]>
Commit | Line | Data |
---|---|---|
ddc93db6 | 1 | /* |
becf027c TB |
2 | * Copyright (C) 2012-2018 Tobias Brunner |
3 | * HSR Hochschule fuer Technik Rapperswil | |
4 | * | |
ddc93db6 MW |
5 | * Copyright (C) 2010 Martin Willi |
6 | * Copyright (C) 2010 revosec AG | |
7 | * | |
8 | * This program is free software; you can redistribute it and/or modify it | |
9 | * under the terms of the GNU General Public License as published by the | |
10 | * Free Software Foundation; either version 2 of the License, or (at your | |
11 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
12 | * | |
13 | * This program is distributed in the hope that it will be useful, but | |
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
15 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
16 | * for more details. | |
17 | */ | |
18 | ||
19 | #include "dhcp_socket.h" | |
20 | ||
21 | #include <unistd.h> | |
22 | #include <errno.h> | |
23 | #include <string.h> | |
24 | #include <netinet/in.h> | |
25 | #include <netinet/ip.h> | |
26 | #include <netinet/udp.h> | |
27 | #include <linux/if_arp.h> | |
20ee54d0 MW |
28 | #include <linux/if_ether.h> |
29 | #include <linux/filter.h> | |
ddc93db6 | 30 | |
12642a68 | 31 | #include <collections/linked_list.h> |
ddc93db6 MW |
32 | #include <utils/identification.h> |
33 | #include <threading/mutex.h> | |
34 | #include <threading/condvar.h> | |
35 | #include <threading/thread.h> | |
36 | ||
37 | #include <daemon.h> | |
38 | #include <processing/jobs/callback_job.h> | |
39 | ||
40 | #define DHCP_SERVER_PORT 67 | |
41 | #define DHCP_CLIENT_PORT 68 | |
4f0932ec | 42 | #define DHCP_TRIES 5 |
ddc93db6 MW |
43 | |
44 | typedef struct private_dhcp_socket_t private_dhcp_socket_t; | |
45 | ||
46 | /** | |
47 | * Private data of an dhcp_socket_t object. | |
48 | */ | |
49 | struct private_dhcp_socket_t { | |
50 | ||
51 | /** | |
52 | * Public dhcp_socket_t interface. | |
53 | */ | |
54 | dhcp_socket_t public; | |
55 | ||
56 | /** | |
57 | * Random number generator | |
58 | */ | |
59 | rng_t *rng; | |
60 | ||
61 | /** | |
20ee54d0 | 62 | * List of transactions in DISCOVER |
ddc93db6 | 63 | */ |
20ee54d0 MW |
64 | linked_list_t *discover; |
65 | ||
66 | /** | |
67 | * List of transactions in REQUEST | |
68 | */ | |
69 | linked_list_t *request; | |
ddc93db6 MW |
70 | |
71 | /** | |
72 | * List of successfully completed transactions | |
73 | */ | |
74 | linked_list_t *completed; | |
75 | ||
76 | /** | |
77 | * Lock for transactions | |
78 | */ | |
79 | mutex_t *mutex; | |
80 | ||
81 | /** | |
82 | * Condvar to wait for transaction completion | |
83 | */ | |
84 | condvar_t *condvar; | |
85 | ||
86 | /** | |
87 | * Threads waiting in condvar | |
88 | */ | |
89 | int waiting; | |
90 | ||
91 | /** | |
20ee54d0 MW |
92 | * DHCP send socket |
93 | */ | |
94 | int send; | |
95 | ||
96 | /** | |
97 | * DHCP receive socket | |
ddc93db6 | 98 | */ |
20ee54d0 | 99 | int receive; |
ddc93db6 | 100 | |
e06a6154 MW |
101 | /** |
102 | * Do we use per-identity or random leases (and MAC addresses) | |
103 | */ | |
104 | bool identity_lease; | |
105 | ||
ddc93db6 MW |
106 | /** |
107 | * DHCP server address, or broadcast | |
108 | */ | |
109 | host_t *dst; | |
bc6ec4de TB |
110 | |
111 | /** | |
112 | * Force configured destination address | |
113 | */ | |
114 | bool force_dst; | |
ddc93db6 MW |
115 | }; |
116 | ||
4f0932ec MW |
117 | /** |
118 | * DHCP opcode (or BOOTP actually) | |
119 | */ | |
ddc93db6 MW |
120 | typedef enum { |
121 | BOOTREQUEST = 1, | |
122 | BOOTREPLY = 2, | |
123 | } dhcp_opcode_t; | |
124 | ||
4f0932ec MW |
125 | /** |
126 | * Some DHCP options used | |
127 | */ | |
ddc93db6 | 128 | typedef enum { |
913eb696 | 129 | DHCP_DNS_SERVER = 6, |
ddc93db6 | 130 | DHCP_HOST_NAME = 12, |
913eb696 | 131 | DHCP_NBNS_SERVER = 44, |
4f0932ec | 132 | DHCP_REQUESTED_IP = 50, |
ddc93db6 | 133 | DHCP_MESSAGE_TYPE = 53, |
4f0932ec | 134 | DHCP_SERVER_ID = 54, |
ddc93db6 | 135 | DHCP_PARAM_REQ_LIST = 55, |
12821bd6 | 136 | DHCP_CLIENT_ID = 61, |
20ee54d0 | 137 | DHCP_OPTEND = 255, |
ddc93db6 MW |
138 | } dhcp_option_type_t; |
139 | ||
4f0932ec MW |
140 | /** |
141 | * DHCP messages types in the DHCP_MESSAGE_TYPE option | |
142 | */ | |
ddc93db6 MW |
143 | typedef enum { |
144 | DHCP_DISCOVER = 1, | |
20ee54d0 MW |
145 | DHCP_OFFER = 2, |
146 | DHCP_REQUEST = 3, | |
147 | DHCP_DECLINE = 4, | |
148 | DHCP_ACK = 5, | |
149 | DHCP_NAK = 6, | |
150 | DHCP_RELEASE = 7, | |
151 | DHCP_INFORM = 8, | |
ddc93db6 | 152 | } dhcp_message_type_t; |
4f0932ec MW |
153 | /** |
154 | * DHCP option encoding, a TLV | |
155 | */ | |
ddc93db6 | 156 | typedef struct __attribute__((packed)) { |
b12c53ce AS |
157 | uint8_t type; |
158 | uint8_t len; | |
ddc93db6 MW |
159 | char data[]; |
160 | } dhcp_option_t; | |
161 | ||
4f0932ec | 162 | /** |
30e886fe | 163 | * DHCP message format, with a minimum size options buffer |
4f0932ec | 164 | */ |
ddc93db6 | 165 | typedef struct __attribute__((packed)) { |
b12c53ce AS |
166 | uint8_t opcode; |
167 | uint8_t hw_type; | |
168 | uint8_t hw_addr_len; | |
169 | uint8_t hop_count; | |
170 | uint32_t transaction_id; | |
171 | uint16_t number_of_seconds; | |
172 | uint16_t flags; | |
173 | uint32_t client_address; | |
174 | uint32_t your_address; | |
175 | uint32_t server_address; | |
176 | uint32_t gateway_address; | |
ddc93db6 MW |
177 | char client_hw_addr[6]; |
178 | char client_hw_padding[10]; | |
179 | char server_hostname[64]; | |
180 | char boot_filename[128]; | |
b12c53ce | 181 | uint32_t magic_cookie; |
30e886fe | 182 | u_char options[308]; |
ddc93db6 MW |
183 | } dhcp_t; |
184 | ||
becf027c TB |
185 | /** |
186 | * Check if the given address equals the broadcast address | |
187 | */ | |
188 | static inline bool is_broadcast(host_t *host) | |
189 | { | |
190 | chunk_t broadcast = chunk_from_chars(0xFF,0xFF,0xFF,0xFF); | |
191 | ||
192 | return chunk_equals(broadcast, host->get_address(host)); | |
193 | } | |
194 | ||
ddc93db6 | 195 | /** |
20ee54d0 | 196 | * Prepare a DHCP message for a given transaction |
ddc93db6 | 197 | */ |
20ee54d0 | 198 | static int prepare_dhcp(private_dhcp_socket_t *this, |
4f0932ec MW |
199 | dhcp_transaction_t *transaction, |
200 | dhcp_message_type_t type, dhcp_t *dhcp) | |
ddc93db6 | 201 | { |
becf027c | 202 | chunk_t chunk; |
ddc93db6 MW |
203 | identification_t *identity; |
204 | dhcp_option_t *option; | |
0e5b94d0 | 205 | int optlen = 0, remaining; |
ddc93db6 | 206 | host_t *src; |
b12c53ce | 207 | uint32_t id; |
ddc93db6 | 208 | |
20ee54d0 MW |
209 | memset(dhcp, 0, sizeof(*dhcp)); |
210 | dhcp->opcode = BOOTREQUEST; | |
211 | dhcp->hw_type = ARPHRD_ETHER; | |
212 | dhcp->hw_addr_len = 6; | |
213 | dhcp->transaction_id = transaction->get_id(transaction); | |
becf027c | 214 | if (is_broadcast(this->dst)) |
ddc93db6 | 215 | { |
2b3c87b4 MW |
216 | /* Set broadcast flag to get broadcasted replies, as we actually |
217 | * do not own the MAC we request an address for. */ | |
218 | dhcp->flags = htons(0x8000); | |
ddc93db6 MW |
219 | /* TODO: send with 0.0.0.0 source address */ |
220 | } | |
221 | else | |
222 | { | |
223 | /* act as relay agent */ | |
8394ea2a | 224 | src = charon->kernel->get_source_addr(charon->kernel, this->dst, NULL); |
ddc93db6 MW |
225 | if (src) |
226 | { | |
20ee54d0 MW |
227 | memcpy(&dhcp->gateway_address, src->get_address(src).ptr, |
228 | sizeof(dhcp->gateway_address)); | |
ddc93db6 MW |
229 | src->destroy(src); |
230 | } | |
231 | } | |
232 | ||
233 | identity = transaction->get_identity(transaction); | |
20ee54d0 | 234 | chunk = identity->get_encoding(identity); |
ddc93db6 | 235 | /* magic bytes, a locally administered unicast MAC */ |
20ee54d0 MW |
236 | dhcp->client_hw_addr[0] = 0x7A; |
237 | dhcp->client_hw_addr[1] = 0xA7; | |
ddc93db6 | 238 | /* with ID specific postfix */ |
e06a6154 MW |
239 | if (this->identity_lease) |
240 | { | |
50daffb7 | 241 | id = htonl(chunk_hash_static(chunk)); |
e06a6154 MW |
242 | } |
243 | else | |
244 | { | |
245 | id = transaction->get_id(transaction); | |
246 | } | |
247 | memcpy(&dhcp->client_hw_addr[2], &id, sizeof(id)); | |
ddc93db6 | 248 | |
20ee54d0 | 249 | dhcp->magic_cookie = htonl(0x63825363); |
ddc93db6 | 250 | |
20ee54d0 | 251 | option = (dhcp_option_t*)&dhcp->options[optlen]; |
ddc93db6 MW |
252 | option->type = DHCP_MESSAGE_TYPE; |
253 | option->len = 1; | |
4f0932ec | 254 | option->data[0] = type; |
ddc93db6 MW |
255 | optlen += sizeof(dhcp_option_t) + option->len; |
256 | ||
0e5b94d0 TB |
257 | /* the REQUEST message has the most static overhead in the 'options' field |
258 | * with 17 bytes */ | |
259 | remaining = sizeof(dhcp->options) - optlen - 17; | |
260 | ||
12821bd6 AS |
261 | if (identity->get_type(identity) == ID_FQDN) |
262 | { | |
263 | option = (dhcp_option_t*)&dhcp->options[optlen]; | |
264 | option->type = DHCP_HOST_NAME; | |
0e5b94d0 | 265 | option->len = min(min(chunk.len, remaining-sizeof(dhcp_option_t)), 255); |
12821bd6 AS |
266 | memcpy(option->data, chunk.ptr, option->len); |
267 | optlen += sizeof(dhcp_option_t) + option->len; | |
0e5b94d0 | 268 | remaining -= sizeof(dhcp_option_t) + option->len; |
12821bd6 AS |
269 | } |
270 | ||
7b660944 TB |
271 | if (this->identity_lease && |
272 | remaining >= sizeof(dhcp_option_t) + 2) | |
0e5b94d0 TB |
273 | { |
274 | option = (dhcp_option_t*)&dhcp->options[optlen]; | |
275 | option->type = DHCP_CLIENT_ID; | |
276 | option->len = min(min(chunk.len, remaining-sizeof(dhcp_option_t)), 255); | |
277 | memcpy(option->data, chunk.ptr, option->len); | |
278 | optlen += sizeof(dhcp_option_t) + option->len; | |
279 | } | |
20ee54d0 MW |
280 | return optlen; |
281 | } | |
282 | ||
4f0932ec MW |
283 | /** |
284 | * Send a DHCP message with given options length | |
285 | */ | |
286 | static bool send_dhcp(private_dhcp_socket_t *this, | |
287 | dhcp_transaction_t *transaction, dhcp_t *dhcp, int optlen) | |
288 | { | |
289 | host_t *dst; | |
290 | ssize_t len; | |
291 | ||
292 | dst = transaction->get_server(transaction); | |
bc6ec4de | 293 | if (!dst || this->force_dst) |
4f0932ec MW |
294 | { |
295 | dst = this->dst; | |
296 | } | |
30e886fe | 297 | len = offsetof(dhcp_t, magic_cookie) + optlen + 4; |
4f0932ec MW |
298 | return sendto(this->send, dhcp, len, 0, dst->get_sockaddr(dst), |
299 | *dst->get_sockaddr_len(dst)) == len; | |
300 | } | |
301 | ||
20ee54d0 MW |
302 | /** |
303 | * Send DHCP discover using a given transaction | |
304 | */ | |
305 | static bool discover(private_dhcp_socket_t *this, | |
306 | dhcp_transaction_t *transaction) | |
307 | { | |
913eb696 | 308 | dhcp_option_t *option; |
20ee54d0 | 309 | dhcp_t dhcp; |
20ee54d0 MW |
310 | int optlen; |
311 | ||
4f0932ec | 312 | optlen = prepare_dhcp(this, transaction, DHCP_DISCOVER, &dhcp); |
20ee54d0 MW |
313 | |
314 | DBG1(DBG_CFG, "sending DHCP DISCOVER to %H", this->dst); | |
315 | ||
913eb696 MW |
316 | option = (dhcp_option_t*)&dhcp.options[optlen]; |
317 | option->type = DHCP_PARAM_REQ_LIST; | |
318 | option->len = 2; | |
319 | option->data[0] = DHCP_DNS_SERVER; | |
320 | option->data[1] = DHCP_NBNS_SERVER; | |
321 | optlen += sizeof(dhcp_option_t) + option->len; | |
322 | ||
20ee54d0 | 323 | dhcp.options[optlen++] = DHCP_OPTEND; |
ddc93db6 | 324 | |
4f0932ec | 325 | if (!send_dhcp(this, transaction, &dhcp, optlen)) |
ddc93db6 MW |
326 | { |
327 | DBG1(DBG_CFG, "sending DHCP DISCOVER failed: %s", strerror(errno)); | |
20ee54d0 | 328 | return FALSE; |
ddc93db6 | 329 | } |
20ee54d0 MW |
330 | return TRUE; |
331 | } | |
332 | ||
333 | /** | |
334 | * Send DHCP request using a given transaction | |
335 | */ | |
336 | static bool request(private_dhcp_socket_t *this, | |
4f0932ec | 337 | dhcp_transaction_t *transaction) |
20ee54d0 | 338 | { |
4f0932ec MW |
339 | dhcp_option_t *option; |
340 | dhcp_t dhcp; | |
341 | host_t *offer, *server; | |
342 | chunk_t chunk; | |
343 | int optlen; | |
344 | ||
345 | optlen = prepare_dhcp(this, transaction, DHCP_REQUEST, &dhcp); | |
346 | ||
347 | offer = transaction->get_address(transaction); | |
348 | server = transaction->get_server(transaction); | |
349 | if (!offer || !server) | |
350 | { | |
351 | return FALSE; | |
352 | } | |
353 | DBG1(DBG_CFG, "sending DHCP REQUEST for %H to %H", offer, server); | |
354 | ||
355 | option = (dhcp_option_t*)&dhcp.options[optlen]; | |
356 | option->type = DHCP_REQUESTED_IP; | |
357 | option->len = 4; | |
358 | chunk = offer->get_address(offer); | |
359 | memcpy(option->data, chunk.ptr, min(chunk.len, option->len)); | |
360 | optlen += sizeof(dhcp_option_t) + option->len; | |
361 | ||
362 | option = (dhcp_option_t*)&dhcp.options[optlen]; | |
363 | option->type = DHCP_SERVER_ID; | |
364 | option->len = 4; | |
365 | chunk = server->get_address(server); | |
366 | memcpy(option->data, chunk.ptr, min(chunk.len, option->len)); | |
367 | optlen += sizeof(dhcp_option_t) + option->len; | |
368 | ||
913eb696 MW |
369 | option = (dhcp_option_t*)&dhcp.options[optlen]; |
370 | option->type = DHCP_PARAM_REQ_LIST; | |
371 | option->len = 2; | |
372 | option->data[0] = DHCP_DNS_SERVER; | |
373 | option->data[1] = DHCP_NBNS_SERVER; | |
374 | optlen += sizeof(dhcp_option_t) + option->len; | |
375 | ||
4f0932ec MW |
376 | dhcp.options[optlen++] = DHCP_OPTEND; |
377 | ||
378 | if (!send_dhcp(this, transaction, &dhcp, optlen)) | |
379 | { | |
380 | DBG1(DBG_CFG, "sending DHCP REQUEST failed: %s", strerror(errno)); | |
381 | return FALSE; | |
382 | } | |
383 | return TRUE; | |
ddc93db6 MW |
384 | } |
385 | ||
386 | METHOD(dhcp_socket_t, enroll, dhcp_transaction_t*, | |
387 | private_dhcp_socket_t *this, identification_t *identity) | |
388 | { | |
389 | dhcp_transaction_t *transaction; | |
b12c53ce | 390 | uint32_t id; |
4f0932ec | 391 | int try; |
ddc93db6 | 392 | |
b12c53ce | 393 | if (!this->rng->get_bytes(this->rng, sizeof(id), (uint8_t*)&id)) |
7ae26710 TB |
394 | { |
395 | DBG1(DBG_CFG, "DHCP DISCOVER failed, no transaction ID"); | |
396 | return NULL; | |
397 | } | |
ddc93db6 | 398 | transaction = dhcp_transaction_create(id, identity); |
ddc93db6 | 399 | |
20ee54d0 MW |
400 | this->mutex->lock(this->mutex); |
401 | this->discover->insert_last(this->discover, transaction); | |
4f0932ec MW |
402 | try = 1; |
403 | while (try <= DHCP_TRIES && discover(this, transaction)) | |
20ee54d0 | 404 | { |
4f0932ec | 405 | if (!this->condvar->timed_wait(this->condvar, this->mutex, 1000 * try) && |
2e4d110d | 406 | this->request->find_first(this->request, NULL, (void**)&transaction)) |
20ee54d0 MW |
407 | { |
408 | break; | |
409 | } | |
4f0932ec | 410 | try++; |
20ee54d0 MW |
411 | } |
412 | if (this->discover->remove(this->discover, transaction, NULL)) | |
413 | { /* no OFFER received */ | |
414 | this->mutex->unlock(this->mutex); | |
415 | transaction->destroy(transaction); | |
500a6d38 | 416 | DBG1(DBG_CFG, "DHCP DISCOVER timed out"); |
20ee54d0 MW |
417 | return NULL; |
418 | } | |
419 | ||
4f0932ec MW |
420 | try = 1; |
421 | while (try <= DHCP_TRIES && request(this, transaction)) | |
20ee54d0 | 422 | { |
4f0932ec MW |
423 | if (!this->condvar->timed_wait(this->condvar, this->mutex, 1000 * try) && |
424 | this->completed->remove(this->completed, transaction, NULL)) | |
20ee54d0 MW |
425 | { |
426 | break; | |
427 | } | |
4f0932ec | 428 | try++; |
20ee54d0 MW |
429 | } |
430 | if (this->request->remove(this->request, transaction, NULL)) | |
431 | { /* no ACK received */ | |
432 | this->mutex->unlock(this->mutex); | |
433 | transaction->destroy(transaction); | |
19d49af5 | 434 | DBG1(DBG_CFG, "DHCP REQUEST timed out"); |
20ee54d0 MW |
435 | return NULL; |
436 | } | |
437 | this->mutex->unlock(this->mutex); | |
438 | ||
4f0932ec | 439 | return transaction; |
ddc93db6 MW |
440 | } |
441 | ||
913eb696 MW |
442 | METHOD(dhcp_socket_t, release, void, |
443 | private_dhcp_socket_t *this, dhcp_transaction_t *transaction) | |
444 | { | |
445 | dhcp_option_t *option; | |
446 | dhcp_t dhcp; | |
447 | host_t *release, *server; | |
448 | chunk_t chunk; | |
449 | int optlen; | |
450 | ||
451 | optlen = prepare_dhcp(this, transaction, DHCP_RELEASE, &dhcp); | |
452 | ||
453 | release = transaction->get_address(transaction); | |
454 | server = transaction->get_server(transaction); | |
455 | if (!release || !server) | |
456 | { | |
457 | return; | |
458 | } | |
459 | DBG1(DBG_CFG, "sending DHCP RELEASE for %H to %H", release, server); | |
460 | ||
461 | chunk = release->get_address(release); | |
e433d512 | 462 | memcpy((char*)&dhcp.client_address, chunk.ptr, |
913eb696 MW |
463 | min(chunk.len, sizeof(dhcp.client_address))); |
464 | ||
465 | option = (dhcp_option_t*)&dhcp.options[optlen]; | |
466 | option->type = DHCP_SERVER_ID; | |
467 | option->len = 4; | |
468 | chunk = server->get_address(server); | |
469 | memcpy(option->data, chunk.ptr, min(chunk.len, option->len)); | |
470 | optlen += sizeof(dhcp_option_t) + option->len; | |
471 | ||
472 | dhcp.options[optlen++] = DHCP_OPTEND; | |
473 | ||
474 | if (!send_dhcp(this, transaction, &dhcp, optlen)) | |
475 | { | |
476 | DBG1(DBG_CFG, "sending DHCP RELEASE failed: %s", strerror(errno)); | |
477 | } | |
478 | } | |
479 | ||
20ee54d0 | 480 | /** |
4f0932ec | 481 | * Handle a DHCP OFFER |
20ee54d0 MW |
482 | */ |
483 | static void handle_offer(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen) | |
484 | { | |
b262429e | 485 | dhcp_transaction_t *transaction = NULL; |
20ee54d0 | 486 | enumerator_t *enumerator; |
9bac426b | 487 | host_t *offer, *server = NULL; |
20ee54d0 MW |
488 | |
489 | offer = host_create_from_chunk(AF_INET, | |
4f0932ec | 490 | chunk_from_thing(dhcp->your_address), 0); |
20ee54d0 MW |
491 | |
492 | this->mutex->lock(this->mutex); | |
493 | enumerator = this->discover->create_enumerator(this->discover); | |
494 | while (enumerator->enumerate(enumerator, &transaction)) | |
495 | { | |
496 | if (transaction->get_id(transaction) == dhcp->transaction_id) | |
497 | { | |
498 | this->discover->remove_at(this->discover, enumerator); | |
499 | this->request->insert_last(this->request, transaction); | |
4f0932ec MW |
500 | break; |
501 | } | |
502 | } | |
503 | enumerator->destroy(enumerator); | |
b262429e MW |
504 | |
505 | if (transaction) | |
506 | { | |
507 | int optsize, optpos = 0, pos; | |
508 | dhcp_option_t *option; | |
509 | ||
510 | while (optlen > sizeof(dhcp_option_t)) | |
511 | { | |
512 | option = (dhcp_option_t*)&dhcp->options[optpos]; | |
513 | optsize = sizeof(dhcp_option_t) + option->len; | |
514 | if (option->type == DHCP_OPTEND || optlen < optsize) | |
515 | { | |
516 | break; | |
517 | } | |
518 | if (option->type == DHCP_DNS_SERVER || | |
519 | option->type == DHCP_NBNS_SERVER) | |
520 | { | |
521 | for (pos = 0; pos + 4 <= option->len; pos += 4) | |
522 | { | |
523 | transaction->add_attribute(transaction, option->type == | |
524 | DHCP_DNS_SERVER ? INTERNAL_IP4_DNS : INTERNAL_IP4_NBNS, | |
525 | chunk_create((char*)&option->data[pos], 4)); | |
526 | } | |
527 | } | |
9bac426b | 528 | if (!server && option->type == DHCP_SERVER_ID && option->len == 4) |
e3bde0ef MW |
529 | { |
530 | server = host_create_from_chunk(AF_INET, | |
531 | chunk_create(option->data, 4), DHCP_SERVER_PORT); | |
532 | } | |
b262429e MW |
533 | optlen -= optsize; |
534 | optpos += optsize; | |
535 | } | |
e3bde0ef MW |
536 | if (!server) |
537 | { | |
538 | server = host_create_from_chunk(AF_INET, | |
539 | chunk_from_thing(dhcp->server_address), DHCP_SERVER_PORT); | |
540 | } | |
541 | DBG1(DBG_CFG, "received DHCP OFFER %H from %H", offer, server); | |
542 | transaction->set_address(transaction, offer->clone(offer)); | |
9bac426b | 543 | transaction->set_server(transaction, server); |
b262429e | 544 | } |
4f0932ec MW |
545 | this->mutex->unlock(this->mutex); |
546 | this->condvar->broadcast(this->condvar); | |
547 | offer->destroy(offer); | |
4f0932ec MW |
548 | } |
549 | ||
550 | /** | |
551 | * Handle a DHCP ACK | |
552 | */ | |
553 | static void handle_ack(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen) | |
554 | { | |
555 | dhcp_transaction_t *transaction; | |
556 | enumerator_t *enumerator; | |
557 | host_t *offer; | |
558 | ||
559 | offer = host_create_from_chunk(AF_INET, | |
560 | chunk_from_thing(dhcp->your_address), 0); | |
4f0932ec MW |
561 | |
562 | this->mutex->lock(this->mutex); | |
563 | enumerator = this->request->create_enumerator(this->request); | |
564 | while (enumerator->enumerate(enumerator, &transaction)) | |
565 | { | |
566 | if (transaction->get_id(transaction) == dhcp->transaction_id) | |
567 | { | |
f0212e88 | 568 | DBG1(DBG_CFG, "received DHCP ACK for %H", offer); |
4f0932ec MW |
569 | this->request->remove_at(this->request, enumerator); |
570 | this->completed->insert_last(this->completed, transaction); | |
20ee54d0 MW |
571 | break; |
572 | } | |
573 | } | |
574 | enumerator->destroy(enumerator); | |
575 | this->mutex->unlock(this->mutex); | |
576 | this->condvar->broadcast(this->condvar); | |
577 | offer->destroy(offer); | |
578 | } | |
579 | ||
580 | /** | |
581 | * Receive DHCP responses | |
582 | */ | |
c0db5d38 MW |
583 | static bool receive_dhcp(private_dhcp_socket_t *this, int fd, |
584 | watcher_event_t event) | |
20ee54d0 MW |
585 | { |
586 | struct sockaddr_ll addr; | |
587 | socklen_t addr_len = sizeof(addr); | |
588 | struct __attribute__((packed)) { | |
589 | struct iphdr ip; | |
590 | struct udphdr udp; | |
591 | dhcp_t dhcp; | |
592 | } packet; | |
c0db5d38 | 593 | int optlen, origoptlen, optsize, optpos = 0; |
20ee54d0 MW |
594 | ssize_t len; |
595 | dhcp_option_t *option; | |
596 | ||
c0db5d38 | 597 | len = recvfrom(fd, &packet, sizeof(packet), MSG_DONTWAIT, |
20ee54d0 | 598 | (struct sockaddr*)&addr, &addr_len); |
20ee54d0 MW |
599 | |
600 | if (len >= sizeof(struct iphdr) + sizeof(struct udphdr) + | |
601 | offsetof(dhcp_t, options)) | |
602 | { | |
603 | origoptlen = optlen = len - sizeof(struct iphdr) + | |
604 | sizeof(struct udphdr) + offsetof(dhcp_t, options); | |
605 | while (optlen > sizeof(dhcp_option_t)) | |
606 | { | |
607 | option = (dhcp_option_t*)&packet.dhcp.options[optpos]; | |
608 | optsize = sizeof(dhcp_option_t) + option->len; | |
609 | if (option->type == DHCP_OPTEND || optlen < optsize) | |
610 | { | |
611 | break; | |
612 | } | |
613 | if (option->type == DHCP_MESSAGE_TYPE && option->len == 1) | |
614 | { | |
615 | switch (option->data[0]) | |
616 | { | |
617 | case DHCP_OFFER: | |
618 | handle_offer(this, &packet.dhcp, origoptlen); | |
619 | break; | |
4f0932ec MW |
620 | case DHCP_ACK: |
621 | handle_ack(this, &packet.dhcp, origoptlen); | |
20ee54d0 MW |
622 | default: |
623 | break; | |
624 | } | |
625 | break; | |
626 | } | |
627 | optlen -= optsize; | |
628 | optpos += optsize; | |
629 | } | |
630 | } | |
c0db5d38 | 631 | return TRUE; |
20ee54d0 MW |
632 | } |
633 | ||
ddc93db6 MW |
634 | METHOD(dhcp_socket_t, destroy, void, |
635 | private_dhcp_socket_t *this) | |
636 | { | |
ddc93db6 MW |
637 | while (this->waiting) |
638 | { | |
639 | this->condvar->signal(this->condvar); | |
640 | } | |
20ee54d0 MW |
641 | if (this->send > 0) |
642 | { | |
643 | close(this->send); | |
644 | } | |
645 | if (this->receive > 0) | |
ddc93db6 | 646 | { |
c0db5d38 | 647 | lib->watcher->remove(lib->watcher, this->receive); |
20ee54d0 | 648 | close(this->receive); |
ddc93db6 MW |
649 | } |
650 | this->mutex->destroy(this->mutex); | |
651 | this->condvar->destroy(this->condvar); | |
20ee54d0 MW |
652 | this->discover->destroy_offset(this->discover, |
653 | offsetof(dhcp_transaction_t, destroy)); | |
654 | this->request->destroy_offset(this->request, | |
655 | offsetof(dhcp_transaction_t, destroy)); | |
656 | this->completed->destroy_offset(this->completed, | |
657 | offsetof(dhcp_transaction_t, destroy)); | |
ddc93db6 MW |
658 | DESTROY_IF(this->rng); |
659 | DESTROY_IF(this->dst); | |
660 | free(this); | |
661 | } | |
662 | ||
3711f66e TE |
663 | /** |
664 | * Bind a socket to a particular interface name | |
665 | */ | |
666 | static bool bind_to_device(int fd, char *iface) | |
667 | { | |
668 | struct ifreq ifreq; | |
669 | ||
670 | if (strlen(iface) > sizeof(ifreq.ifr_name)) | |
671 | { | |
672 | DBG1(DBG_CFG, "name for DHCP interface too long: '%s'", iface); | |
673 | return FALSE; | |
674 | } | |
675 | memcpy(ifreq.ifr_name, iface, sizeof(ifreq.ifr_name)); | |
676 | if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, &ifreq, sizeof(ifreq))) | |
677 | { | |
678 | DBG1(DBG_CFG, "binding DHCP socket to '%s' failed: %s", | |
679 | iface, strerror(errno)); | |
680 | return FALSE; | |
681 | } | |
682 | return TRUE; | |
683 | } | |
684 | ||
ddc93db6 MW |
685 | /** |
686 | * See header | |
687 | */ | |
688 | dhcp_socket_t *dhcp_socket_create() | |
689 | { | |
690 | private_dhcp_socket_t *this; | |
9d5b688a TB |
691 | struct sockaddr_in src = { |
692 | .sin_family = AF_INET, | |
693 | .sin_port = htons(DHCP_CLIENT_PORT), | |
694 | .sin_addr = { | |
695 | .s_addr = INADDR_ANY, | |
696 | }, | |
697 | }; | |
3711f66e | 698 | char *iface; |
13edecdc | 699 | int on = 1, rcvbuf = 0; |
20ee54d0 MW |
700 | struct sock_filter dhcp_filter_code[] = { |
701 | BPF_STMT(BPF_LD+BPF_B+BPF_ABS, | |
702 | offsetof(struct iphdr, protocol)), | |
f0212e88 | 703 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, IPPROTO_UDP, 0, 16), |
20ee54d0 MW |
704 | BPF_STMT(BPF_LD+BPF_H+BPF_ABS, sizeof(struct iphdr) + |
705 | offsetof(struct udphdr, source)), | |
f0212e88 | 706 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_SERVER_PORT, 0, 14), |
20ee54d0 MW |
707 | BPF_STMT(BPF_LD+BPF_H+BPF_ABS, sizeof(struct iphdr) + |
708 | offsetof(struct udphdr, dest)), | |
e8b5c7b9 TB |
709 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_CLIENT_PORT, 2, 0), |
710 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_SERVER_PORT, 1, 0), | |
711 | BPF_JUMP(BPF_JMP+BPF_JA, 10, 0, 0), | |
20ee54d0 MW |
712 | BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) + |
713 | sizeof(struct udphdr) + offsetof(dhcp_t, opcode)), | |
714 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, BOOTREPLY, 0, 8), | |
715 | BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) + | |
716 | sizeof(struct udphdr) + offsetof(dhcp_t, hw_type)), | |
717 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARPHRD_ETHER, 0, 6), | |
718 | BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) + | |
719 | sizeof(struct udphdr) + offsetof(dhcp_t, hw_addr_len)), | |
720 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 6, 0, 4), | |
721 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, sizeof(struct iphdr) + | |
722 | sizeof(struct udphdr) + offsetof(dhcp_t, magic_cookie)), | |
723 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0x63825363, 0, 2), | |
724 | BPF_STMT(BPF_LD+BPF_W+BPF_LEN, 0), | |
725 | BPF_STMT(BPF_RET+BPF_A, 0), | |
726 | BPF_STMT(BPF_RET+BPF_K, 0), | |
727 | }; | |
728 | struct sock_fprog dhcp_filter = { | |
729 | sizeof(dhcp_filter_code) / sizeof(struct sock_filter), | |
730 | dhcp_filter_code, | |
731 | }; | |
ddc93db6 MW |
732 | |
733 | INIT(this, | |
734 | .public = { | |
735 | .enroll = _enroll, | |
913eb696 | 736 | .release = _release, |
ddc93db6 MW |
737 | .destroy = _destroy, |
738 | }, | |
739 | .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK), | |
740 | .mutex = mutex_create(MUTEX_TYPE_DEFAULT), | |
741 | .condvar = condvar_create(CONDVAR_TYPE_DEFAULT), | |
20ee54d0 MW |
742 | .discover = linked_list_create(), |
743 | .request = linked_list_create(), | |
ddc93db6 MW |
744 | .completed = linked_list_create(), |
745 | ); | |
746 | ||
747 | if (!this->rng) | |
748 | { | |
749 | DBG1(DBG_CFG, "unable to create RNG"); | |
750 | destroy(this); | |
751 | return NULL; | |
752 | } | |
e06a6154 | 753 | this->identity_lease = lib->settings->get_bool(lib->settings, |
42500c27 | 754 | "%s.plugins.dhcp.identity_lease", FALSE, |
d223fe80 | 755 | lib->ns); |
bc6ec4de TB |
756 | this->force_dst = lib->settings->get_str(lib->settings, |
757 | "%s.plugins.dhcp.force_server_address", FALSE, | |
d223fe80 | 758 | lib->ns); |
ddc93db6 | 759 | this->dst = host_create_from_string(lib->settings->get_str(lib->settings, |
42500c27 | 760 | "%s.plugins.dhcp.server", "255.255.255.255", |
d223fe80 | 761 | lib->ns), DHCP_SERVER_PORT); |
3711f66e | 762 | iface = lib->settings->get_str(lib->settings, "%s.plugins.dhcp.interface", |
d223fe80 | 763 | NULL, lib->ns); |
ddc93db6 MW |
764 | if (!this->dst) |
765 | { | |
766 | DBG1(DBG_CFG, "configured DHCP server address invalid"); | |
767 | destroy(this); | |
768 | return NULL; | |
769 | } | |
770 | ||
20ee54d0 MW |
771 | this->send = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); |
772 | if (this->send == -1) | |
ddc93db6 MW |
773 | { |
774 | DBG1(DBG_CFG, "unable to create DHCP send socket: %s", strerror(errno)); | |
775 | destroy(this); | |
776 | return NULL; | |
777 | } | |
20ee54d0 | 778 | if (setsockopt(this->send, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1) |
ddc93db6 MW |
779 | { |
780 | DBG1(DBG_CFG, "unable to reuse DHCP socket address: %s", strerror(errno)); | |
781 | destroy(this); | |
782 | return NULL; | |
783 | } | |
20ee54d0 | 784 | if (setsockopt(this->send, SOL_SOCKET, SO_BROADCAST, &on, sizeof(on)) == -1) |
ddc93db6 MW |
785 | { |
786 | DBG1(DBG_CFG, "unable to broadcast on DHCP socket: %s", strerror(errno)); | |
787 | destroy(this); | |
788 | return NULL; | |
789 | } | |
13edecdc TB |
790 | /* we won't read any data from this socket, so reduce the buffer to save |
791 | * some memory (there is some minimum, still try 0, though). | |
792 | * note that we might steal some packets from other processes if e.g. a DHCP | |
793 | * client (or server) is running on the same host, but by reducing the | |
794 | * buffer size the impact should be minimized */ | |
795 | if (setsockopt(this->send, SOL_SOCKET, SO_RCVBUF, &rcvbuf, | |
796 | sizeof(rcvbuf)) == -1) | |
797 | { | |
798 | DBG1(DBG_CFG, "unable to reduce receive buffer on DHCP send socket: %s", | |
799 | strerror(errno)); | |
800 | destroy(this); | |
801 | return NULL; | |
802 | } | |
707b7072 TB |
803 | if (!is_broadcast(this->dst) && |
804 | lib->settings->get_bool(lib->settings, | |
805 | "%s.plugins.dhcp.use_server_port", FALSE, | |
806 | lib->ns)) | |
becf027c TB |
807 | { |
808 | /* when setting giaddr (which we do when we don't broadcast), the server | |
809 | * should respond to the server port on that IP, according to RFC 2131, | |
810 | * section 4.1. while we do receive such messages via raw socket, the | |
811 | * kernel will respond with an ICMP port unreachable if there is no | |
812 | * socket bound to that port, which might be problematic with certain | |
813 | * DHCP servers. instead of opening an additional socket, that we don't | |
707b7072 TB |
814 | * actually use, we can also just send our requests from port 67. |
815 | * we don't do this by default, as it might cause conflicts with DHCP | |
816 | * servers running on the same host */ | |
becf027c TB |
817 | src.sin_port = htons(DHCP_SERVER_PORT); |
818 | } | |
20ee54d0 | 819 | if (bind(this->send, (struct sockaddr*)&src, sizeof(src)) == -1) |
ddc93db6 MW |
820 | { |
821 | DBG1(DBG_CFG, "unable to bind DHCP send socket: %s", strerror(errno)); | |
822 | destroy(this); | |
823 | return NULL; | |
824 | } | |
825 | ||
20ee54d0 MW |
826 | this->receive = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_IP)); |
827 | if (this->receive == -1) | |
828 | { | |
829 | DBG1(DBG_NET, "opening DHCP receive socket failed: %s", strerror(errno)); | |
830 | destroy(this); | |
831 | return NULL; | |
832 | } | |
833 | if (setsockopt(this->receive, SOL_SOCKET, SO_ATTACH_FILTER, | |
834 | &dhcp_filter, sizeof(dhcp_filter)) < 0) | |
835 | { | |
836 | DBG1(DBG_CFG, "installing DHCP socket filter failed: %s", | |
837 | strerror(errno)); | |
838 | destroy(this); | |
839 | return NULL; | |
840 | } | |
3711f66e TE |
841 | if (iface) |
842 | { | |
843 | if (!bind_to_device(this->send, iface) || | |
844 | !bind_to_device(this->receive, iface)) | |
845 | { | |
846 | destroy(this); | |
847 | return NULL; | |
848 | } | |
849 | } | |
20ee54d0 | 850 | |
c0db5d38 MW |
851 | lib->watcher->add(lib->watcher, this->receive, WATCHER_READ, |
852 | (watcher_cb_t)receive_dhcp, this); | |
20ee54d0 | 853 | |
ddc93db6 MW |
854 | return &this->public; |
855 | } |