[thirdparty/systemd.git] / src / libsystemd-network / dhcp-packet.c

/* SPDX-License-Identifier: LGPL-2.1+ */
/***
  Copyright © 2013 Intel Corporation. All rights reserved.
  Copyright © 2014 Tom Gundersen
***/

#include <errno.h>
#include <net/ethernet.h>
#include <net/if_arp.h>
#include <string.h>

#include "dhcp-internal.h"
#include "dhcp-protocol.h"

#define DHCP_CLIENT_MIN_OPTIONS_SIZE            312

int dhcp_message_init(DHCPMessage *message, uint8_t op, uint32_t xid,
                      uint8_t type, uint16_t arp_type, size_t optlen,
                      size_t *optoffset) {
        size_t offset = 0;
        int r;

        assert(IN_SET(op, BOOTREQUEST, BOOTREPLY));
        assert(IN_SET(arp_type, ARPHRD_ETHER, ARPHRD_INFINIBAND));

        message->op = op;
        message->htype = arp_type;
        message->hlen = (arp_type == ARPHRD_ETHER) ? ETHER_ADDR_LEN : 0;
        message->xid = htobe32(xid);
        message->magic = htobe32(DHCP_MAGIC_COOKIE);

        r = dhcp_option_append(message, optlen, &offset, 0,
                               SD_DHCP_OPTION_MESSAGE_TYPE, 1, &type);
        if (r < 0)
                return r;

        *optoffset = offset;

        return 0;
}

uint16_t dhcp_packet_checksum(uint8_t *buf, size_t len) {
        uint64_t *buf_64 = (uint64_t*)buf;
        uint64_t *end_64 = buf_64 + (len / sizeof(uint64_t));
        uint64_t sum = 0;

        /* See RFC1071 */

        while (buf_64 < end_64) {
                sum += *buf_64;
                if (sum < *buf_64)
                        /* wrap around in one's complement */
                        sum++;

                buf_64++;
        }

        if (len % sizeof(uint64_t)) {
                /* If the buffer is not aligned to 64-bit, we need
                   to zero-pad the last few bytes and add them in */
                uint64_t buf_tail = 0;

                memcpy(&buf_tail, buf_64, len % sizeof(uint64_t));

                sum += buf_tail;
                if (sum < buf_tail)
                        /* wrap around */
                        sum++;
        }

        while (sum >> 16)
                sum = (sum & 0xffff) + (sum >> 16);

        return ~sum;
}

void dhcp_packet_append_ip_headers(DHCPPacket *packet, be32_t source_addr,
                                   uint16_t source_port, be32_t destination_addr,
                                   uint16_t destination_port, uint16_t len) {
        packet->ip.version = IPVERSION;
        packet->ip.ihl = DHCP_IP_SIZE / 4;
        packet->ip.tot_len = htobe16(len);

        packet->ip.tos = IPTOS_CLASS_CS6;

        packet->ip.protocol = IPPROTO_UDP;
        packet->ip.saddr = source_addr;
        packet->ip.daddr = destination_addr;

        packet->udp.source = htobe16(source_port);
        packet->udp.dest = htobe16(destination_port);

        packet->udp.len = htobe16(len - DHCP_IP_SIZE);

        packet->ip.check = packet->udp.len;
        packet->udp.check = dhcp_packet_checksum((uint8_t*)&packet->ip.ttl, len - 8);

        packet->ip.ttl = IPDEFTTL;
        packet->ip.check = 0;
        packet->ip.check = dhcp_packet_checksum((uint8_t*)&packet->ip, DHCP_IP_SIZE);
}

int dhcp_packet_verify_headers(DHCPPacket *packet, size_t len, bool checksum, uint16_t port) {
        size_t hdrlen;

        assert(packet);

        /* IP */

        if (packet->ip.version != IPVERSION) {
                log_debug("ignoring packet: not IPv4");
                return -EINVAL;
        }

        if (packet->ip.ihl < 5) {
                log_debug("ignoring packet: IPv4 IHL (%u words) invalid",
                          packet->ip.ihl);
                return -EINVAL;
        }

        hdrlen = packet->ip.ihl * 4;
        if (hdrlen < 20) {
                log_debug("ignoring packet: IPv4 IHL (%zu bytes) "
                          "smaller than minimum (20 bytes)", hdrlen);
                return -EINVAL;
        }

        if (len < hdrlen) {
                log_debug("ignoring packet: packet (%zu bytes) "
                          "smaller than expected (%zu) by IP header", len,
                          hdrlen);
                return -EINVAL;
        }

        /* UDP */

        if (packet->ip.protocol != IPPROTO_UDP) {
                log_debug("ignoring packet: not UDP");
                return -EINVAL;
        }

        if (len < hdrlen + be16toh(packet->udp.len)) {
                log_debug("ignoring packet: packet (%zu bytes) "
                          "smaller than expected (%zu) by UDP header", len,
                          hdrlen + be16toh(packet->udp.len));
                return -EINVAL;
        }

        if (be16toh(packet->udp.dest) != port) {
                log_debug("ignoring packet: to port %u, which "
                          "is not the DHCP client port (%u)",
                          be16toh(packet->udp.dest), port);
                return -EINVAL;
        }

        /* checksums - computing these is relatively expensive, so only do it
           if all the other checks have passed
         */

        if (dhcp_packet_checksum((uint8_t*)&packet->ip, hdrlen)) {
                log_debug("ignoring packet: invalid IP checksum");
                return -EINVAL;
        }

        if (checksum && packet->udp.check) {
                packet->ip.check = packet->udp.len;
                packet->ip.ttl = 0;

                if (dhcp_packet_checksum((uint8_t*)&packet->ip.ttl,
                                  be16toh(packet->udp.len) + 12)) {
                        log_debug("ignoring packet: invalid UDP checksum");
                        return -EINVAL;
                }
        }

        return 0;
}
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
cf597f65	2	/***
810adae9 LP	3	Copyright © 2013 Intel Corporation. All rights reserved.
810adae9 LP	4	Copyright © 2014 Tom Gundersen
cf597f65 TG	5	***/
cf597f65 TG	6
cf597f65	7	#include <errno.h>
cf597f65 TG	8	#include <net/ethernet.h>
cf597f65 TG	9	#include <net/if_arp.h>
cf0fbc49	10	#include <string.h>
cf597f65	11
cf597f65	12	#include "dhcp-internal.h"
cf0fbc49	13	#include "dhcp-protocol.h"
cf597f65 TG	14
	15	#define DHCP_CLIENT_MIN_OPTIONS_SIZE 312
	16
	17	int dhcp_message_init(DHCPMessage *message, uint8_t op, uint32_t xid,
76253e73 DW	18	uint8_t type, uint16_t arp_type, size_t optlen,
76253e73 DW	19	size_t *optoffset) {
20b958bf TG	20	size_t offset = 0;
20b958bf TG	21	int r;
cf597f65	22
3742095b AR	23	assert(IN_SET(op, BOOTREQUEST, BOOTREPLY));
3742095b AR	24	assert(IN_SET(arp_type, ARPHRD_ETHER, ARPHRD_INFINIBAND));
0a1b6da8	25
cf597f65	26	message->op = op;
76253e73 DW	27	message->htype = arp_type;
76253e73 DW	28	message->hlen = (arp_type == ARPHRD_ETHER) ? ETHER_ADDR_LEN : 0;
cf597f65	29	message->xid = htobe32(xid);
3b7ca119	30	message->magic = htobe32(DHCP_MAGIC_COOKIE);
cf597f65	31
04b28be1	32	r = dhcp_option_append(message, optlen, &offset, 0,
22805d92	33	SD_DHCP_OPTION_MESSAGE_TYPE, 1, &type);
20b958bf TG	34	if (r < 0)
20b958bf TG	35	return r;
cf597f65	36
20b958bf	37	*optoffset = offset;
cf597f65 TG	38
	39	return 0;
	40	}
	41
0bbc2c1f TG	42	uint16_t dhcp_packet_checksum(uint8_t *buf, size_t len) {
	43	uint64_t buf_64 = (uint64_t)buf;
	44	uint64_t *end_64 = buf_64 + (len / sizeof(uint64_t));
d5761274 TG	45	uint64_t sum = 0;
d5761274 TG	46
0bbc2c1f TG	47	/* See RFC1071 */
0bbc2c1f TG	48
d5761274 TG	49	while (buf_64 < end_64) {
	50	sum += *buf_64;
	51	if (sum < *buf_64)
0bbc2c1f	52	/* wrap around in one's complement */
d5761274 TG	53	sum++;
d5761274 TG	54
313cefa1	55	buf_64++;
d5761274 TG	56	}
d5761274 TG	57
0bbc2c1f TG	58	if (len % sizeof(uint64_t)) {
	59	/* If the buffer is not aligned to 64-bit, we need
	60	to zero-pad the last few bytes and add them in */
	61	uint64_t buf_tail = 0;
cf597f65	62
0bbc2c1f	63	memcpy(&buf_tail, buf_64, len % sizeof(uint64_t));
cf597f65	64
0bbc2c1f TG	65	sum += buf_tail;
	66	if (sum < buf_tail)
	67	/* wrap around */
d5761274	68	sum++;
cf597f65 TG	69	}
	70
	71	while (sum >> 16)
	72	sum = (sum & 0xffff) + (sum >> 16);
	73
	74	return ~sum;
	75	}
	76
63edaa62 TG	77	void dhcp_packet_append_ip_headers(DHCPPacket *packet, be32_t source_addr,
	78	uint16_t source_port, be32_t destination_addr,
	79	uint16_t destination_port, uint16_t len) {
cf597f65 TG	80	packet->ip.version = IPVERSION;
	81	packet->ip.ihl = DHCP_IP_SIZE / 4;
	82	packet->ip.tot_len = htobe16(len);
	83
85923f79 TG	84	packet->ip.tos = IPTOS_CLASS_CS6;
85923f79 TG	85
cf597f65	86	packet->ip.protocol = IPPROTO_UDP;
63edaa62 TG	87	packet->ip.saddr = source_addr;
63edaa62 TG	88	packet->ip.daddr = destination_addr;
cf597f65	89
63edaa62 TG	90	packet->udp.source = htobe16(source_port);
63edaa62 TG	91	packet->udp.dest = htobe16(destination_port);
cf597f65 TG	92
	93	packet->udp.len = htobe16(len - DHCP_IP_SIZE);
	94
	95	packet->ip.check = packet->udp.len;
0bbc2c1f	96	packet->udp.check = dhcp_packet_checksum((uint8_t*)&packet->ip.ttl, len - 8);
cf597f65 TG	97
	98	packet->ip.ttl = IPDEFTTL;
	99	packet->ip.check = 0;
0bbc2c1f	100	packet->ip.check = dhcp_packet_checksum((uint8_t*)&packet->ip, DHCP_IP_SIZE);
cf597f65 TG	101	}
cf597f65 TG	102
9faed222	103	int dhcp_packet_verify_headers(DHCPPacket *packet, size_t len, bool checksum, uint16_t port) {
cf597f65 TG	104	size_t hdrlen;
cf597f65 TG	105
5266a81e TG	106	assert(packet);
5266a81e TG	107
06b44be7	108	/* IP */
cf597f65	109
6e34949d	110	if (packet->ip.version != IPVERSION) {
aa6fc9b8	111	log_debug("ignoring packet: not IPv4");
6e34949d TG	112	return -EINVAL;
	113	}
	114
06b44be7	115	if (packet->ip.ihl < 5) {
aa6fc9b8 TG	116	log_debug("ignoring packet: IPv4 IHL (%u words) invalid",
aa6fc9b8 TG	117	packet->ip.ihl);
cf597f65	118	return -EINVAL;
ac4f16ab	119	}
cf597f65 TG	120
cf597f65 TG	121	hdrlen = packet->ip.ihl * 4;
06b44be7	122	if (hdrlen < 20) {
aa6fc9b8 TG	123	log_debug("ignoring packet: IPv4 IHL (%zu bytes) "
aa6fc9b8 TG	124	"smaller than minimum (20 bytes)", hdrlen);
06b44be7 TG	125	return -EINVAL;
	126	}
	127
	128	if (len < hdrlen) {
aa6fc9b8 TG	129	log_debug("ignoring packet: packet (%zu bytes) "
	130	"smaller than expected (%zu) by IP header", len,
	131	hdrlen);
cf597f65	132	return -EINVAL;
ac4f16ab	133	}
cf597f65	134
06b44be7 TG	135	/* UDP */
06b44be7 TG	136
d454a674	137	if (packet->ip.protocol != IPPROTO_UDP) {
aa6fc9b8	138	log_debug("ignoring packet: not UDP");
d454a674 UTL	139	return -EINVAL;
	140	}
	141
8fa2eeac	142	if (len < hdrlen + be16toh(packet->udp.len)) {
aa6fc9b8 TG	143	log_debug("ignoring packet: packet (%zu bytes) "
	144	"smaller than expected (%zu) by UDP header", len,
	145	hdrlen + be16toh(packet->udp.len));
ac4f16ab TG	146	return -EINVAL;
ac4f16ab TG	147	}
cf597f65	148
9faed222	149	if (be16toh(packet->udp.dest) != port) {
aa6fc9b8 TG	150	log_debug("ignoring packet: to port %u, which "
aa6fc9b8 TG	151	"is not the DHCP client port (%u)",
9faed222	152	be16toh(packet->udp.dest), port);
2ad7561f TG	153	return -EINVAL;
	154	}
	155
	156	/* checksums - computing these is relatively expensive, so only do it
	157	if all the other checks have passed
	158	*/
	159
0bbc2c1f	160	if (dhcp_packet_checksum((uint8_t*)&packet->ip, hdrlen)) {
aa6fc9b8	161	log_debug("ignoring packet: invalid IP checksum");
2ad7561f TG	162	return -EINVAL;
	163	}
	164
55dab2ed	165	if (checksum && packet->udp.check) {
cf597f65 TG	166	packet->ip.check = packet->udp.len;
	167	packet->ip.ttl = 0;
	168
0bbc2c1f	169	if (dhcp_packet_checksum((uint8_t*)&packet->ip.ttl,
ac4f16ab	170	be16toh(packet->udp.len) + 12)) {
aa6fc9b8	171	log_debug("ignoring packet: invalid UDP checksum");
cf597f65	172	return -EINVAL;
ac4f16ab	173	}
cf597f65 TG	174	}
cf597f65 TG	175
cf597f65 TG	176	return 0;
cf597f65 TG	177	}