Commit | Line | Data |
---|---|---|
4cada237 | 1 | /* $OpenBSD: src/sbin/dhclient/packet.c,v 1.13 2009/06/06 04:02:42 krw Exp $ */ |
846204b6 HT |
2 | |
3 | /* Packet assembly code, originally contributed by Archie Cobbs. */ | |
4 | ||
5 | /* | |
6 | * Copyright (c) 1995, 1996, 1999 The Internet Software Consortium. | |
7 | * All rights reserved. | |
8 | * | |
9 | * Redistribution and use in source and binary forms, with or without | |
10 | * modification, are permitted provided that the following conditions | |
11 | * are met: | |
12 | * | |
13 | * 1. Redistributions of source code must retain the above copyright | |
14 | * notice, this list of conditions and the following disclaimer. | |
15 | * 2. Redistributions in binary form must reproduce the above copyright | |
16 | * notice, this list of conditions and the following disclaimer in the | |
17 | * documentation and/or other materials provided with the distribution. | |
18 | * 3. Neither the name of The Internet Software Consortium nor the names | |
19 | * of its contributors may be used to endorse or promote products derived | |
20 | * from this software without specific prior written permission. | |
21 | * | |
22 | * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND | |
23 | * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, | |
24 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF | |
25 | * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
26 | * DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR | |
27 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | |
29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF | |
30 | * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | |
31 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | |
32 | * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT | |
33 | * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
34 | * SUCH DAMAGE. | |
35 | * | |
36 | * This software has been written for the Internet Software Consortium | |
37 | * by Ted Lemon <mellon@fugue.com> in cooperation with Vixie | |
38 | * Enterprises. To learn more about the Internet Software Consortium, | |
39 | * see ``http://www.vix.com/isc''. To learn more about Vixie | |
40 | * Enterprises, see ``http://www.vix.com''. | |
41 | */ | |
42 | ||
43 | #include "dhcpd.h" | |
44 | ||
45 | #include <netinet/if_ether.h> | |
46 | #include <netinet/in_systm.h> | |
47 | #include <netinet/ip.h> | |
48 | #include <netinet/udp.h> | |
49 | ||
50 | #define ETHER_HEADER_SIZE (ETHER_ADDR_LEN * 2 + sizeof(u_int16_t)) | |
51 | ||
52 | u_int32_t checksum(unsigned char *, unsigned, u_int32_t); | |
53 | u_int32_t wrapsum(u_int32_t); | |
54 | ||
55 | u_int32_t | |
56 | checksum(unsigned char *buf, unsigned nbytes, u_int32_t sum) | |
57 | { | |
58 | uint i; | |
59 | ||
60 | /* Checksum all the pairs of bytes first... */ | |
61 | for (i = 0; i < (nbytes & ~1U); i += 2) { | |
62 | sum += (u_int16_t)ntohs(*((u_int16_t *)(buf + i))); | |
63 | if (sum > 0xFFFF) | |
64 | sum -= 0xFFFF; | |
65 | } | |
66 | ||
67 | /* | |
68 | * If there's a single byte left over, checksum it, too. | |
69 | * Network byte order is big-endian, so the remaining byte is | |
70 | * the high byte. | |
71 | */ | |
72 | if (i < nbytes) { | |
73 | sum += buf[i] << 8; | |
74 | if (sum > 0xFFFF) | |
75 | sum -= 0xFFFF; | |
76 | } | |
77 | ||
78 | return (sum); | |
79 | } | |
80 | ||
81 | u_int32_t | |
82 | wrapsum(u_int32_t sum) | |
83 | { | |
84 | sum = ~sum & 0xFFFF; | |
85 | return (htons(sum)); | |
86 | } | |
87 | ||
88 | void | |
89 | assemble_hw_header(unsigned char *buf, int *bufix, struct hardware *to) | |
90 | { | |
91 | struct ether_header eh; | |
92 | ||
93 | if (to != NULL && to->hlen == 6) /* XXX */ | |
94 | memcpy(eh.ether_dhost, to->haddr, sizeof(eh.ether_dhost)); | |
95 | else | |
96 | memset(eh.ether_dhost, 0xff, sizeof(eh.ether_dhost)); | |
97 | if (ifi->hw_address.hlen == sizeof(eh.ether_shost)) | |
98 | memcpy(eh.ether_shost, ifi->hw_address.haddr, | |
99 | sizeof(eh.ether_shost)); | |
100 | else | |
101 | memset(eh.ether_shost, 0x00, sizeof(eh.ether_shost)); | |
102 | ||
103 | eh.ether_type = htons(ETHERTYPE_IP); | |
104 | ||
105 | memcpy(&buf[*bufix], &eh, ETHER_HEADER_SIZE); | |
106 | *bufix += ETHER_HEADER_SIZE; | |
107 | } | |
108 | ||
109 | void | |
110 | assemble_udp_ip_header(unsigned char *buf, int *bufix, u_int32_t from, | |
111 | u_int32_t to, unsigned int port, unsigned char *data, int len) | |
112 | { | |
113 | struct ip ip; | |
114 | struct udphdr udp; | |
115 | ||
116 | ip.ip_v = 4; | |
117 | ip.ip_hl = 5; | |
118 | ip.ip_tos = IPTOS_LOWDELAY; | |
119 | ip.ip_len = htons(sizeof(ip) + sizeof(udp) + len); | |
120 | ip.ip_id = 0; | |
121 | ip.ip_off = 0; | |
122 | ip.ip_ttl = 16; | |
123 | ip.ip_p = IPPROTO_UDP; | |
124 | ip.ip_sum = 0; | |
125 | ip.ip_src.s_addr = from; | |
126 | ip.ip_dst.s_addr = to; | |
127 | ||
128 | ip.ip_sum = wrapsum(checksum((unsigned char *)&ip, sizeof(ip), 0)); | |
129 | memcpy(&buf[*bufix], &ip, sizeof(ip)); | |
130 | *bufix += sizeof(ip); | |
131 | ||
132 | udp.uh_sport = htons(LOCAL_PORT); /* XXX */ | |
133 | udp.uh_dport = port; /* XXX */ | |
134 | udp.uh_ulen = htons(sizeof(udp) + len); | |
135 | memset(&udp.uh_sum, 0, sizeof(udp.uh_sum)); | |
136 | ||
137 | udp.uh_sum = wrapsum(checksum((unsigned char *)&udp, sizeof(udp), | |
138 | checksum(data, len, checksum((unsigned char *)&ip.ip_src, | |
139 | 2 * sizeof(ip.ip_src), | |
140 | IPPROTO_UDP + (u_int32_t)ntohs(udp.uh_ulen))))); | |
141 | ||
142 | memcpy(&buf[*bufix], &udp, sizeof(udp)); | |
143 | *bufix += sizeof(udp); | |
144 | } | |
145 | ||
146 | ssize_t | |
147 | decode_hw_header(unsigned char *buf, int bufix, struct hardware *from) | |
148 | { | |
149 | struct ether_header eh; | |
150 | ||
151 | memcpy(&eh, buf + bufix, ETHER_HEADER_SIZE); | |
152 | ||
153 | memcpy(from->haddr, eh.ether_shost, sizeof(eh.ether_shost)); | |
154 | from->htype = ARPHRD_ETHER; | |
155 | from->hlen = sizeof(eh.ether_shost); | |
156 | ||
157 | return (sizeof(eh)); | |
158 | } | |
159 | ||
160 | ssize_t | |
161 | decode_udp_ip_header(unsigned char *buf, int bufix, struct sockaddr_in *from, | |
162 | unsigned char *data, int buflen) | |
163 | { | |
164 | struct ip *ip; | |
165 | struct udphdr *udp; | |
166 | u_int32_t ip_len = (buf[bufix] & 0xf) << 2; | |
167 | u_int32_t sum, usum; | |
168 | static int ip_packets_seen; | |
169 | static int ip_packets_bad_checksum; | |
170 | static int udp_packets_seen; | |
171 | static int udp_packets_bad_checksum; | |
172 | static int udp_packets_length_checked; | |
173 | static int udp_packets_length_overflow; | |
174 | int len = 0; | |
175 | ||
176 | ip = (struct ip *)(buf + bufix); | |
177 | udp = (struct udphdr *)(buf + bufix + ip_len); | |
178 | ||
179 | /* Check the IP header checksum - it should be zero. */ | |
180 | ip_packets_seen++; | |
181 | if (wrapsum(checksum(buf + bufix, ip_len, 0)) != 0) { | |
182 | ip_packets_bad_checksum++; | |
183 | if (ip_packets_seen > 4 && | |
184 | (ip_packets_seen / ip_packets_bad_checksum) < 2) { | |
185 | note("%d bad IP checksums seen in %d packets", | |
186 | ip_packets_bad_checksum, ip_packets_seen); | |
187 | ip_packets_seen = ip_packets_bad_checksum = 0; | |
188 | } | |
189 | return (-1); | |
190 | } | |
191 | ||
4cada237 | 192 | #ifdef DEBUG |
846204b6 HT |
193 | if (ntohs(ip->ip_len) != buflen) |
194 | debug("ip length %d disagrees with bytes received %d.", | |
195 | ntohs(ip->ip_len), buflen); | |
4cada237 | 196 | #endif |
846204b6 HT |
197 | memcpy(&from->sin_addr, &ip->ip_src, 4); |
198 | ||
199 | /* | |
200 | * Compute UDP checksums, including the ``pseudo-header'', the | |
201 | * UDP header and the data. If the UDP checksum field is zero, | |
202 | * we're not supposed to do a checksum. | |
203 | */ | |
204 | if (!data) { | |
205 | data = buf + bufix + ip_len + sizeof(*udp); | |
206 | len = ntohs(udp->uh_ulen) - sizeof(*udp); | |
207 | udp_packets_length_checked++; | |
208 | if (len + data > buf + bufix + buflen) { | |
209 | udp_packets_length_overflow++; | |
210 | if (udp_packets_length_checked > 4 && | |
211 | (udp_packets_length_checked / | |
212 | udp_packets_length_overflow) < 2) { | |
213 | note("%d udp packets in %d too long - dropped", | |
214 | udp_packets_length_overflow, | |
215 | udp_packets_length_checked); | |
216 | udp_packets_length_overflow = | |
217 | udp_packets_length_checked = 0; | |
218 | } | |
219 | return (-1); | |
220 | } | |
4cada237 | 221 | #ifdef DEBUG |
846204b6 HT |
222 | if (len + data != buf + bufix + buflen) |
223 | debug("accepting packet with data after udp payload."); | |
4cada237 | 224 | #endif |
846204b6 HT |
225 | } |
226 | ||
227 | usum = udp->uh_sum; | |
228 | udp->uh_sum = 0; | |
229 | ||
230 | sum = wrapsum(checksum((unsigned char *)udp, sizeof(*udp), | |
231 | checksum(data, len, checksum((unsigned char *)&ip->ip_src, | |
232 | 2 * sizeof(ip->ip_src), | |
233 | IPPROTO_UDP + (u_int32_t)ntohs(udp->uh_ulen))))); | |
234 | ||
235 | udp_packets_seen++; | |
236 | if (usum && usum != sum) { | |
237 | udp_packets_bad_checksum++; | |
238 | if (udp_packets_seen > 4 && | |
239 | (udp_packets_seen / udp_packets_bad_checksum) < 2) { | |
240 | note("%d bad udp checksums in %d packets", | |
241 | udp_packets_bad_checksum, udp_packets_seen); | |
242 | udp_packets_seen = udp_packets_bad_checksum = 0; | |
243 | } | |
244 | return (-1); | |
245 | } | |
246 | ||
247 | memcpy(&from->sin_port, &udp->uh_sport, sizeof(udp->uh_sport)); | |
248 | ||
249 | return (ip_len + sizeof(*udp)); | |
250 | } |