1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * Privilege Separation BPF Initiator 4 * Copyright (c) 2006-2023 Roy Marples <roy@marples.name> 5 * All rights reserved 6 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <sys/socket.h> 30 #include <sys/types.h> 31 32 /* Need these headers just for if_ether on some OS. */ 33 #ifndef __NetBSD__ 34 #include <net/if.h> 35 #include <net/if_arp.h> 36 #include <netinet/in.h> 37 #endif 38 #include <netinet/if_ether.h> 39 40 #include <assert.h> 41 #include <pwd.h> 42 #include <errno.h> 43 #include <stdlib.h> 44 #include <string.h> 45 #include <unistd.h> 46 47 #include "arp.h" 48 #include "bpf.h" 49 #include "dhcp.h" 50 #include "dhcp6.h" 51 #include "eloop.h" 52 #include "ipv6nd.h" 53 #include "logerr.h" 54 #include "privsep.h" 55 56 /* We expect to have open 3 SEQPACKET and one RAW fd */ 57 58 static void 59 ps_bpf_recvbpf(void *arg, unsigned short events) 60 { 61 struct ps_process *psp = arg; 62 struct bpf *bpf = psp->psp_bpf; 63 uint8_t buf[FRAMELEN_MAX]; 64 ssize_t len; 65 struct ps_msghdr psm = { 66 .ps_id = psp->psp_id, 67 .ps_cmd = psp->psp_id.psi_cmd, 68 }; 69 70 if (events != ELE_READ) 71 logerrx("%s: unexpected event 0x%04x", __func__, events); 72 73 bpf->bpf_flags &= ~BPF_EOF; 74 /* A BPF read can read more than one filtered packet at time. 75 * This mechanism allows us to read each packet from the buffer. */ 76 while (!(bpf->bpf_flags & BPF_EOF)) { 77 len = bpf_read(bpf, buf, sizeof(buf)); 78 if (len == -1) { 79 int error = errno; 80 81 if (errno != ENETDOWN) 82 logerr("%s: %s", psp->psp_ifname, __func__); 83 if (error != ENXIO) 84 break; 85 /* If the interface has departed, close the BPF 86 * socket. This stops log spam if RTM_IFANNOUNCE is 87 * delayed in announcing the departing interface. */ 88 eloop_event_delete(psp->psp_ctx->eloop, bpf->bpf_fd); 89 bpf_close(bpf); 90 psp->psp_bpf = NULL; 91 break; 92 } 93 if (len == 0) 94 break; 95 psm.ps_flags = bpf->bpf_flags; 96 len = ps_sendpsmdata(psp->psp_ctx, psp->psp_ctx->ps_data_fd, 97 &psm, buf, (size_t)len); 98 if (len == -1) 99 logerr(__func__); 100 if (len == -1 || len == 0) 101 break; 102 } 103 } 104 105 static ssize_t 106 ps_bpf_recvmsgcb(void *arg, struct ps_msghdr *psm, struct msghdr *msg) 107 { 108 struct ps_process *psp = arg; 109 struct iovec *iov = msg->msg_iov; 110 111 #ifdef PRIVSEP_DEBUG 112 logerrx("%s: IN cmd %x, psp %p", __func__, psm->ps_cmd, psp); 113 #endif 114 115 switch(psm->ps_cmd) { 116 #ifdef ARP 117 case PS_BPF_ARP: /* FALLTHROUGH */ 118 #endif 119 case PS_BPF_BOOTP: 120 break; 121 default: 122 /* IPC failure, we should not be processing any commands 123 * at this point!/ */ 124 errno = EINVAL; 125 return -1; 126 } 127 128 /* We might have had an earlier ENXIO error. */ 129 if (psp->psp_bpf == NULL) { 130 errno = ENXIO; 131 return -1; 132 } 133 134 return bpf_send(psp->psp_bpf, psp->psp_proto, 135 iov->iov_base, iov->iov_len); 136 } 137 138 static void 139 ps_bpf_recvmsg(void *arg, unsigned short events) 140 { 141 struct ps_process *psp = arg; 142 143 if (ps_recvpsmsg(psp->psp_ctx, psp->psp_fd, events, 144 ps_bpf_recvmsgcb, arg) == -1) 145 logerr(__func__); 146 } 147 148 static int 149 ps_bpf_start_bpf(struct ps_process *psp) 150 { 151 struct dhcpcd_ctx *ctx = psp->psp_ctx; 152 char *addr; 153 struct in_addr *ia = &psp->psp_id.psi_addr.psa_in_addr; 154 155 if (ia->s_addr == INADDR_ANY) { 156 ia = NULL; 157 addr = NULL; 158 } else 159 addr = inet_ntoa(*ia); 160 setproctitle("[BPF %s] %s%s%s", psp->psp_protostr, psp->psp_ifname, 161 addr != NULL ? " " : "", addr != NULL ? addr : ""); 162 ps_freeprocesses(ctx, psp); 163 164 psp->psp_bpf = bpf_open(&psp->psp_ifp, psp->psp_filter, ia); 165 #ifdef DEBUG_FD 166 logdebugx("pid %d bpf_fd=%d", getpid(), psp->psp_bpf->bpf_fd); 167 #endif 168 if (psp->psp_bpf == NULL) 169 logerr("%s: bpf_open",__func__); 170 #ifdef PRIVSEP_RIGHTS 171 else if (ps_rights_limit_fd(psp->psp_bpf->bpf_fd) == -1) 172 logerr("%s: ps_rights_limit_fd", __func__); 173 #endif 174 else if (eloop_event_add(ctx->eloop, psp->psp_bpf->bpf_fd, ELE_READ, 175 ps_bpf_recvbpf, psp) == -1) 176 logerr("%s: eloop_event_add", __func__); 177 else { 178 psp->psp_work_fd = psp->psp_bpf->bpf_fd; 179 return 0; 180 } 181 182 eloop_exit(ctx->eloop, EXIT_FAILURE); 183 return -1; 184 } 185 186 ssize_t 187 ps_bpf_cmd(struct dhcpcd_ctx *ctx, struct ps_msghdr *psm, struct msghdr *msg) 188 { 189 uint16_t cmd; 190 struct ps_process *psp; 191 pid_t start; 192 struct iovec *iov = msg->msg_iov; 193 struct interface *ifp; 194 struct in_addr *ia = &psm->ps_id.psi_addr.psa_in_addr; 195 const char *addr; 196 197 cmd = (uint16_t)(psm->ps_cmd & ~(PS_START | PS_STOP)); 198 psp = ps_findprocess(ctx, &psm->ps_id); 199 200 #ifdef PRIVSEP_DEBUG 201 logerrx("%s: IN cmd %x, psp %p", __func__, psm->ps_cmd, psp); 202 #endif 203 204 switch (cmd) { 205 #ifdef ARP 206 case PS_BPF_ARP: /* FALLTHROUGH */ 207 #endif 208 case PS_BPF_BOOTP: 209 break; 210 default: 211 logerrx("%s: unknown command %x", __func__, psm->ps_cmd); 212 errno = ENOTSUP; 213 return -1; 214 } 215 216 if (!(psm->ps_cmd & PS_START)) { 217 errno = EINVAL; 218 return -1; 219 } 220 221 if (psp != NULL) 222 return 1; 223 224 psp = ps_newprocess(ctx, &psm->ps_id); 225 if (psp == NULL) 226 return -1; 227 228 ifp = &psp->psp_ifp; 229 assert(msg->msg_iovlen == 1); 230 assert(iov->iov_len == sizeof(*ifp)); 231 memcpy(ifp, iov->iov_base, sizeof(*ifp)); 232 ifp->ctx = psp->psp_ctx; 233 ifp->options = NULL; 234 memset(ifp->if_data, 0, sizeof(ifp->if_data)); 235 236 memcpy(psp->psp_ifname, ifp->name, sizeof(psp->psp_ifname)); 237 238 switch (cmd) { 239 #ifdef ARP 240 case PS_BPF_ARP: 241 psp->psp_proto = ETHERTYPE_ARP; 242 psp->psp_protostr = "ARP"; 243 psp->psp_filter = bpf_arp; 244 break; 245 #endif 246 case PS_BPF_BOOTP: 247 psp->psp_proto = ETHERTYPE_IP; 248 psp->psp_protostr = "BOOTP"; 249 psp->psp_filter = bpf_bootp; 250 break; 251 } 252 253 if (ia->s_addr == INADDR_ANY) 254 addr = NULL; 255 else 256 addr = inet_ntoa(*ia); 257 snprintf(psp->psp_name, sizeof(psp->psp_name), "BPF %s%s%s", 258 psp->psp_protostr, 259 addr != NULL ? " " : "", addr != NULL ? addr : ""); 260 261 start = ps_startprocess(psp, ps_bpf_recvmsg, NULL, 262 ps_bpf_start_bpf, NULL, PSF_DROPPRIVS); 263 switch (start) { 264 case -1: 265 ps_freeprocess(psp); 266 return -1; 267 case 0: 268 ps_entersandbox("stdio", NULL); 269 break; 270 default: 271 logdebugx("%s: spawned %s on PID %d", 272 psp->psp_ifname, psp->psp_name, psp->psp_pid); 273 break; 274 } 275 return start; 276 } 277 278 ssize_t 279 ps_bpf_dispatch(struct dhcpcd_ctx *ctx, 280 struct ps_msghdr *psm, struct msghdr *msg) 281 { 282 struct iovec *iov = msg->msg_iov; 283 struct interface *ifp; 284 uint8_t *bpf; 285 size_t bpf_len; 286 287 switch (psm->ps_cmd) { 288 #ifdef ARP 289 case PS_BPF_ARP: 290 #endif 291 case PS_BPF_BOOTP: 292 break; 293 default: 294 errno = ENOTSUP; 295 return -1; 296 } 297 298 ifp = if_findindex(ctx->ifaces, psm->ps_id.psi_ifindex); 299 /* interface may have departed .... */ 300 if (ifp == NULL) 301 return -1; 302 303 bpf = iov->iov_base; 304 bpf_len = iov->iov_len; 305 306 switch (psm->ps_cmd) { 307 #ifdef ARP 308 case PS_BPF_ARP: 309 arp_packet(ifp, bpf, bpf_len, (unsigned int)psm->ps_flags); 310 break; 311 #endif 312 case PS_BPF_BOOTP: 313 dhcp_packet(ifp, bpf, bpf_len, (unsigned int)psm->ps_flags); 314 break; 315 } 316 317 return 1; 318 } 319 320 static ssize_t 321 ps_bpf_send(const struct interface *ifp, const struct in_addr *ia, 322 uint16_t cmd, const void *data, size_t len) 323 { 324 struct dhcpcd_ctx *ctx = ifp->ctx; 325 struct ps_msghdr psm = { 326 .ps_cmd = cmd, 327 .ps_id = { 328 .psi_ifindex = ifp->index, 329 .psi_cmd = (uint8_t)(cmd & ~(PS_START | PS_STOP)), 330 }, 331 }; 332 333 if (ia != NULL) 334 psm.ps_id.psi_addr.psa_in_addr = *ia; 335 336 return ps_sendpsmdata(ctx, PS_ROOT_FD(ctx), &psm, data, len); 337 } 338 339 #ifdef ARP 340 ssize_t 341 ps_bpf_openarp(const struct interface *ifp, const struct in_addr *ia) 342 { 343 344 assert(ia != NULL); 345 return ps_bpf_send(ifp, ia, PS_BPF_ARP | PS_START, 346 ifp, sizeof(*ifp)); 347 } 348 349 ssize_t 350 ps_bpf_closearp(const struct interface *ifp, const struct in_addr *ia) 351 { 352 353 return ps_bpf_send(ifp, ia, PS_BPF_ARP | PS_STOP, NULL, 0); 354 } 355 356 ssize_t 357 ps_bpf_sendarp(const struct interface *ifp, const struct in_addr *ia, 358 const void *data, size_t len) 359 { 360 361 assert(ia != NULL); 362 return ps_bpf_send(ifp, ia, PS_BPF_ARP, data, len); 363 } 364 #endif 365 366 ssize_t 367 ps_bpf_openbootp(const struct interface *ifp) 368 { 369 370 return ps_bpf_send(ifp, NULL, PS_BPF_BOOTP | PS_START, 371 ifp, sizeof(*ifp)); 372 } 373 374 ssize_t 375 ps_bpf_closebootp(const struct interface *ifp) 376 { 377 378 return ps_bpf_send(ifp, NULL, PS_BPF_BOOTP | PS_STOP, NULL, 0); 379 } 380 381 ssize_t 382 ps_bpf_sendbootp(const struct interface *ifp, const void *data, size_t len) 383 { 384 385 return ps_bpf_send(ifp, NULL, PS_BPF_BOOTP, data, len); 386 } 387