repository; edit this file 'description' to name the repository.