]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/libsystemd-network/sd-ipv4acd.c
projects / thirdparty / systemd.git / blob
? search:


87bf46ad296246d77aac1ff8468495a1c4d82450
[thirdparty/systemd.git] / src / libsystemd-network / sd-ipv4acd.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2 /***
3 Copyright © 2014 Axis Communications AB. All rights reserved.
4 ***/
5
6 #include <netinet/if_ether.h>
7 #include <stdio.h>
8
9 #include "sd-ipv4acd.h"
10
11 #include "alloc-util.h"
12 #include "arp-util.h"
13 #include "errno-util.h"
14 #include "ether-addr-util.h"
15 #include "event-util.h"
16 #include "fd-util.h"
17 #include "in-addr-util.h"
18 #include "memory-util.h"
19 #include "network-common.h"
20 #include "random-util.h"
21 #include "socket-util.h"
22 #include "string-table.h"
23 #include "string-util.h"
24 #include "time-util.h"
25
26 /* Intervals from the RFC in seconds, need to be multiplied by the time unit */
27 #define PROBE_WAIT 1U
28 #define PROBE_MIN 1U
29 #define PROBE_MAX 2U
30 #define ANNOUNCE_WAIT 2U
31 #define TOTAL_TIME_UNITS 7U
32
33 /* Intervals from the RFC not adjusted to the time unit */
34 #define ANNOUNCE_INTERVAL_USEC (2U * USEC_PER_SEC)
35 #define RATE_LIMIT_INTERVAL_USEC (60U * USEC_PER_SEC)
36 #define DEFEND_INTERVAL_USEC (10U * USEC_PER_SEC)
37
38 /* Other constants from the RFC */
39 #define PROBE_NUM 3U
40 #define ANNOUNCE_NUM 2U
41 #define MAX_CONFLICTS 10U
42
43 /* Default timeout from the RFC */
44 #define DEFAULT_ACD_TIMEOUT_USEC (200 * USEC_PER_MSEC)
45
46 typedef enum IPv4ACDState {
47 IPV4ACD_STATE_INIT,
48 IPV4ACD_STATE_STARTED,
49 IPV4ACD_STATE_WAITING_PROBE,
50 IPV4ACD_STATE_PROBING,
51 IPV4ACD_STATE_WAITING_ANNOUNCE,
52 IPV4ACD_STATE_ANNOUNCING,
53 IPV4ACD_STATE_RUNNING,
54 _IPV4ACD_STATE_MAX,
55 _IPV4ACD_STATE_INVALID = -EINVAL,
56 } IPv4ACDState;
57
58 struct sd_ipv4acd {
59 unsigned n_ref;
60
61 IPv4ACDState state;
62 int ifindex;
63 int fd;
64
65 char *ifname;
66 unsigned n_iteration;
67 unsigned n_conflict;
68
69 /* Indicates the duration of a "time unit", i.e. one second in the RFC but scaled to the
70 * chosen total duration. Represents 1/7 of the total conflict detection timeout. */
71 usec_t time_unit_usec;
72
73 sd_event_source *receive_message_event_source;
74 sd_event_source *timer_event_source;
75
76 usec_t defend_window;
77 struct in_addr address;
78
79 /* External */
80 struct ether_addr mac_addr;
81
82 sd_event *event;
83 int event_priority;
84 sd_ipv4acd_callback_t callback;
85 void *userdata;
86 sd_ipv4acd_check_mac_callback_t check_mac_callback;
87 void *check_mac_userdata;
88 };
89
90 #define log_ipv4acd_errno(acd, error, fmt, ...) \
91 log_interface_prefix_full_errno( \
92 "IPv4ACD: ", \
93 sd_ipv4acd, acd, \
94 error, fmt, ##__VA_ARGS__)
95 #define log_ipv4acd(acd, fmt, ...) \
96 log_interface_prefix_full_errno_zerook( \
97 "IPv4ACD: ", \
98 sd_ipv4acd, acd, \
99 0, fmt, ##__VA_ARGS__)
100
101 static const char * const ipv4acd_state_table[_IPV4ACD_STATE_MAX] = {
102 [IPV4ACD_STATE_INIT] = "init",
103 [IPV4ACD_STATE_STARTED] = "started",
104 [IPV4ACD_STATE_WAITING_PROBE] = "waiting-probe",
105 [IPV4ACD_STATE_PROBING] = "probing",
106 [IPV4ACD_STATE_WAITING_ANNOUNCE] = "waiting-announce",
107 [IPV4ACD_STATE_ANNOUNCING] = "announcing",
108 [IPV4ACD_STATE_RUNNING] = "running",
109 };
110
111 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(ipv4acd_state, IPv4ACDState);
112
113 static void ipv4acd_set_state(sd_ipv4acd *acd, IPv4ACDState st, bool reset_counter) {
114 assert(acd);
115 assert(st < _IPV4ACD_STATE_MAX);
116
117 if (st != acd->state)
118 log_ipv4acd(acd, "%s -> %s", ipv4acd_state_to_string(acd->state), ipv4acd_state_to_string(st));
119
120 if (st == acd->state && !reset_counter)
121 acd->n_iteration++;
122 else {
123 acd->state = st;
124 acd->n_iteration = 0;
125 }
126 }
127
128 static void ipv4acd_reset(sd_ipv4acd *acd) {
129 assert(acd);
130
131 (void) event_source_disable(acd->timer_event_source);
132 acd->receive_message_event_source = sd_event_source_disable_unref(acd->receive_message_event_source);
133
134 acd->fd = safe_close(acd->fd);
135
136 ipv4acd_set_state(acd, IPV4ACD_STATE_INIT, true);
137 }
138
139 static sd_ipv4acd *ipv4acd_free(sd_ipv4acd *acd) {
140 assert(acd);
141
142 ipv4acd_reset(acd);
143 sd_event_source_unref(acd->timer_event_source);
144 sd_ipv4acd_detach_event(acd);
145 free(acd->ifname);
146 return mfree(acd);
147 }
148
149 DEFINE_TRIVIAL_REF_UNREF_FUNC(sd_ipv4acd, sd_ipv4acd, ipv4acd_free);
150
151 int sd_ipv4acd_new(sd_ipv4acd **ret) {
152 _cleanup_(sd_ipv4acd_unrefp) sd_ipv4acd *acd = NULL;
153
154 assert_return(ret, -EINVAL);
155
156 acd = new(sd_ipv4acd, 1);
157 if (!acd)
158 return -ENOMEM;
159
160 *acd = (sd_ipv4acd) {
161 .n_ref = 1,
162 .state = IPV4ACD_STATE_INIT,
163 .time_unit_usec = DEFAULT_ACD_TIMEOUT_USEC / TOTAL_TIME_UNITS,
164 .ifindex = -1,
165 .fd = -EBADF,
166 };
167
168 *ret = TAKE_PTR(acd);
169
170 return 0;
171 }
172
173 static void ipv4acd_client_notify(sd_ipv4acd *acd, int event) {
174 assert(acd);
175
176 if (!acd->callback)
177 return;
178
179 acd->callback(acd, event, acd->userdata);
180 }
181
182 int sd_ipv4acd_stop(sd_ipv4acd *acd) {
183 IPv4ACDState old_state;
184
185 if (!acd)
186 return 0;
187
188 old_state = acd->state;
189
190 ipv4acd_reset(acd);
191
192 if (old_state == IPV4ACD_STATE_INIT)
193 return 0;
194
195 log_ipv4acd(acd, "STOPPED");
196
197 ipv4acd_client_notify(acd, SD_IPV4ACD_EVENT_STOP);
198
199 return 0;
200 }
201
202 static int ipv4acd_on_timeout(sd_event_source *s, uint64_t usec, void *userdata);
203
204 static int ipv4acd_set_next_wakeup(sd_ipv4acd *acd, usec_t usec, usec_t random_usec) {
205 usec_t next_timeout, time_now;
206
207 assert(acd);
208
209 next_timeout = usec;
210
211 if (random_usec > 0)
212 next_timeout += (usec_t) random_u64() % random_usec;
213
214 assert_se(sd_event_now(acd->event, CLOCK_BOOTTIME, &time_now) >= 0);
215
216 return event_reset_time(acd->event, &acd->timer_event_source,
217 CLOCK_BOOTTIME,
218 time_now + next_timeout, 0,
219 ipv4acd_on_timeout, acd,
220 acd->event_priority, "ipv4acd-timer", true);
221 }
222
223 static int ipv4acd_on_timeout(sd_event_source *s, uint64_t usec, void *userdata) {
224 sd_ipv4acd *acd = ASSERT_PTR(userdata);
225 int r = 0;
226
227 switch (acd->state) {
228
229 case IPV4ACD_STATE_STARTED:
230 acd->defend_window = 0;
231
232 log_ipv4acd(acd,
233 "Started on address " IPV4_ADDRESS_FMT_STR " with a max timeout of %s",
234 IPV4_ADDRESS_FMT_VAL(acd->address),
235 FORMAT_TIMESPAN(TOTAL_TIME_UNITS * acd->time_unit_usec, USEC_PER_MSEC));
236
237 ipv4acd_set_state(acd, IPV4ACD_STATE_WAITING_PROBE, true);
238
239 if (acd->n_conflict >= MAX_CONFLICTS) {
240 log_ipv4acd(acd, "Max conflicts reached, delaying by %s",
241 FORMAT_TIMESPAN(RATE_LIMIT_INTERVAL_USEC, 0));
242 r = ipv4acd_set_next_wakeup(
243 acd, RATE_LIMIT_INTERVAL_USEC, PROBE_WAIT * acd->time_unit_usec);
244 } else
245 r = ipv4acd_set_next_wakeup(acd, 0, PROBE_WAIT * acd->time_unit_usec);
246 if (r < 0)
247 goto fail;
248
249 break;
250
251 case IPV4ACD_STATE_WAITING_PROBE:
252 case IPV4ACD_STATE_PROBING:
253 /* Send a probe */
254 r = arp_send_probe(acd->fd, acd->ifindex, &acd->address, &acd->mac_addr);
255 if (r < 0) {
256 log_ipv4acd_errno(acd, r, "Failed to send ARP probe: %m");
257 goto fail;
258 }
259
260 log_ipv4acd(acd, "Probing "IPV4_ADDRESS_FMT_STR, IPV4_ADDRESS_FMT_VAL(acd->address));
261
262 if (acd->n_iteration < PROBE_NUM - 2) {
263 ipv4acd_set_state(acd, IPV4ACD_STATE_PROBING, false);
264
265 r = ipv4acd_set_next_wakeup(
266 acd,
267 PROBE_MIN * acd->time_unit_usec,
268 (PROBE_MAX - PROBE_MIN) * acd->time_unit_usec);
269 if (r < 0)
270 goto fail;
271 } else {
272 ipv4acd_set_state(acd, IPV4ACD_STATE_WAITING_ANNOUNCE, true);
273
274 r = ipv4acd_set_next_wakeup(acd, ANNOUNCE_WAIT * acd->time_unit_usec, 0);
275 if (r < 0)
276 goto fail;
277 }
278
279 break;
280
281 case IPV4ACD_STATE_ANNOUNCING:
282 if (acd->n_iteration >= ANNOUNCE_NUM - 1) {
283 ipv4acd_set_state(acd, IPV4ACD_STATE_RUNNING, false);
284 break;
285 }
286
287 _fallthrough_;
288 case IPV4ACD_STATE_WAITING_ANNOUNCE:
289 /* Send announcement packet */
290 r = arp_send_announcement(acd->fd, acd->ifindex, &acd->address, &acd->mac_addr);
291 if (r < 0) {
292 log_ipv4acd_errno(acd, r, "Failed to send ARP announcement: %m");
293 goto fail;
294 }
295
296 log_ipv4acd(acd, "Announcing "IPV4_ADDRESS_FMT_STR, IPV4_ADDRESS_FMT_VAL(acd->address));
297
298 ipv4acd_set_state(acd, IPV4ACD_STATE_ANNOUNCING, false);
299
300 r = ipv4acd_set_next_wakeup(acd, ANNOUNCE_INTERVAL_USEC, 0);
301 if (r < 0)
302 goto fail;
303
304 if (acd->n_iteration == 0) {
305 acd->n_conflict = 0;
306 ipv4acd_client_notify(acd, SD_IPV4ACD_EVENT_BIND);
307 }
308
309 break;
310
311 default:
312 assert_not_reached();
313 }
314
315 return 0;
316
317 fail:
318 sd_ipv4acd_stop(acd);
319 return 0;
320 }
321
322 static bool ipv4acd_arp_conflict(sd_ipv4acd *acd, const struct ether_arp *arp, bool announced) {
323 assert(acd);
324 assert(arp);
325
326 /* RFC 5227 section 2.1.1.
327 * "the host receives any ARP packet (Request *or* Reply) on the interface where the probe is
328 * being performed, where the packet's 'sender IP address' is the address being probed for,
329 * then the host MUST treat this address as being in use by some other host" */
330 if (memcmp(arp->arp_spa, &acd->address, sizeof(struct in_addr)) == 0)
331 return true;
332
333 if (announced)
334 /* the TPA matched instead of SPA, this is not a conflict */
335 return false;
336
337 /* "any ARP Probe where the packet's 'target IP address' is the address being probed for, and
338 * the packet's 'sender hardware address' is not the hardware address of any of the host's
339 * interfaces, then the host SHOULD similarly treat this as an address conflict" */
340 if (arp->ea_hdr.ar_op != htobe16(ARPOP_REQUEST))
341 return false; /* not ARP Request, ignoring. */
342 if (memeqzero(arp->arp_spa, sizeof(struct in_addr)) == 0)
343 return false; /* not ARP Probe, ignoring. */
344 if (memcmp(arp->arp_tpa, &acd->address, sizeof(struct in_addr)) != 0)
345 return false; /* target IP address does not match, BPF code is broken? */
346
347 if (acd->check_mac_callback &&
348 acd->check_mac_callback(acd, (const struct ether_addr*) arp->arp_sha, acd->check_mac_userdata) > 0)
349 /* sender hardware is one of the host's interfaces, ignoring. */
350 return false;
351
352 return true; /* conflict! */
353 }
354
355 static void ipv4acd_on_conflict(sd_ipv4acd *acd) {
356 assert(acd);
357
358 acd->n_conflict++;
359
360 log_ipv4acd(acd, "Conflict on "IPV4_ADDRESS_FMT_STR" (%u)", IPV4_ADDRESS_FMT_VAL(acd->address), acd->n_conflict);
361
362 ipv4acd_reset(acd);
363 ipv4acd_client_notify(acd, SD_IPV4ACD_EVENT_CONFLICT);
364 }
365
366 static int ipv4acd_on_packet(
367 sd_event_source *s,
368 int fd,
369 uint32_t revents,
370 void *userdata) {
371
372 sd_ipv4acd *acd = ASSERT_PTR(userdata);
373 struct ether_arp packet;
374 ssize_t n;
375 int r;
376
377 assert(s);
378 assert(fd >= 0);
379
380 n = recv(fd, &packet, sizeof(struct ether_arp), 0);
381 if (n < 0) {
382 if (ERRNO_IS_TRANSIENT(errno) || ERRNO_IS_DISCONNECT(errno))
383 return 0;
384
385 log_ipv4acd_errno(acd, errno, "Failed to read ARP packet: %m");
386 goto fail;
387 }
388 if ((size_t) n != sizeof(struct ether_arp)) {
389 log_ipv4acd(acd, "Ignoring too short ARP packet.");
390 return 0;
391 }
392
393 switch (acd->state) {
394
395 case IPV4ACD_STATE_ANNOUNCING:
396 case IPV4ACD_STATE_RUNNING:
397
398 if (ipv4acd_arp_conflict(acd, &packet, true)) {
399 usec_t ts;
400
401 assert_se(sd_event_now(acd->event, CLOCK_BOOTTIME, &ts) >= 0);
402
403 /* Defend address */
404 if (ts > acd->defend_window) {
405 acd->defend_window = ts + DEFEND_INTERVAL_USEC;
406 r = arp_send_announcement(acd->fd, acd->ifindex, &acd->address, &acd->mac_addr);
407 if (r < 0) {
408 log_ipv4acd_errno(acd, r, "Failed to send ARP announcement: %m");
409 goto fail;
410 }
411
412 log_ipv4acd(acd, "Defending "IPV4_ADDRESS_FMT_STR, IPV4_ADDRESS_FMT_VAL(acd->address));
413
414 } else
415 ipv4acd_on_conflict(acd);
416 }
417 break;
418
419 case IPV4ACD_STATE_STARTED:
420 case IPV4ACD_STATE_WAITING_PROBE:
421 case IPV4ACD_STATE_PROBING:
422 case IPV4ACD_STATE_WAITING_ANNOUNCE:
423 if (ipv4acd_arp_conflict(acd, &packet, false))
424 ipv4acd_on_conflict(acd);
425 break;
426
427 default:
428 assert_not_reached();
429 }
430
431 return 0;
432
433 fail:
434 sd_ipv4acd_stop(acd);
435 return 0;
436 }
437
438 int sd_ipv4acd_set_ifindex(sd_ipv4acd *acd, int ifindex) {
439 assert_return(acd, -EINVAL);
440 assert_return(ifindex > 0, -EINVAL);
441 assert_return(acd->state == IPV4ACD_STATE_INIT, -EBUSY);
442
443 acd->ifindex = ifindex;
444
445 return 0;
446 }
447
448 int sd_ipv4acd_get_ifindex(sd_ipv4acd *acd) {
449 if (!acd)
450 return -EINVAL;
451
452 return acd->ifindex;
453 }
454
455 int sd_ipv4acd_set_ifname(sd_ipv4acd *acd, const char *ifname) {
456 assert_return(acd, -EINVAL);
457 assert_return(ifname, -EINVAL);
458
459 if (!ifname_valid_full(ifname, IFNAME_VALID_ALTERNATIVE))
460 return -EINVAL;
461
462 return free_and_strdup(&acd->ifname, ifname);
463 }
464
465 int sd_ipv4acd_set_timeout(sd_ipv4acd *acd, uint64_t usec) {
466 assert_return(acd, -EINVAL);
467
468 if (usec == 0)
469 usec = DEFAULT_ACD_TIMEOUT_USEC;
470
471 /* Clamp the total duration to a value between 1ms and 1 minute */
472 acd->time_unit_usec = DIV_ROUND_UP(
473 CLAMP(usec, 1U * USEC_PER_MSEC, 1U * USEC_PER_MINUTE), TOTAL_TIME_UNITS);
474
475 return 0;
476 }
477
478 int sd_ipv4acd_get_ifname(sd_ipv4acd *acd, const char **ret) {
479 int r;
480
481 assert_return(acd, -EINVAL);
482
483 r = get_ifname(acd->ifindex, &acd->ifname);
484 if (r < 0)
485 return r;
486
487 if (ret)
488 *ret = acd->ifname;
489
490 return 0;
491 }
492
493 int sd_ipv4acd_set_mac(sd_ipv4acd *acd, const struct ether_addr *addr) {
494 int r;
495
496 assert_return(acd, -EINVAL);
497 assert_return(addr, -EINVAL);
498 assert_return(!ether_addr_is_null(addr), -EINVAL);
499
500 acd->mac_addr = *addr;
501
502 if (!sd_ipv4acd_is_running(acd))
503 return 0;
504
505 assert(acd->fd >= 0);
506 r = arp_update_filter(acd->fd, &acd->address, &acd->mac_addr);
507 if (r < 0) {
508 ipv4acd_reset(acd);
509 return r;
510 }
511
512 return 0;
513 }
514
515 int sd_ipv4acd_detach_event(sd_ipv4acd *acd) {
516 assert_return(acd, -EINVAL);
517
518 acd->event = sd_event_unref(acd->event);
519
520 return 0;
521 }
522
523 int sd_ipv4acd_attach_event(sd_ipv4acd *acd, sd_event *event, int64_t priority) {
524 int r;
525
526 assert_return(acd, -EINVAL);
527 assert_return(!acd->event, -EBUSY);
528
529 if (event)
530 acd->event = sd_event_ref(event);
531 else {
532 r = sd_event_default(&acd->event);
533 if (r < 0)
534 return r;
535 }
536
537 acd->event_priority = priority;
538
539 return 0;
540 }
541
542 int sd_ipv4acd_set_callback(sd_ipv4acd *acd, sd_ipv4acd_callback_t cb, void *userdata) {
543 assert_return(acd, -EINVAL);
544
545 acd->callback = cb;
546 acd->userdata = userdata;
547
548 return 0;
549 }
550
551 int sd_ipv4acd_set_check_mac_callback(sd_ipv4acd *acd, sd_ipv4acd_check_mac_callback_t cb, void *userdata) {
552 assert_return(acd, -EINVAL);
553
554 acd->check_mac_callback = cb;
555 acd->check_mac_userdata = userdata;
556 return 0;
557 }
558
559 int sd_ipv4acd_set_address(sd_ipv4acd *acd, const struct in_addr *address) {
560 int r;
561
562 assert_return(acd, -EINVAL);
563 assert_return(address, -EINVAL);
564 assert_return(in4_addr_is_set(address), -EINVAL);
565
566 if (in4_addr_equal(&acd->address, address))
567 return 0;
568
569 acd->address = *address;
570
571 if (!sd_ipv4acd_is_running(acd))
572 return 0;
573
574 assert(acd->fd >= 0);
575 r = arp_update_filter(acd->fd, &acd->address, &acd->mac_addr);
576 if (r < 0)
577 goto fail;
578
579 r = ipv4acd_set_next_wakeup(acd, 0, 0);
580 if (r < 0)
581 goto fail;
582
583 ipv4acd_set_state(acd, IPV4ACD_STATE_STARTED, true);
584 return 0;
585
586 fail:
587 ipv4acd_reset(acd);
588 return r;
589 }
590
591 int sd_ipv4acd_get_address(sd_ipv4acd *acd, struct in_addr *address) {
592 assert_return(acd, -EINVAL);
593 assert_return(address, -EINVAL);
594
595 *address = acd->address;
596
597 return 0;
598 }
599
600 int sd_ipv4acd_is_running(sd_ipv4acd *acd) {
601 if (!acd)
602 return false;
603
604 return acd->state != IPV4ACD_STATE_INIT;
605 }
606
607 int sd_ipv4acd_is_bound(sd_ipv4acd *acd) {
608 assert_return(acd, false);
609
610 return IN_SET(acd->state, IPV4ACD_STATE_ANNOUNCING, IPV4ACD_STATE_RUNNING);
611 }
612
613 int sd_ipv4acd_start(sd_ipv4acd *acd, bool reset_conflicts) {
614 int r;
615
616 assert_return(acd, -EINVAL);
617 assert_return(acd->event, -EINVAL);
618 assert_return(acd->ifindex > 0, -EINVAL);
619 assert_return(in4_addr_is_set(&acd->address), -EINVAL);
620 assert_return(!ether_addr_is_null(&acd->mac_addr), -EINVAL);
621 assert_return(acd->state == IPV4ACD_STATE_INIT, -EBUSY);
622
623 r = sd_event_get_state(acd->event);
624 if (r < 0)
625 return r;
626 if (r == SD_EVENT_FINISHED)
627 return -ESTALE;
628
629 r = arp_network_bind_raw_socket(acd->ifindex, &acd->address, &acd->mac_addr);
630 if (r < 0)
631 return r;
632
633 close_and_replace(acd->fd, r);
634
635 if (reset_conflicts)
636 acd->n_conflict = 0;
637
638 r = sd_event_add_io(acd->event, &acd->receive_message_event_source, acd->fd, EPOLLIN, ipv4acd_on_packet, acd);
639 if (r < 0)
640 goto fail;
641
642 r = sd_event_source_set_priority(acd->receive_message_event_source, acd->event_priority);
643 if (r < 0)
644 goto fail;
645
646 (void) sd_event_source_set_description(acd->receive_message_event_source, "ipv4acd-receive-message");
647
648 r = ipv4acd_set_next_wakeup(acd, 0, 0);
649 if (r < 0)
650 goto fail;
651
652 ipv4acd_set_state(acd, IPV4ACD_STATE_STARTED, true);
653 return 0;
654
655 fail:
656 ipv4acd_reset(acd);
657 return r;
658 }
Unnamed repository; edit this file 'description' to name the repository.