1 /* 2 * dhcpcd - ARP handler 3 * Copyright (c) 2006-2018 Roy Marples <roy@marples.name> 4 * All rights reserved 5 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include <sys/socket.h> 29 #include <sys/types.h> 30 31 #include <arpa/inet.h> 32 33 #include <net/if.h> 34 #include <netinet/in.h> 35 #include <netinet/if_ether.h> 36 37 #include <errno.h> 38 #include <stdlib.h> 39 #include <string.h> 40 #include <unistd.h> 41 42 #define ELOOP_QUEUE 5 43 #include "config.h" 44 #include "arp.h" 45 #include "bpf.h" 46 #include "ipv4.h" 47 #include "common.h" 48 #include "dhcpcd.h" 49 #include "eloop.h" 50 #include "if.h" 51 #include "if-options.h" 52 #include "ipv4ll.h" 53 #include "logerr.h" 54 55 #if defined(ARP) 56 #define ARP_LEN \ 57 (sizeof(struct arphdr) + (2 * sizeof(uint32_t)) + (2 * HWADDR_LEN)) 58 59 /* ARP debugging can be quite noisy. Enable this for more noise! */ 60 //#define ARP_DEBUG 61 62 /* Assert the correct structure size for on wire */ 63 __CTASSERT(sizeof(struct arphdr) == 8); 64 65 ssize_t 66 arp_request(const struct interface *ifp, in_addr_t sip, in_addr_t tip) 67 { 68 uint8_t arp_buffer[ARP_LEN]; 69 struct arphdr ar; 70 size_t len; 71 uint8_t *p; 72 const struct iarp_state *state; 73 74 ar.ar_hrd = htons(ifp->family); 75 ar.ar_pro = htons(ETHERTYPE_IP); 76 ar.ar_hln = ifp->hwlen; 77 ar.ar_pln = sizeof(sip); 78 ar.ar_op = htons(ARPOP_REQUEST); 79 80 p = arp_buffer; 81 len = 0; 82 83 #define CHECK(fun, b, l) \ 84 do { \ 85 if (len + (l) > sizeof(arp_buffer)) \ 86 goto eexit; \ 87 fun(p, (b), (l)); \ 88 p += (l); \ 89 len += (l); \ 90 } while (/* CONSTCOND */ 0) 91 #define APPEND(b, l) CHECK(memcpy, b, l) 92 #define ZERO(l) CHECK(memset, 0, l) 93 94 APPEND(&ar, sizeof(ar)); 95 APPEND(ifp->hwaddr, ifp->hwlen); 96 APPEND(&sip, sizeof(sip)); 97 ZERO(ifp->hwlen); 98 APPEND(&tip, sizeof(tip)); 99 100 state = ARP_CSTATE(ifp); 101 return bpf_send(ifp, state->bpf_fd, ETHERTYPE_ARP, arp_buffer, len); 102 103 eexit: 104 errno = ENOBUFS; 105 return -1; 106 } 107 108 static void 109 arp_packet(struct interface *ifp, uint8_t *data, size_t len) 110 { 111 const struct interface *ifn; 112 struct arphdr ar; 113 struct arp_msg arm; 114 const struct iarp_state *state; 115 struct arp_state *astate, *astaten; 116 uint8_t *hw_s, *hw_t; 117 118 /* We must have a full ARP header */ 119 if (len < sizeof(ar)) 120 return; 121 memcpy(&ar, data, sizeof(ar)); 122 123 /* These checks are enforced in the BPF filter. */ 124 #if 0 125 /* Families must match */ 126 if (ar.ar_hrd != htons(ifp->family)) 127 return; 128 /* Protocol must be IP. */ 129 if (ar.ar_pro != htons(ETHERTYPE_IP)) 130 continue; 131 /* Only these types are recognised */ 132 if (ar.ar_op != htons(ARPOP_REPLY) && 133 ar.ar_op != htons(ARPOP_REQUEST)) 134 continue; 135 /* Protocol length must match in_addr_t */ 136 if (ar.ar_pln != sizeof(arm.sip.s_addr)) 137 return; 138 #endif 139 140 /* Get pointers to the hardware addresses */ 141 hw_s = data + sizeof(ar); 142 hw_t = hw_s + ar.ar_hln + ar.ar_pln; 143 /* Ensure we got all the data */ 144 if ((size_t)((hw_t + ar.ar_hln + ar.ar_pln) - data) > len) 145 return; 146 /* Ignore messages from ourself */ 147 TAILQ_FOREACH(ifn, ifp->ctx->ifaces, next) { 148 if (ar.ar_hln == ifn->hwlen && 149 memcmp(hw_s, ifn->hwaddr, ifn->hwlen) == 0) 150 break; 151 } 152 if (ifn) { 153 #ifdef ARP_DEBUG 154 logdebugx("%s: ignoring ARP from self", ifp->name); 155 #endif 156 return; 157 } 158 /* Copy out the HW and IP addresses */ 159 memcpy(&arm.sha, hw_s, ar.ar_hln); 160 memcpy(&arm.sip.s_addr, hw_s + ar.ar_hln, ar.ar_pln); 161 memcpy(&arm.tha, hw_t, ar.ar_hln); 162 memcpy(&arm.tip.s_addr, hw_t + ar.ar_hln, ar.ar_pln); 163 164 /* Run the conflicts */ 165 state = ARP_CSTATE(ifp); 166 TAILQ_FOREACH_SAFE(astate, &state->arp_states, next, astaten) { 167 if (arm.sip.s_addr != astate->addr.s_addr && 168 arm.tip.s_addr != astate->addr.s_addr) 169 continue; 170 if (astate->conflicted_cb) 171 astate->conflicted_cb(astate, &arm); 172 } 173 } 174 175 void 176 arp_close(struct interface *ifp) 177 { 178 struct iarp_state *state; 179 180 if ((state = ARP_STATE(ifp)) != NULL && state->bpf_fd != -1) { 181 eloop_event_delete(ifp->ctx->eloop, state->bpf_fd); 182 bpf_close(ifp, state->bpf_fd); 183 state->bpf_fd = -1; 184 state->bpf_flags |= BPF_EOF; 185 } 186 } 187 188 static void 189 arp_tryfree(struct interface *ifp) 190 { 191 struct iarp_state *state = ARP_STATE(ifp); 192 193 /* If there are no more ARP states, close the socket. */ 194 if (TAILQ_FIRST(&state->arp_states) == NULL) { 195 arp_close(ifp); 196 if (state->bpf_flags & BPF_READING) 197 state->bpf_flags |= BPF_EOF; 198 else { 199 free(state); 200 ifp->if_data[IF_DATA_ARP] = NULL; 201 } 202 } else { 203 if (bpf_arp(ifp, state->bpf_fd) == -1) 204 logerr(__func__); 205 } 206 } 207 208 static void 209 arp_read(void *arg) 210 { 211 struct interface *ifp = arg; 212 struct iarp_state *state; 213 uint8_t buf[ARP_LEN]; 214 ssize_t bytes; 215 216 /* Some RAW mechanisms are generic file descriptors, not sockets. 217 * This means we have no kernel call to just get one packet, 218 * so we have to process the entire buffer. */ 219 state = ARP_STATE(ifp); 220 state->bpf_flags &= ~BPF_EOF; 221 state->bpf_flags |= BPF_READING; 222 while (!(state->bpf_flags & BPF_EOF)) { 223 bytes = bpf_read(ifp, state->bpf_fd, buf, sizeof(buf), 224 &state->bpf_flags); 225 if (bytes == -1) { 226 logerr("%s: %s", __func__, ifp->name); 227 arp_close(ifp); 228 break; 229 } 230 arp_packet(ifp, buf, (size_t)bytes); 231 /* Check we still have a state after processing. */ 232 if ((state = ARP_STATE(ifp)) == NULL) 233 break; 234 } 235 if (state != NULL) { 236 state->bpf_flags &= ~BPF_READING; 237 /* Try and free the state if nothing left to do. */ 238 arp_tryfree(ifp); 239 } 240 } 241 242 int 243 arp_open(struct interface *ifp) 244 { 245 struct iarp_state *state; 246 247 state = ARP_STATE(ifp); 248 if (state->bpf_fd == -1) { 249 state->bpf_fd = bpf_open(ifp, bpf_arp); 250 if (state->bpf_fd == -1) { 251 logerr("%s: %s", __func__, ifp->name); 252 return -1; 253 } 254 eloop_event_add(ifp->ctx->eloop, state->bpf_fd, arp_read, ifp); 255 } 256 return state->bpf_fd; 257 } 258 259 static void 260 arp_probed(void *arg) 261 { 262 struct arp_state *astate = arg; 263 264 astate->probed_cb(astate); 265 } 266 267 static void 268 arp_probe1(void *arg) 269 { 270 struct arp_state *astate = arg; 271 struct interface *ifp = astate->iface; 272 struct timespec tv; 273 274 if (++astate->probes < PROBE_NUM) { 275 tv.tv_sec = PROBE_MIN; 276 tv.tv_nsec = (suseconds_t)arc4random_uniform( 277 (PROBE_MAX - PROBE_MIN) * NSEC_PER_SEC); 278 timespecnorm(&tv); 279 eloop_timeout_add_tv(ifp->ctx->eloop, &tv, arp_probe1, astate); 280 } else { 281 tv.tv_sec = ANNOUNCE_WAIT; 282 tv.tv_nsec = 0; 283 eloop_timeout_add_tv(ifp->ctx->eloop, &tv, arp_probed, astate); 284 } 285 logdebugx("%s: ARP probing %s (%d of %d), next in %0.1f seconds", 286 ifp->name, inet_ntoa(astate->addr), 287 astate->probes ? astate->probes : PROBE_NUM, PROBE_NUM, 288 timespec_to_double(&tv)); 289 if (arp_request(ifp, 0, astate->addr.s_addr) == -1) 290 logerr(__func__); 291 } 292 293 void 294 arp_probe(struct arp_state *astate) 295 { 296 297 if (arp_open(astate->iface) == -1) { 298 logerr(__func__); 299 return; 300 } else { 301 const struct iarp_state *state = ARP_CSTATE(astate->iface); 302 303 if (bpf_arp(astate->iface, state->bpf_fd) == -1) 304 logerr(__func__); 305 } 306 astate->probes = 0; 307 logdebugx("%s: probing for %s", 308 astate->iface->name, inet_ntoa(astate->addr)); 309 arp_probe1(astate); 310 } 311 #endif /* ARP */ 312 313 static void 314 arp_announced(void *arg) 315 { 316 struct arp_state *astate = arg; 317 318 if (astate->announced_cb) { 319 astate->announced_cb(astate); 320 return; 321 } 322 323 /* Keep the ARP state open to handle ongoing ACD. */ 324 } 325 326 static void 327 arp_announce1(void *arg) 328 { 329 struct arp_state *astate = arg; 330 struct interface *ifp = astate->iface; 331 332 if (++astate->claims < ANNOUNCE_NUM) 333 logdebugx("%s: ARP announcing %s (%d of %d), " 334 "next in %d.0 seconds", 335 ifp->name, inet_ntoa(astate->addr), 336 astate->claims, ANNOUNCE_NUM, ANNOUNCE_WAIT); 337 else 338 logdebugx("%s: ARP announcing %s (%d of %d)", 339 ifp->name, inet_ntoa(astate->addr), 340 astate->claims, ANNOUNCE_NUM); 341 if (arp_request(ifp, astate->addr.s_addr, astate->addr.s_addr) == -1) 342 logerr(__func__); 343 eloop_timeout_add_sec(ifp->ctx->eloop, ANNOUNCE_WAIT, 344 astate->claims < ANNOUNCE_NUM ? arp_announce1 : arp_announced, 345 astate); 346 } 347 348 /* 349 * XXX FIXME 350 * Kernels supporting RFC5227 will announce the address when it's 351 * added. 352 * dhcpcd should not announce when this happens, nor need to open 353 * a BPF socket for it. 354 * Also, an address might be added to a non preferred inteface when 355 * the same address exists on a preferred one so we need to instruct 356 * the kernel not to announce the address somehow. 357 */ 358 359 void 360 arp_announce(struct arp_state *astate) 361 { 362 struct iarp_state *state; 363 struct interface *ifp; 364 struct arp_state *a2; 365 int r; 366 367 if (arp_open(astate->iface) == -1) { 368 logerr(__func__); 369 return; 370 } 371 372 /* Cancel any other ARP announcements for this address. */ 373 TAILQ_FOREACH(ifp, astate->iface->ctx->ifaces, next) { 374 state = ARP_STATE(ifp); 375 if (state == NULL) 376 continue; 377 TAILQ_FOREACH(a2, &state->arp_states, next) { 378 if (astate == a2 || 379 a2->addr.s_addr != astate->addr.s_addr) 380 continue; 381 r = eloop_timeout_delete(a2->iface->ctx->eloop, 382 a2->claims < ANNOUNCE_NUM 383 ? arp_announce1 : arp_announced, 384 a2); 385 if (r == -1) 386 logerr(__func__); 387 else if (r != 0) 388 logdebugx("%s: ARP announcement " 389 "of %s cancelled", 390 a2->iface->name, 391 inet_ntoa(a2->addr)); 392 } 393 } 394 395 astate->claims = 0; 396 arp_announce1(astate); 397 } 398 399 void 400 arp_announceaddr(struct dhcpcd_ctx *ctx, struct in_addr *ia) 401 { 402 struct interface *ifp; 403 struct ipv4_addr *iaf; 404 struct arp_state *astate; 405 406 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 407 iaf = ipv4_iffindaddr(ifp, ia, NULL); 408 #ifdef IN_IFF_NOTUSEABLE 409 if (iaf && !(iaf->addr_flags & IN_IFF_NOTUSEABLE)) 410 #else 411 if (iaf) 412 #endif 413 break; 414 } 415 if (ifp == NULL) 416 return; 417 418 astate = arp_find(ifp, ia); 419 if (astate != NULL) 420 arp_announce(astate); 421 } 422 423 void 424 arp_ifannounceaddr(struct interface *ifp, struct in_addr *ia) 425 { 426 struct arp_state *astate; 427 428 astate = arp_new(ifp, ia); 429 if (astate != NULL) 430 arp_announce(astate); 431 } 432 433 void 434 arp_report_conflicted(const struct arp_state *astate, 435 const struct arp_msg *amsg) 436 { 437 438 if (amsg != NULL) { 439 char buf[HWADDR_LEN * 3]; 440 441 logerrx("%s: hardware address %s claims %s", 442 astate->iface->name, 443 hwaddr_ntoa(amsg->sha, astate->iface->hwlen, 444 buf, sizeof(buf)), 445 inet_ntoa(astate->failed)); 446 } else 447 logerrx("%s: DAD detected %s", 448 astate->iface->name, inet_ntoa(astate->failed)); 449 } 450 451 struct arp_state * 452 arp_find(struct interface *ifp, const struct in_addr *addr) 453 { 454 struct iarp_state *state; 455 struct arp_state *astate; 456 457 if ((state = ARP_STATE(ifp)) == NULL) 458 goto out; 459 TAILQ_FOREACH(astate, &state->arp_states, next) { 460 if (astate->addr.s_addr == addr->s_addr && astate->iface == ifp) 461 return astate; 462 } 463 out: 464 errno = ESRCH; 465 return NULL; 466 } 467 468 struct arp_state * 469 arp_new(struct interface *ifp, const struct in_addr *addr) 470 { 471 struct iarp_state *state; 472 struct arp_state *astate; 473 474 if ((state = ARP_STATE(ifp)) == NULL) { 475 ifp->if_data[IF_DATA_ARP] = malloc(sizeof(*state)); 476 state = ARP_STATE(ifp); 477 if (state == NULL) { 478 logerr(__func__); 479 return NULL; 480 } 481 state->bpf_fd = -1; 482 state->bpf_flags = 0; 483 TAILQ_INIT(&state->arp_states); 484 } else { 485 if (addr && (astate = arp_find(ifp, addr))) 486 return astate; 487 } 488 489 if ((astate = calloc(1, sizeof(*astate))) == NULL) { 490 logerr(__func__); 491 return NULL; 492 } 493 astate->iface = ifp; 494 if (addr) 495 astate->addr = *addr; 496 state = ARP_STATE(ifp); 497 TAILQ_INSERT_TAIL(&state->arp_states, astate, next); 498 499 if (bpf_arp(ifp, state->bpf_fd) == -1) 500 logerr(__func__); /* try and continue */ 501 502 return astate; 503 } 504 505 void 506 arp_cancel(struct arp_state *astate) 507 { 508 509 eloop_timeout_delete(astate->iface->ctx->eloop, NULL, astate); 510 } 511 512 void 513 arp_free(struct arp_state *astate) 514 { 515 struct interface *ifp; 516 struct iarp_state *state; 517 518 if (astate == NULL) 519 return; 520 521 ifp = astate->iface; 522 eloop_timeout_delete(ifp->ctx->eloop, NULL, astate); 523 state = ARP_STATE(ifp); 524 TAILQ_REMOVE(&state->arp_states, astate, next); 525 if (astate->free_cb) 526 astate->free_cb(astate); 527 free(astate); 528 arp_tryfree(ifp); 529 } 530 531 static void 532 arp_free_but1(struct interface *ifp, struct arp_state *astate) 533 { 534 struct iarp_state *state; 535 536 if ((state = ARP_STATE(ifp)) != NULL) { 537 struct arp_state *p, *n; 538 539 TAILQ_FOREACH_SAFE(p, &state->arp_states, next, n) { 540 if (p != astate) 541 arp_free(p); 542 } 543 } 544 } 545 546 void 547 arp_free_but(struct arp_state *astate) 548 { 549 550 arp_free_but1(astate->iface, astate); 551 } 552 553 void 554 arp_drop(struct interface *ifp) 555 { 556 557 arp_free_but1(ifp, NULL); 558 arp_close(ifp); 559 } 560 561 void 562 arp_handleifa(int cmd, struct ipv4_addr *addr) 563 { 564 struct iarp_state *state; 565 struct arp_state *astate, *asn; 566 567 state = ARP_STATE(addr->iface); 568 if (state == NULL) 569 return; 570 571 TAILQ_FOREACH_SAFE(astate, &state->arp_states, next, asn) { 572 if (astate->addr.s_addr != addr->addr.s_addr) 573 continue; 574 if (cmd == RTM_DELADDR) 575 arp_free(astate); 576 #ifdef IN_IFF_DUPLICATED 577 if (cmd != RTM_NEWADDR) 578 continue; 579 if (addr->addr_flags & IN_IFF_DUPLICATED) { 580 if (astate->conflicted_cb) 581 astate->conflicted_cb(astate, NULL); 582 } else if (!(addr->addr_flags & IN_IFF_NOTUSEABLE)) { 583 if (astate->probed_cb) 584 astate->probed_cb(astate); 585 } 586 #endif 587 } 588 } 589