1 /* $OpenBSD: bpf.c,v 1.8 2009/12/14 22:12:14 mpf Exp $ */ 2 3 /* BPF socket interface code, originally contributed by Archie Cobbs. */ 4 5 /* 6 * Copyright (c) 1995, 1996, 1998, 1999 7 * The Internet Software Consortium. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of The Internet Software Consortium nor the names 19 * of its contributors may be used to endorse or promote products derived 20 * from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND 23 * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, 24 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 25 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 26 * DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR 27 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 30 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 31 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 32 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 33 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * This software has been written for the Internet Software Consortium 37 * by Ted Lemon <mellon@fugue.com> in cooperation with Vixie 38 * Enterprises. To learn more about the Internet Software Consortium, 39 * see ``http://www.vix.com/isc''. To learn more about Vixie 40 * Enterprises, see ``http://www.vix.com''. 41 */ 42 43 #include "dhcpd.h" 44 #include <sys/ioctl.h> 45 #include <sys/uio.h> 46 47 #include <net/bpf.h> 48 #include <netinet/in_systm.h> 49 #include <netinet/ip.h> 50 #include <netinet/udp.h> 51 #include <netinet/if_ether.h> 52 53 #define BPF_FORMAT "/dev/bpf%d" 54 55 /* 56 * Called by get_interface_list for each interface that's discovered. 57 * Opens a packet filter for each interface and adds it to the select 58 * mask. 59 */ 60 int 61 if_register_bpf(struct interface_info *info) 62 { 63 char filename[50]; 64 int sock, b; 65 66 /* Open a BPF device */ 67 for (b = 0; 1; b++) { 68 snprintf(filename, sizeof(filename), BPF_FORMAT, b); 69 sock = open(filename, O_RDWR, 0); 70 if (sock == -1) { 71 if (errno == EBUSY) 72 continue; 73 else 74 error("Can't find free bpf: %m"); 75 } else 76 break; 77 } 78 79 /* Set the BPF device to point at this interface. */ 80 if (ioctl(sock, BIOCSETIF, info->ifp) == -1) 81 error("Can't attach interface %s to bpf device %s: %m", 82 info->name, filename); 83 84 return (sock); 85 } 86 87 void 88 if_register_send(struct interface_info *info) 89 { 90 /* 91 * If we're using the bpf API for sending and receiving, we 92 * don't need to register this interface twice. 93 */ 94 info->wfdesc = info->rfdesc; 95 } 96 97 /* 98 * Packet read filter program: 'ip and udp and dst port bootps' 99 */ 100 struct bpf_insn dhcp_bpf_filter[] = { 101 /* Make sure this is an IP packet... */ 102 BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 12), 103 BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETHERTYPE_IP, 0, 8), 104 105 /* Make sure it's a UDP packet... */ 106 BPF_STMT(BPF_LD + BPF_B + BPF_ABS, 23), 107 BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 6), 108 109 /* Make sure this isn't a fragment... */ 110 BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 20), 111 BPF_JUMP(BPF_JMP + BPF_JSET + BPF_K, 0x1fff, 4, 0), 112 113 /* Get the IP header length... */ 114 BPF_STMT(BPF_LDX + BPF_B + BPF_MSH, 14), 115 116 /* Make sure it's to the right port... */ 117 BPF_STMT(BPF_LD + BPF_H + BPF_IND, 16), 118 BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, SERVER_PORT, 0, 1), 119 120 /* If we passed all the tests, ask for the whole packet. */ 121 BPF_STMT(BPF_RET+BPF_K, (u_int)-1), 122 123 /* Otherwise, drop it. */ 124 BPF_STMT(BPF_RET+BPF_K, 0), 125 }; 126 127 int dhcp_bpf_filter_len = sizeof(dhcp_bpf_filter) / sizeof(struct bpf_insn); 128 129 130 /* 131 * Packet write filter program: 132 * 'ip and udp and src port bootps and dst port (bootps or bootpc)' 133 */ 134 struct bpf_insn dhcp_bpf_wfilter[] = { 135 /* Make sure this is an IP packet... */ 136 BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 12), 137 BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETHERTYPE_IP, 0, 11), 138 139 /* Make sure it's a UDP packet... */ 140 BPF_STMT(BPF_LD + BPF_B + BPF_ABS, 23), 141 BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 9), 142 143 /* Make sure this isn't a fragment... */ 144 BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 20), 145 BPF_JUMP(BPF_JMP + BPF_JSET + BPF_K, 0x1fff, 7, 0), 146 147 /* Get the IP header length... */ 148 BPF_STMT(BPF_LDX + BPF_B + BPF_MSH, 14), 149 150 /* Make sure it's from the right port... */ 151 BPF_STMT(BPF_LD + BPF_H + BPF_IND, 14), 152 BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, SERVER_PORT, 0, 4), 153 154 /* Make sure it is to the right ports ... */ 155 BPF_STMT(BPF_LD + BPF_H + BPF_IND, 16), 156 BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, CLIENT_PORT, 1, 0), 157 BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, SERVER_PORT, 0, 1), 158 159 /* If we passed all the tests, ask for the whole packet. */ 160 BPF_STMT(BPF_RET+BPF_K, (u_int)-1), 161 162 /* Otherwise, drop it. */ 163 BPF_STMT(BPF_RET+BPF_K, 0), 164 }; 165 166 int dhcp_bpf_wfilter_len = sizeof(dhcp_bpf_wfilter) / sizeof(struct bpf_insn); 167 168 void 169 if_register_receive(struct interface_info *info) 170 { 171 struct bpf_version v; 172 struct bpf_program p; 173 int flag = 1, sz, cmplt = 0; 174 175 /* Open a BPF device and hang it on this interface... */ 176 info->rfdesc = if_register_bpf(info); 177 178 /* Make sure the BPF version is in range... */ 179 if (ioctl(info->rfdesc, BIOCVERSION, &v) == -1) 180 error("Can't get BPF version: %m"); 181 182 if (v.bv_major != BPF_MAJOR_VERSION || 183 v.bv_minor < BPF_MINOR_VERSION) 184 error("Kernel BPF version out of range - recompile dhcpd!"); 185 186 /* 187 * Set immediate mode so that reads return as soon as a packet 188 * comes in, rather than waiting for the input buffer to fill 189 * with packets. 190 */ 191 if (ioctl(info->rfdesc, BIOCIMMEDIATE, &flag) == -1) 192 error("Can't set immediate mode on bpf device: %m"); 193 194 if (ioctl(info->rfdesc, BIOCSFILDROP, &flag) == -1) 195 error("Can't set filter-drop mode on bpf device: %m"); 196 197 /* make sure kernel fills in the source ethernet address */ 198 if (ioctl(info->rfdesc, BIOCSHDRCMPLT, &cmplt) == -1) 199 error("Can't set header complete flag on bpf device: %m"); 200 201 /* Get the required BPF buffer length from the kernel. */ 202 if (ioctl(info->rfdesc, BIOCGBLEN, &sz) == -1) 203 error("Can't get bpf buffer length: %m"); 204 info->rbuf_max = sz; 205 info->rbuf = malloc(info->rbuf_max); 206 if (!info->rbuf) 207 error("Can't allocate %lu bytes for bpf input buffer.", 208 (unsigned long)info->rbuf_max); 209 info->rbuf_offset = 0; 210 info->rbuf_len = 0; 211 212 /* Set up the bpf filter program structure. */ 213 p.bf_len = dhcp_bpf_filter_len; 214 p.bf_insns = dhcp_bpf_filter; 215 216 if (ioctl(info->rfdesc, BIOCSETF, &p) == -1) 217 error("Can't install packet filter program: %m"); 218 219 /* Set up the bpf write filter program structure. */ 220 p.bf_len = dhcp_bpf_wfilter_len; 221 p.bf_insns = dhcp_bpf_wfilter; 222 223 if (ioctl(info->rfdesc, BIOCSETWF, &p) == -1) 224 error("Can't install write filter program: %m"); 225 226 /* make sure these settings cannot be changed after dropping privs */ 227 if (ioctl(info->rfdesc, BIOCLOCK) == -1) 228 error("Failed to lock bpf descriptor: %m"); 229 } 230 231 ssize_t 232 send_packet(struct interface_info *interface, struct dhcp_packet *raw, 233 size_t len, struct in_addr from, struct sockaddr_in *to, 234 struct hardware *hto) 235 { 236 unsigned char buf[256]; 237 struct iovec iov[2]; 238 int result, bufp = 0; 239 240 /* Assemble the headers... */ 241 assemble_hw_header(interface, buf, &bufp, hto); 242 assemble_udp_ip_header(interface, buf, &bufp, from.s_addr, 243 to->sin_addr.s_addr, to->sin_port, (unsigned char *)raw, len); 244 245 /* Fire it off */ 246 iov[0].iov_base = (char *)buf; 247 iov[0].iov_len = bufp; 248 iov[1].iov_base = (char *)raw; 249 iov[1].iov_len = len; 250 251 result = writev(interface->wfdesc, iov, 2); 252 if (result == -1) 253 warning("send_packet: %m"); 254 return (result); 255 } 256 257 ssize_t 258 receive_packet(struct interface_info *interface, unsigned char *buf, 259 size_t len, struct sockaddr_in *from, struct hardware *hfrom) 260 { 261 int length = 0, offset = 0; 262 struct bpf_hdr hdr; 263 264 /* 265 * All this complexity is because BPF doesn't guarantee that 266 * only one packet will be returned at a time. We're getting 267 * what we deserve, though - this is a terrible abuse of the BPF 268 * interface. Sigh. 269 */ 270 271 /* Process packets until we get one we can return or until we've 272 * done a read and gotten nothing we can return... 273 */ 274 do { 275 /* If the buffer is empty, fill it. */ 276 if (interface->rbuf_offset == interface->rbuf_len) { 277 length = read(interface->rfdesc, interface->rbuf, 278 interface->rbuf_max); 279 if (length <= 0) 280 return (length); 281 interface->rbuf_offset = 0; 282 interface->rbuf_len = BPF_WORDALIGN(length); 283 } 284 285 /* 286 * If there isn't room for a whole bpf header, something 287 * went wrong, but we'll ignore it and hope it goes 288 * away... XXX 289 */ 290 if (interface->rbuf_len - interface->rbuf_offset < 291 sizeof(hdr)) { 292 interface->rbuf_offset = interface->rbuf_len; 293 continue; 294 } 295 296 /* Copy out a bpf header... */ 297 memcpy(&hdr, &interface->rbuf[interface->rbuf_offset], 298 sizeof(hdr)); 299 300 /* 301 * If the bpf header plus data doesn't fit in what's 302 * left of the buffer, stick head in sand yet again... 303 */ 304 if (interface->rbuf_offset + hdr.bh_hdrlen + hdr.bh_caplen > 305 interface->rbuf_len) { 306 interface->rbuf_offset = interface->rbuf_len; 307 continue; 308 } 309 310 /* 311 * If the captured data wasn't the whole packet, or if 312 * the packet won't fit in the input buffer, all we can 313 * do is drop it. 314 */ 315 if (hdr.bh_caplen != hdr.bh_datalen) { 316 interface->rbuf_offset = BPF_WORDALIGN( 317 interface->rbuf_offset + hdr.bh_hdrlen + 318 hdr.bh_caplen); 319 continue; 320 } 321 322 /* Skip over the BPF header... */ 323 interface->rbuf_offset += hdr.bh_hdrlen; 324 325 /* Decode the physical header... */ 326 offset = decode_hw_header(interface, 327 interface->rbuf, interface->rbuf_offset, hfrom); 328 329 /* 330 * If a physical layer checksum failed (dunno of any 331 * physical layer that supports this, but WTH), skip 332 * this packet. 333 */ 334 if (offset < 0) { 335 interface->rbuf_offset = BPF_WORDALIGN( 336 interface->rbuf_offset + hdr.bh_caplen); 337 continue; 338 } 339 interface->rbuf_offset += offset; 340 hdr.bh_caplen -= offset; 341 342 /* Decode the IP and UDP headers... */ 343 offset = decode_udp_ip_header(interface, interface->rbuf, 344 interface->rbuf_offset, from, NULL, hdr.bh_caplen); 345 346 /* If the IP or UDP checksum was bad, skip the packet... */ 347 if (offset < 0) { 348 interface->rbuf_offset = BPF_WORDALIGN( 349 interface->rbuf_offset + hdr.bh_caplen); 350 continue; 351 } 352 interface->rbuf_offset += offset; 353 hdr.bh_caplen -= offset; 354 355 /* 356 * If there's not enough room to stash the packet data, 357 * we have to skip it (this shouldn't happen in real 358 * life, though). 359 */ 360 if (hdr.bh_caplen > len) { 361 interface->rbuf_offset = BPF_WORDALIGN( 362 interface->rbuf_offset + hdr.bh_caplen); 363 continue; 364 } 365 366 /* Copy out the data in the packet... */ 367 memcpy(buf, interface->rbuf + interface->rbuf_offset, 368 hdr.bh_caplen); 369 interface->rbuf_offset = BPF_WORDALIGN(interface->rbuf_offset + 370 hdr.bh_caplen); 371 return (hdr.bh_caplen); 372 } while (!length); 373 return (0); 374 } 375