1 /* $OpenBSD: bpf.c,v 1.7 2008/09/15 20:38:17 claudio Exp $ */ 2 3 /* BPF socket interface code, originally contributed by Archie Cobbs. */ 4 5 /* 6 * Copyright (c) 1995, 1996, 1998, 1999 7 * The Internet Software Consortium. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of The Internet Software Consortium nor the names 19 * of its contributors may be used to endorse or promote products derived 20 * from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND 23 * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, 24 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 25 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 26 * DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR 27 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 30 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 31 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 32 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 33 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * This software has been written for the Internet Software Consortium 37 * by Ted Lemon <mellon@fugue.com> in cooperation with Vixie 38 * Enterprises. To learn more about the Internet Software Consortium, 39 * see ``http://www.vix.com/isc''. To learn more about Vixie 40 * Enterprises, see ``http://www.vix.com''. 41 */ 42 43 #include "dhcpd.h" 44 #include <sys/ioctl.h> 45 #include <sys/uio.h> 46 47 #include <net/bpf.h> 48 #include <netinet/in_systm.h> 49 #include <netinet/ip.h> 50 #include <netinet/udp.h> 51 #include <netinet/if_ether.h> 52 53 #define BPF_FORMAT "/dev/bpf%d" 54 55 /* 56 * Called by get_interface_list for each interface that's discovered. 57 * Opens a packet filter for each interface and adds it to the select 58 * mask. 59 */ 60 int 61 if_register_bpf(struct interface_info *info) 62 { 63 char filename[50]; 64 int sock, b; 65 66 /* Open a BPF device */ 67 for (b = 0; 1; b++) { 68 snprintf(filename, sizeof(filename), BPF_FORMAT, b); 69 sock = open(filename, O_RDWR, 0); 70 if (sock == -1) { 71 if (errno == EBUSY) 72 continue; 73 else 74 error("Can't find free bpf: %m"); 75 } else 76 break; 77 } 78 79 /* Set the BPF device to point at this interface. */ 80 if (ioctl(sock, BIOCSETIF, info->ifp) == -1) 81 error("Can't attach interface %s to bpf device %s: %m", 82 info->name, filename); 83 84 return (sock); 85 } 86 87 void 88 if_register_send(struct interface_info *info) 89 { 90 /* 91 * If we're using the bpf API for sending and receiving, we 92 * don't need to register this interface twice. 93 */ 94 info->wfdesc = info->rfdesc; 95 } 96 97 /* 98 * Packet read filter program: 'ip and udp and dst port bootps' 99 */ 100 struct bpf_insn dhcp_bpf_filter[] = { 101 /* Make sure this is an IP packet... */ 102 BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 12), 103 BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETHERTYPE_IP, 0, 8), 104 105 /* Make sure it's a UDP packet... */ 106 BPF_STMT(BPF_LD + BPF_B + BPF_ABS, 23), 107 BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 6), 108 109 /* Make sure this isn't a fragment... */ 110 BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 20), 111 BPF_JUMP(BPF_JMP + BPF_JSET + BPF_K, 0x1fff, 4, 0), 112 113 /* Get the IP header length... */ 114 BPF_STMT(BPF_LDX + BPF_B + BPF_MSH, 14), 115 116 /* Make sure it's to the right port... */ 117 BPF_STMT(BPF_LD + BPF_H + BPF_IND, 16), 118 BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, SERVER_PORT, 0, 1), 119 120 /* If we passed all the tests, ask for the whole packet. */ 121 BPF_STMT(BPF_RET+BPF_K, (u_int)-1), 122 123 /* Otherwise, drop it. */ 124 BPF_STMT(BPF_RET+BPF_K, 0), 125 }; 126 127 int dhcp_bpf_filter_len = sizeof(dhcp_bpf_filter) / sizeof(struct bpf_insn); 128 129 130 /* 131 * Packet write filter program: 132 * 'ip and udp and src port bootps and dst port (bootps or bootpc)' 133 */ 134 struct bpf_insn dhcp_bpf_wfilter[] = { 135 /* Make sure this is an IP packet... */ 136 BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 12), 137 BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETHERTYPE_IP, 0, 11), 138 139 /* Make sure it's a UDP packet... */ 140 BPF_STMT(BPF_LD + BPF_B + BPF_ABS, 23), 141 BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 9), 142 143 /* Make sure this isn't a fragment... */ 144 BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 20), 145 BPF_JUMP(BPF_JMP + BPF_JSET + BPF_K, 0x1fff, 7, 0), 146 147 /* Get the IP header length... */ 148 BPF_STMT(BPF_LDX + BPF_B + BPF_MSH, 14), 149 150 /* Make sure it's from the right port... */ 151 BPF_STMT(BPF_LD + BPF_H + BPF_IND, 14), 152 BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, SERVER_PORT, 0, 4), 153 154 /* Make sure it is to the right ports ... */ 155 BPF_STMT(BPF_LD + BPF_H + BPF_IND, 16), 156 BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, CLIENT_PORT, 1, 0), 157 BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, SERVER_PORT, 0, 1), 158 159 /* If we passed all the tests, ask for the whole packet. */ 160 BPF_STMT(BPF_RET+BPF_K, (u_int)-1), 161 162 /* Otherwise, drop it. */ 163 BPF_STMT(BPF_RET+BPF_K, 0), 164 }; 165 166 int dhcp_bpf_wfilter_len = sizeof(dhcp_bpf_wfilter) / sizeof(struct bpf_insn); 167 168 void 169 if_register_receive(struct interface_info *info) 170 { 171 struct bpf_version v; 172 struct bpf_program p; 173 int flag = 1, sz, cmplt = 0; 174 175 /* Open a BPF device and hang it on this interface... */ 176 info->rfdesc = if_register_bpf(info); 177 178 /* Make sure the BPF version is in range... */ 179 if (ioctl(info->rfdesc, BIOCVERSION, &v) == -1) 180 error("Can't get BPF version: %m"); 181 182 if (v.bv_major != BPF_MAJOR_VERSION || 183 v.bv_minor < BPF_MINOR_VERSION) 184 error("Kernel BPF version out of range - recompile dhcpd!"); 185 186 /* 187 * Set immediate mode so that reads return as soon as a packet 188 * comes in, rather than waiting for the input buffer to fill 189 * with packets. 190 */ 191 if (ioctl(info->rfdesc, BIOCIMMEDIATE, &flag) == -1) 192 error("Can't set immediate mode on bpf device: %m"); 193 194 /* make sure kernel fills in the source ethernet address */ 195 if (ioctl(info->rfdesc, BIOCSHDRCMPLT, &cmplt) == -1) 196 error("Can't set header complete flag on bpf device: %m"); 197 198 /* Get the required BPF buffer length from the kernel. */ 199 if (ioctl(info->rfdesc, BIOCGBLEN, &sz) == -1) 200 error("Can't get bpf buffer length: %m"); 201 info->rbuf_max = sz; 202 info->rbuf = malloc(info->rbuf_max); 203 if (!info->rbuf) 204 error("Can't allocate %lu bytes for bpf input buffer.", 205 (unsigned long)info->rbuf_max); 206 info->rbuf_offset = 0; 207 info->rbuf_len = 0; 208 209 /* Set up the bpf filter program structure. */ 210 p.bf_len = dhcp_bpf_filter_len; 211 p.bf_insns = dhcp_bpf_filter; 212 213 if (ioctl(info->rfdesc, BIOCSETF, &p) == -1) 214 error("Can't install packet filter program: %m"); 215 216 /* Set up the bpf write filter program structure. */ 217 p.bf_len = dhcp_bpf_wfilter_len; 218 p.bf_insns = dhcp_bpf_wfilter; 219 220 if (ioctl(info->rfdesc, BIOCSETWF, &p) == -1) 221 error("Can't install write filter program: %m"); 222 223 /* make sure these settings cannot be changed after dropping privs */ 224 if (ioctl(info->rfdesc, BIOCLOCK) == -1) 225 error("Failed to lock bpf descriptor: %m"); 226 } 227 228 ssize_t 229 send_packet(struct interface_info *interface, struct dhcp_packet *raw, 230 size_t len, struct in_addr from, struct sockaddr_in *to, 231 struct hardware *hto) 232 { 233 unsigned char buf[256]; 234 struct iovec iov[2]; 235 int result, bufp = 0; 236 237 /* Assemble the headers... */ 238 assemble_hw_header(interface, buf, &bufp, hto); 239 assemble_udp_ip_header(interface, buf, &bufp, from.s_addr, 240 to->sin_addr.s_addr, to->sin_port, (unsigned char *)raw, len); 241 242 /* Fire it off */ 243 iov[0].iov_base = (char *)buf; 244 iov[0].iov_len = bufp; 245 iov[1].iov_base = (char *)raw; 246 iov[1].iov_len = len; 247 248 result = writev(interface->wfdesc, iov, 2); 249 if (result == -1) 250 warning("send_packet: %m"); 251 return (result); 252 } 253 254 ssize_t 255 receive_packet(struct interface_info *interface, unsigned char *buf, 256 size_t len, struct sockaddr_in *from, struct hardware *hfrom) 257 { 258 int length = 0, offset = 0; 259 struct bpf_hdr hdr; 260 261 /* 262 * All this complexity is because BPF doesn't guarantee that 263 * only one packet will be returned at a time. We're getting 264 * what we deserve, though - this is a terrible abuse of the BPF 265 * interface. Sigh. 266 */ 267 268 /* Process packets until we get one we can return or until we've 269 * done a read and gotten nothing we can return... 270 */ 271 do { 272 /* If the buffer is empty, fill it. */ 273 if (interface->rbuf_offset == interface->rbuf_len) { 274 length = read(interface->rfdesc, interface->rbuf, 275 interface->rbuf_max); 276 if (length <= 0) 277 return (length); 278 interface->rbuf_offset = 0; 279 interface->rbuf_len = BPF_WORDALIGN(length); 280 } 281 282 /* 283 * If there isn't room for a whole bpf header, something 284 * went wrong, but we'll ignore it and hope it goes 285 * away... XXX 286 */ 287 if (interface->rbuf_len - interface->rbuf_offset < 288 sizeof(hdr)) { 289 interface->rbuf_offset = interface->rbuf_len; 290 continue; 291 } 292 293 /* Copy out a bpf header... */ 294 memcpy(&hdr, &interface->rbuf[interface->rbuf_offset], 295 sizeof(hdr)); 296 297 /* 298 * If the bpf header plus data doesn't fit in what's 299 * left of the buffer, stick head in sand yet again... 300 */ 301 if (interface->rbuf_offset + hdr.bh_hdrlen + hdr.bh_caplen > 302 interface->rbuf_len) { 303 interface->rbuf_offset = interface->rbuf_len; 304 continue; 305 } 306 307 /* 308 * If the captured data wasn't the whole packet, or if 309 * the packet won't fit in the input buffer, all we can 310 * do is drop it. 311 */ 312 if (hdr.bh_caplen != hdr.bh_datalen) { 313 interface->rbuf_offset = BPF_WORDALIGN( 314 interface->rbuf_offset + hdr.bh_hdrlen + 315 hdr.bh_caplen); 316 continue; 317 } 318 319 /* Skip over the BPF header... */ 320 interface->rbuf_offset += hdr.bh_hdrlen; 321 322 /* Decode the physical header... */ 323 offset = decode_hw_header(interface, 324 interface->rbuf, interface->rbuf_offset, hfrom); 325 326 /* 327 * If a physical layer checksum failed (dunno of any 328 * physical layer that supports this, but WTH), skip 329 * this packet. 330 */ 331 if (offset < 0) { 332 interface->rbuf_offset = BPF_WORDALIGN( 333 interface->rbuf_offset + hdr.bh_caplen); 334 continue; 335 } 336 interface->rbuf_offset += offset; 337 hdr.bh_caplen -= offset; 338 339 /* Decode the IP and UDP headers... */ 340 offset = decode_udp_ip_header(interface, interface->rbuf, 341 interface->rbuf_offset, from, NULL, hdr.bh_caplen); 342 343 /* If the IP or UDP checksum was bad, skip the packet... */ 344 if (offset < 0) { 345 interface->rbuf_offset = BPF_WORDALIGN( 346 interface->rbuf_offset + hdr.bh_caplen); 347 continue; 348 } 349 interface->rbuf_offset += offset; 350 hdr.bh_caplen -= offset; 351 352 /* 353 * If there's not enough room to stash the packet data, 354 * we have to skip it (this shouldn't happen in real 355 * life, though). 356 */ 357 if (hdr.bh_caplen > len) { 358 interface->rbuf_offset = BPF_WORDALIGN( 359 interface->rbuf_offset + hdr.bh_caplen); 360 continue; 361 } 362 363 /* Copy out the data in the packet... */ 364 memcpy(buf, interface->rbuf + interface->rbuf_offset, 365 hdr.bh_caplen); 366 interface->rbuf_offset = BPF_WORDALIGN(interface->rbuf_offset + 367 hdr.bh_caplen); 368 return (hdr.bh_caplen); 369 } while (!length); 370 return (0); 371 } 372