1 /* $NetBSD: bootp.c,v 1.43 2019/04/05 20:09:29 christos Exp $ */ 2 3 /* 4 * Copyright (c) 1992 Regents of the University of California. 5 * All rights reserved. 6 * 7 * This software was developed by the Computer Systems Engineering group 8 * at Lawrence Berkeley Laboratory under DARPA contract BG 91-66 and 9 * contributed to Berkeley. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. All advertising materials mentioning features or use of this software 20 * must display the following acknowledgement: 21 * This product includes software developed by the University of 22 * California, Lawrence Berkeley Laboratory and its contributors. 23 * 4. Neither the name of the University nor the names of its contributors 24 * may be used to endorse or promote products derived from this software 25 * without specific prior written permission. 26 * 27 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 30 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * 39 * @(#) Header: bootp.c,v 1.4 93/09/11 03:13:51 leres Exp (LBL) 40 */ 41 42 #include <sys/param.h> 43 #include <netinet/in.h> 44 #include <netinet/in_systm.h> 45 46 #ifdef _STANDALONE 47 #include <lib/libkern/libkern.h> 48 #else 49 #include <string.h> 50 #endif 51 52 #include "stand.h" 53 #include "net.h" 54 #include "bootp.h" 55 56 struct in_addr servip; 57 #ifdef SUPPORT_LINUX 58 char linuxcmdline[256]; 59 #ifndef TAG_LINUX_CMDLINE 60 #define TAG_LINUX_CMDLINE 123 61 #endif 62 #endif 63 64 static n_long nmask, smask; 65 66 static satime_t bot; 67 68 static char vm_rfc1048[4] = VM_RFC1048; 69 #ifdef BOOTP_VEND_CMU 70 static char vm_cmu[4] = VM_CMU; 71 #endif 72 73 /* Local forwards */ 74 static ssize_t bootpsend(struct iodesc *, void *, size_t); 75 static ssize_t bootprecv(struct iodesc *, void *, size_t, saseconds_t); 76 static int vend_rfc1048(u_char *, u_int); 77 #ifdef BOOTP_VEND_CMU 78 static void vend_cmu(u_char *); 79 #endif 80 81 #ifdef SUPPORT_DHCP 82 static char expected_dhcpmsgtype = -1, dhcp_ok; 83 struct in_addr dhcp_serverip; 84 #endif 85 86 /* 87 * Boot programs can patch this at run-time to change the behavior 88 * of bootp/dhcp. 89 */ 90 int bootp_flags; 91 92 static void 93 bootp_addvend(u_char *area) 94 { 95 #ifdef SUPPORT_DHCP 96 char vci[64]; 97 int vcilen; 98 99 *area++ = TAG_PARAM_REQ; 100 *area++ = 6; 101 *area++ = TAG_SUBNET_MASK; 102 *area++ = TAG_GATEWAY; 103 *area++ = TAG_HOSTNAME; 104 *area++ = TAG_DOMAINNAME; 105 *area++ = TAG_ROOTPATH; 106 *area++ = TAG_SWAPSERVER; 107 108 /* Insert a NetBSD Vendor Class Identifier option. */ 109 snprintf(vci, sizeof(vci), "NetBSD:%s:libsa", MACHINE); 110 vcilen = strlen(vci); 111 *area++ = TAG_CLASSID; 112 *area++ = vcilen; 113 (void)memcpy(area, vci, vcilen); 114 area += vcilen; 115 #endif 116 *area = TAG_END; 117 } 118 119 /* Fetch required bootp information */ 120 void 121 bootp(int sock) 122 { 123 struct iodesc *d; 124 struct bootp *bp; 125 struct { 126 u_char header[UDP_TOTAL_HEADER_SIZE]; 127 struct bootp wbootp; 128 } wbuf; 129 struct { 130 u_char header[UDP_TOTAL_HEADER_SIZE]; 131 struct bootp rbootp; 132 } rbuf; 133 unsigned int index; 134 135 #ifdef BOOTP_DEBUG 136 if (debug) 137 printf("%s: socket=%d\n", __func__, sock); 138 #endif 139 if (!bot) 140 bot = getsecs(); 141 142 if (!(d = socktodesc(sock))) { 143 printf("%s: bad socket. %d\n", __func__, sock); 144 return; 145 } 146 #ifdef BOOTP_DEBUG 147 if (debug) 148 printf("%s: d=%p\n", __func__, d); 149 #endif 150 151 bp = &wbuf.wbootp; 152 (void)memset(bp, 0, sizeof(*bp)); 153 154 bp->bp_op = BOOTREQUEST; 155 bp->bp_htype = 1; /* 10Mb Ethernet (48 bits) */ 156 bp->bp_hlen = 6; 157 bp->bp_xid = htonl(d->xid); 158 MACPY(d->myea, bp->bp_chaddr); 159 (void)strncpy((char *)bp->bp_file, bootfile, sizeof(bp->bp_file)); 160 (void)memcpy(bp->bp_vend, vm_rfc1048, sizeof(vm_rfc1048)); 161 index = 4; 162 #ifdef SUPPORT_DHCP 163 bp->bp_vend[index++] = TAG_DHCP_MSGTYPE; 164 bp->bp_vend[index++] = 1; 165 bp->bp_vend[index++] = DHCPDISCOVER; 166 #endif 167 bootp_addvend(&bp->bp_vend[index]); 168 169 d->myip.s_addr = INADDR_ANY; 170 d->myport = htons(IPPORT_BOOTPC); 171 d->destip.s_addr = INADDR_BROADCAST; 172 d->destport = htons(IPPORT_BOOTPS); 173 174 #ifdef SUPPORT_DHCP 175 expected_dhcpmsgtype = DHCPOFFER; 176 dhcp_ok = 0; 177 #endif 178 179 if (sendrecv(d, bootpsend, bp, sizeof(*bp), 180 bootprecv, &rbuf.rbootp, sizeof(rbuf.rbootp)) == -1) { 181 printf("%s: no reply\n", __func__); 182 return; 183 } 184 185 #ifdef SUPPORT_DHCP 186 if (dhcp_ok) { 187 u_int32_t leasetime; 188 index = 6; 189 bp->bp_vend[index++] = DHCPREQUEST; 190 bp->bp_vend[index++] = TAG_REQ_ADDR; 191 bp->bp_vend[index++] = 4; 192 (void)memcpy(&bp->bp_vend[9], &rbuf.rbootp.bp_yiaddr, 4); 193 index += 4; 194 bp->bp_vend[index++] = TAG_SERVERID; 195 bp->bp_vend[index++] = 4; 196 (void)memcpy(&bp->bp_vend[index], &dhcp_serverip.s_addr, 4); 197 index += 4; 198 bp->bp_vend[index++] = TAG_LEASETIME; 199 bp->bp_vend[index++] = 4; 200 leasetime = htonl(300); 201 (void)memcpy(&bp->bp_vend[index], &leasetime, 4); 202 index += 4; 203 bootp_addvend(&bp->bp_vend[index]); 204 205 expected_dhcpmsgtype = DHCPACK; 206 207 if (sendrecv(d, 208 bootpsend, bp, sizeof(*bp), 209 bootprecv, &rbuf.rbootp, sizeof(rbuf.rbootp)) 210 == -1) { 211 printf("DHCPREQUEST failed\n"); 212 return; 213 } 214 } 215 #endif 216 217 myip = d->myip = rbuf.rbootp.bp_yiaddr; 218 servip = rbuf.rbootp.bp_siaddr; 219 if (rootip.s_addr == INADDR_ANY) 220 rootip = servip; 221 (void)memcpy(bootfile, rbuf.rbootp.bp_file, sizeof(bootfile)); 222 bootfile[sizeof(bootfile) - 1] = '\0'; 223 224 if (IN_CLASSA(myip.s_addr)) 225 nmask = IN_CLASSA_NET; 226 else if (IN_CLASSB(myip.s_addr)) 227 nmask = IN_CLASSB_NET; 228 else 229 nmask = IN_CLASSC_NET; 230 #ifdef BOOTP_DEBUG 231 if (debug) 232 printf("'native netmask' is %s\n", intoa(nmask)); 233 #endif 234 235 /* Get subnet (or natural net) mask */ 236 netmask = nmask; 237 if (smask) 238 netmask = smask; 239 #ifdef BOOTP_DEBUG 240 if (debug) 241 printf("mask: %s\n", intoa(netmask)); 242 #endif 243 244 /* We need a gateway if root is on a different net */ 245 if (!SAMENET(myip, rootip, netmask)) { 246 #ifdef BOOTP_DEBUG 247 if (debug) 248 printf("need gateway for root ip\n"); 249 #endif 250 } 251 252 /* Toss gateway if on a different net */ 253 if (!SAMENET(myip, gateip, netmask)) { 254 #ifdef BOOTP_DEBUG 255 if (debug) 256 printf("gateway ip (%s) bad\n", inet_ntoa(gateip)); 257 #endif 258 gateip.s_addr = 0; 259 } 260 261 #ifdef BOOTP_DEBUG 262 if (debug) { 263 printf("client addr: %s\n", inet_ntoa(myip)); 264 if (smask) 265 printf("subnet mask: %s\n", intoa(smask)); 266 if (gateip.s_addr != 0) 267 printf("net gateway: %s\n", inet_ntoa(gateip)); 268 printf("server addr: %s\n", inet_ntoa(rootip)); 269 if (rootpath[0] != '\0') 270 printf("server path: %s\n", rootpath); 271 if (bootfile[0] != '\0') 272 printf("file name: %s\n", bootfile); 273 } 274 #endif 275 276 /* Bump xid so next request will be unique. */ 277 ++d->xid; 278 } 279 280 /* Transmit a bootp request */ 281 static ssize_t 282 bootpsend(struct iodesc *d, void *pkt, size_t len) 283 { 284 struct bootp *bp; 285 286 #ifdef BOOTP_DEBUG 287 if (debug) 288 printf("%s: d=%p called.\n", __func__, d); 289 #endif 290 291 bp = pkt; 292 bp->bp_secs = htons((u_short)(getsecs() - bot)); 293 294 #ifdef BOOTP_DEBUG 295 if (debug) 296 printf("%s: calling sendudp\n", __func__); 297 #endif 298 299 return sendudp(d, pkt, len); 300 } 301 302 static ssize_t 303 bootprecv(struct iodesc *d, void *pkt, size_t len, saseconds_t tleft) 304 { 305 ssize_t n; 306 struct bootp *bp; 307 308 #ifdef BOOTP_DEBUG 309 if (debug) 310 printf("%s: called\n", __func__); 311 #endif 312 313 n = readudp(d, pkt, len, tleft); 314 if (n == -1 || (size_t)n < sizeof(struct bootp) - BOOTP_VENDSIZE) 315 goto bad; 316 317 bp = (struct bootp *)pkt; 318 319 #ifdef BOOTP_DEBUG 320 if (debug) 321 printf("%s: checked. bp = %p, n = %zd\n", __func__, bp, n); 322 #endif 323 if (bp->bp_xid != htonl(d->xid)) { 324 #ifdef BOOTP_DEBUG 325 if (debug) { 326 printf("%s: expected xid 0x%lx, got 0x%x\n", __func__, 327 d->xid, ntohl(bp->bp_xid)); 328 } 329 #endif 330 goto bad; 331 } 332 333 /* protect against bogus addresses sent by DHCP servers */ 334 if (bp->bp_yiaddr.s_addr == INADDR_ANY || 335 bp->bp_yiaddr.s_addr == INADDR_BROADCAST) 336 goto bad; 337 338 #ifdef BOOTP_DEBUG 339 if (debug) 340 printf("%s: got one!\n", __func__); 341 #endif 342 343 /* Suck out vendor info */ 344 if (memcmp(vm_rfc1048, bp->bp_vend, sizeof(vm_rfc1048)) == 0) { 345 if (vend_rfc1048(bp->bp_vend, sizeof(bp->bp_vend)) != 0) 346 goto bad; 347 } 348 #ifdef BOOTP_VEND_CMU 349 else if (memcmp(vm_cmu, bp->bp_vend, sizeof(vm_cmu)) == 0) 350 vend_cmu(bp->bp_vend); 351 #endif 352 else 353 printf("%s: unknown vendor %p\n", __func__, bp->bp_vend); 354 355 return n; 356 bad: 357 errno = 0; 358 return -1; 359 } 360 361 static int 362 vend_rfc1048(u_char *cp, u_int len) 363 { 364 u_char *ep; 365 size_t size; 366 u_char tag; 367 368 #ifdef BOOTP_DEBUG 369 if (debug) 370 printf("%s: bootp info. len=%d\n", __func__, len); 371 #endif 372 ep = cp + len; 373 374 /* Step over magic cookie */ 375 cp += sizeof(int); 376 377 while (cp < ep) { 378 tag = *cp++; 379 size = *cp++; 380 if (tag == TAG_END) 381 break; 382 383 if (tag == TAG_SUBNET_MASK && size >= sizeof(smask)) { 384 (void)memcpy(&smask, cp, sizeof(smask)); 385 } 386 if (tag == TAG_GATEWAY && size >= sizeof(gateip.s_addr)) { 387 (void)memcpy(&gateip.s_addr, cp, sizeof(gateip.s_addr)); 388 } 389 if (tag == TAG_SWAPSERVER && size >= sizeof(rootip.s_addr)) { 390 /* let it override bp_siaddr */ 391 (void)memcpy(&rootip.s_addr, cp, sizeof(rootip.s_addr)); 392 } 393 if (tag == TAG_ROOTPATH && size < sizeof(rootpath)) { 394 strncpy(rootpath, (char *)cp, sizeof(rootpath)); 395 rootpath[size] = '\0'; 396 } 397 if (tag == TAG_HOSTNAME && size < sizeof(hostname)) { 398 strncpy(hostname, (char *)cp, sizeof(hostname)); 399 hostname[size] = '\0'; 400 } 401 #ifdef SUPPORT_DHCP 402 if (tag == TAG_DHCP_MSGTYPE) { 403 if (*cp != expected_dhcpmsgtype) 404 return -1; 405 dhcp_ok = 1; 406 } 407 if (tag == TAG_SERVERID && 408 size >= sizeof(dhcp_serverip.s_addr)) 409 { 410 (void)memcpy(&dhcp_serverip.s_addr, cp, 411 sizeof(dhcp_serverip.s_addr)); 412 } 413 #endif 414 #ifdef SUPPORT_LINUX 415 if (tag == TAG_LINUX_CMDLINE && size < sizeof(linuxcmdline)) { 416 strncpy(linuxcmdline, (char *)cp, sizeof(linuxcmdline)); 417 linuxcmdline[size] = '\0'; 418 } 419 #endif 420 cp += size; 421 } 422 return 0; 423 } 424 425 #ifdef BOOTP_VEND_CMU 426 static void 427 vend_cmu(u_char *cp) 428 { 429 struct cmu_vend *vp; 430 431 #ifdef BOOTP_DEBUG 432 if (debug) 433 printf("%s: bootp info.\n", __func__); 434 #endif 435 vp = (struct cmu_vend *)cp; 436 437 if (vp->v_smask.s_addr != 0) { 438 smask = vp->v_smask.s_addr; 439 } 440 if (vp->v_dgate.s_addr != 0) { 441 gateip = vp->v_dgate; 442 } 443 } 444 #endif 445