1 /* $OpenBSD: packet.c,v 1.13 2017/02/13 19:15:39 krw Exp $ */ 2 3 /* Packet assembly code, originally contributed by Archie Cobbs. */ 4 5 /* 6 * Copyright (c) 1995, 1996, 1999 The Internet Software Consortium. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of The Internet Software Consortium nor the names 19 * of its contributors may be used to endorse or promote products derived 20 * from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND 23 * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, 24 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 25 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 26 * DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR 27 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 30 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 31 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 32 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 33 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * This software has been written for the Internet Software Consortium 37 * by Ted Lemon <mellon@fugue.com> in cooperation with Vixie 38 * Enterprises. To learn more about the Internet Software Consortium, 39 * see ``http://www.vix.com/isc''. To learn more about Vixie 40 * Enterprises, see ``http://www.vix.com''. 41 */ 42 43 #include <sys/types.h> 44 #include <sys/socket.h> 45 46 #include <arpa/inet.h> 47 48 #include <net/if.h> 49 #include <net/if_enc.h> 50 51 #include <netinet/in.h> 52 #include <netinet/ip.h> 53 #include <netinet/udp.h> 54 #include <netinet/if_ether.h> 55 56 #include <string.h> 57 58 #include "dhcp.h" 59 #include "dhcpd.h" 60 #include "log.h" 61 62 63 u_int32_t checksum(unsigned char *, unsigned, u_int32_t); 64 u_int32_t wrapsum(u_int32_t); 65 66 u_int32_t 67 checksum(unsigned char *buf, unsigned nbytes, u_int32_t sum) 68 { 69 int i; 70 71 /* Checksum all the pairs of bytes first... */ 72 for (i = 0; i < (nbytes & ~1U); i += 2) { 73 sum += (u_int16_t)ntohs(*((u_int16_t *)(buf + i))); 74 if (sum > 0xFFFF) 75 sum -= 0xFFFF; 76 } 77 78 /* 79 * If there's a single byte left over, checksum it, too. 80 * Network byte order is big-endian, so the remaining byte is 81 * the high byte. 82 */ 83 if (i < nbytes) { 84 sum += buf[i] << 8; 85 if (sum > 0xFFFF) 86 sum -= 0xFFFF; 87 } 88 89 return (sum); 90 } 91 92 u_int32_t 93 wrapsum(u_int32_t sum) 94 { 95 sum = ~sum & 0xFFFF; 96 return (htons(sum)); 97 } 98 99 void 100 assemble_hw_header(struct interface_info *interface, unsigned char *buf, 101 int *bufix, struct packet_ctx *pc) 102 { 103 struct ether_header eh; 104 105 /* Use the supplied address or let the kernel fill it. */ 106 memcpy(eh.ether_shost, pc->pc_smac, ETHER_ADDR_LEN); 107 memcpy(eh.ether_dhost, pc->pc_dmac, ETHER_ADDR_LEN); 108 109 eh.ether_type = htons(ETHERTYPE_IP); 110 111 memcpy(&buf[*bufix], &eh, ETHER_HDR_LEN); 112 *bufix += ETHER_HDR_LEN; 113 } 114 115 void 116 assemble_udp_ip_header(struct interface_info *interface, unsigned char *buf, 117 int *bufix, struct packet_ctx *pc, unsigned char *data, int len) 118 { 119 struct ip ip; 120 struct udphdr udp; 121 122 ip.ip_v = 4; 123 ip.ip_hl = 5; 124 ip.ip_tos = IPTOS_LOWDELAY; 125 ip.ip_len = htons(sizeof(ip) + sizeof(udp) + len); 126 ip.ip_id = 0; 127 ip.ip_off = 0; 128 ip.ip_ttl = 16; 129 ip.ip_p = IPPROTO_UDP; 130 ip.ip_sum = 0; 131 ip.ip_src.s_addr = ss2sin(&pc->pc_src)->sin_addr.s_addr; 132 ip.ip_dst.s_addr = ss2sin(&pc->pc_dst)->sin_addr.s_addr; 133 134 ip.ip_sum = wrapsum(checksum((unsigned char *)&ip, sizeof(ip), 0)); 135 memcpy(&buf[*bufix], &ip, sizeof(ip)); 136 *bufix += sizeof(ip); 137 138 udp.uh_sport = ss2sin(&pc->pc_src)->sin_port; 139 udp.uh_dport = ss2sin(&pc->pc_dst)->sin_port; 140 udp.uh_ulen = htons(sizeof(udp) + len); 141 memset(&udp.uh_sum, 0, sizeof(udp.uh_sum)); 142 143 udp.uh_sum = wrapsum(checksum((unsigned char *)&udp, sizeof(udp), 144 checksum(data, len, checksum((unsigned char *)&ip.ip_src, 145 2 * sizeof(ip.ip_src), 146 IPPROTO_UDP + (u_int32_t)ntohs(udp.uh_ulen))))); 147 148 memcpy(&buf[*bufix], &udp, sizeof(udp)); 149 *bufix += sizeof(udp); 150 } 151 152 ssize_t 153 decode_hw_header(struct interface_info *interface, unsigned char *buf, 154 int bufix, struct packet_ctx *pc) 155 { 156 size_t offset = 0; 157 158 if (interface->hw_address.htype == HTYPE_IPSEC_TUNNEL) { 159 u_int32_t ip_len; 160 struct ip *ip; 161 162 bufix += ENC_HDRLEN; 163 ip_len = (buf[bufix] & 0xf) << 2; 164 ip = (struct ip *)(buf + bufix); 165 166 /* Encapsulated IP */ 167 if (ip->ip_p != IPPROTO_IPIP) 168 return (-1); 169 170 memset(pc->pc_dmac, 0xff, ETHER_ADDR_LEN); 171 offset = ENC_HDRLEN + ip_len; 172 } else { 173 memcpy(pc->pc_dmac, buf + bufix, ETHER_ADDR_LEN); 174 memcpy(pc->pc_smac, buf + bufix + ETHER_ADDR_LEN, 175 ETHER_ADDR_LEN); 176 offset = sizeof(struct ether_header); 177 } 178 179 pc->pc_htype = ARPHRD_ETHER; 180 pc->pc_hlen = ETHER_ADDR_LEN; 181 182 return (offset); 183 } 184 185 ssize_t 186 decode_udp_ip_header(struct interface_info *interface, unsigned char *buf, 187 int bufix, struct packet_ctx *pc, int buflen) 188 { 189 struct ip *ip; 190 struct udphdr *udp; 191 unsigned char *data; 192 u_int32_t ip_len; 193 u_int32_t sum, usum; 194 static unsigned int ip_packets_seen; 195 static unsigned int ip_packets_bad_checksum; 196 static unsigned int udp_packets_seen; 197 static unsigned int udp_packets_bad_checksum; 198 static unsigned int udp_packets_length_checked; 199 static unsigned int udp_packets_length_overflow; 200 int len; 201 202 /* Assure that an entire IP header is within the buffer. */ 203 if (sizeof(*ip) > buflen) 204 return (-1); 205 ip_len = (buf[bufix] & 0xf) << 2; 206 if (ip_len > buflen) 207 return (-1); 208 ip = (struct ip *)(buf + bufix); 209 ip_packets_seen++; 210 211 /* Check the IP header checksum - it should be zero. */ 212 if (wrapsum(checksum(buf + bufix, ip_len, 0)) != 0) { 213 ip_packets_bad_checksum++; 214 if (ip_packets_seen > 4 && ip_packets_bad_checksum != 0 && 215 (ip_packets_seen / ip_packets_bad_checksum) < 2) { 216 log_info("%u bad IP checksums seen in %u packets", 217 ip_packets_bad_checksum, ip_packets_seen); 218 ip_packets_seen = ip_packets_bad_checksum = 0; 219 } 220 return (-1); 221 } 222 223 pc->pc_src.ss_len = sizeof(struct sockaddr_in); 224 pc->pc_src.ss_family = AF_INET; 225 memcpy(&ss2sin(&pc->pc_src)->sin_addr, &ip->ip_src, 226 sizeof(ss2sin(&pc->pc_src)->sin_addr)); 227 228 pc->pc_dst.ss_len = sizeof(struct sockaddr_in); 229 pc->pc_dst.ss_family = AF_INET; 230 memcpy(&ss2sin(&pc->pc_dst)->sin_addr, &ip->ip_dst, 231 sizeof(ss2sin(&pc->pc_dst)->sin_addr)); 232 233 #ifdef DEBUG 234 if (ntohs(ip->ip_len) != buflen) 235 log_debug("ip length %d disagrees with bytes received %d.", 236 ntohs(ip->ip_len), buflen); 237 #endif 238 239 /* Assure that the entire IP packet is within the buffer. */ 240 if (ntohs(ip->ip_len) > buflen) 241 return (-1); 242 243 /* Assure that the UDP header is within the buffer. */ 244 if (ip_len + sizeof(*udp) > buflen) 245 return (-1); 246 udp = (struct udphdr *)(buf + bufix + ip_len); 247 udp_packets_seen++; 248 249 /* Assure that the entire UDP packet is within the buffer. */ 250 if (ip_len + ntohs(udp->uh_ulen) > buflen) 251 return (-1); 252 data = buf + bufix + ip_len + sizeof(*udp); 253 254 /* 255 * Compute UDP checksums, including the ``pseudo-header'', the 256 * UDP header and the data. If the UDP checksum field is zero, 257 * we're not supposed to do a checksum. 258 */ 259 udp_packets_length_checked++; 260 len = ntohs(udp->uh_ulen) - sizeof(*udp); 261 if ((len < 0) || (len + data > buf + bufix + buflen)) { 262 udp_packets_length_overflow++; 263 if (udp_packets_length_checked > 4 && 264 udp_packets_length_overflow != 0 && 265 (udp_packets_length_checked / 266 udp_packets_length_overflow) < 2) { 267 log_info("%u udp packets in %u too long - dropped", 268 udp_packets_length_overflow, 269 udp_packets_length_checked); 270 udp_packets_length_overflow = 271 udp_packets_length_checked = 0; 272 } 273 return (-1); 274 } 275 if (len + data != buf + bufix + buflen) 276 log_debug("accepting packet with data after udp payload."); 277 278 usum = udp->uh_sum; 279 udp->uh_sum = 0; 280 281 sum = wrapsum(checksum((unsigned char *)udp, sizeof(*udp), 282 checksum(data, len, checksum((unsigned char *)&ip->ip_src, 283 2 * sizeof(ip->ip_src), 284 IPPROTO_UDP + (u_int32_t)ntohs(udp->uh_ulen))))); 285 286 udp_packets_seen++; 287 if (usum && usum != sum) { 288 udp_packets_bad_checksum++; 289 if (udp_packets_seen > 4 && udp_packets_bad_checksum != 0 && 290 (udp_packets_seen / udp_packets_bad_checksum) < 2) { 291 log_info("%u bad udp checksums in %u packets", 292 udp_packets_bad_checksum, udp_packets_seen); 293 udp_packets_seen = udp_packets_bad_checksum = 0; 294 } 295 return (-1); 296 } 297 298 ss2sin(&pc->pc_src)->sin_port = udp->uh_sport; 299 ss2sin(&pc->pc_dst)->sin_port = udp->uh_dport; 300 301 return (ip_len + sizeof(*udp)); 302 } 303