usr.sbin/ldpd/packet.c

/*	$OpenBSD: packet.c,v 1.16 2012/04/12 17:33:43 claudio Exp $ */

/*
 * Copyright (c) 2009 Michele Marchetto <michele@openbsd.org>
 * Copyright (c) 2004, 2005, 2008 Esben Norby <norby@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <sys/types.h>
#include <sys/socket.h>
#include <sys/uio.h>

#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <arpa/inet.h>
#include <net/if_dl.h>
#include <fcntl.h>
#include <unistd.h>

#include <errno.h>
#include <event.h>
#include <stdlib.h>
#include <string.h>

#include "ldpd.h"
#include "ldp.h"
#include "log.h"
#include "ldpe.h"

int		 ldp_hdr_sanity_check(struct ldp_hdr *, u_int16_t,
		    const struct iface *);
struct iface	*find_iface(struct ldpd_conf *, unsigned int, struct in_addr);
ssize_t		 session_get_pdu(struct ibuf_read *, char **);

static int	 msgcnt = 0;

int
gen_ldp_hdr(struct ibuf *buf, struct iface *iface, u_int16_t size)
{
	struct ldp_hdr	ldp_hdr;

	bzero(&ldp_hdr, sizeof(ldp_hdr));
	ldp_hdr.version = htons(LDP_VERSION);

	/* We want just the size of the value */
	size -= TLV_HDR_LEN;

	ldp_hdr.length = htons(size);
	ldp_hdr.lsr_id = ldpe_router_id();
	if (iface)
		ldp_hdr.lspace_id = iface->lspace_id;

	return (ibuf_add(buf, &ldp_hdr, LDP_HDR_SIZE));
}

int
gen_msg_tlv(struct ibuf *buf, u_int32_t type, u_int16_t size)
{
	struct ldp_msg	msg;

	/* We want just the size of the value */
	size -= TLV_HDR_LEN;

	bzero(&msg, sizeof(msg));
	msg.type = htons(type);
	msg.length = htons(size);
	msg.msgid = htonl(++msgcnt);

	return (ibuf_add(buf, &msg, sizeof(msg)));
}

/* send and receive packets */
int
send_packet(struct iface *iface, void *pkt, size_t len, struct sockaddr_in *dst)
{
	/* set outgoing interface for multicast traffic */
	if (IN_MULTICAST(ntohl(dst->sin_addr.s_addr)))
		if (if_set_mcast(iface) == -1) {
			log_warn("send_packet: error setting multicast "
			    "interface, %s", iface->name);
			return (-1);
		}

	if (sendto(iface->discovery_fd, pkt, len, 0,
	    (struct sockaddr *)dst, sizeof(*dst)) == -1) {
		log_warn("send_packet: error sending packet on interface %s",
		    iface->name);
		return (-1);
	}

	return (0);
}

/* Discovery functions */
void
disc_recv_packet(int fd, short event, void *bula)
{
	union {
		struct cmsghdr hdr;
		char	buf[CMSG_SPACE(sizeof(struct sockaddr_dl))];
	} cmsgbuf;
	struct sockaddr_in	 src;
	struct msghdr		 msg;
	struct iovec		 iov;
	struct ldpd_conf	*xconf = bula;
	struct ldp_hdr		 ldp_hdr;
	struct ldp_msg		 ldp_msg;
	struct iface		*iface;
	char			*buf;
	struct cmsghdr		*cmsg;
	ssize_t			 r;
	u_int16_t		 len;
	int			 l;
	unsigned int		 ifindex = 0;

	if (event != EV_READ)
		return;

	/* setup buffer */
	bzero(&msg, sizeof(msg));
	iov.iov_base = buf = pkt_ptr;
	iov.iov_len = IBUF_READ_SIZE;
	msg.msg_name = &src;
	msg.msg_namelen = sizeof(src);
	msg.msg_iov = &iov;
	msg.msg_iovlen = 1;
	msg.msg_control = &cmsgbuf.buf;
	msg.msg_controllen = sizeof(cmsgbuf.buf);

	if ((r = recvmsg(fd, &msg, 0)) == -1) {
		if (errno != EAGAIN && errno != EINTR)
			log_debug("disc_recv_packet: read error: %s",
			    strerror(errno));
		return;
	}
	for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL;
	    cmsg = CMSG_NXTHDR(&msg, cmsg)) {
		if (cmsg->cmsg_level == IPPROTO_IP &&
		    cmsg->cmsg_type == IP_RECVIF) {
			ifindex = ((struct sockaddr_dl *)
			    CMSG_DATA(cmsg))->sdl_index;
			break;
		}
	}

	len = (u_int16_t)r;

	/* find a matching interface */
	if ((iface = find_iface(xconf, ifindex, src.sin_addr)) == NULL) {
		log_debug("disc_recv_packet: cannot find a matching interface");
		return;
	}

	/* LDP header sanity checks */
	if (len < LDP_HDR_SIZE || len > LDP_MAX_LEN) {
		log_debug("disc_recv_packet: bad packet size");
		return;
	}
	bcopy(buf, &ldp_hdr, sizeof(ldp_hdr));

	if (ntohs(ldp_hdr.version) != LDP_VERSION) {
		log_debug("dsc_recv_packet: invalid LDP version %d",
		    ldp_hdr.version);
		return;
	}

	if ((l = ldp_hdr_sanity_check(&ldp_hdr, len, iface)) == -1)
		return;

	if (l > len) {
		log_debug("disc_recv_packet: invalid LDP packet length %d",
		    ntohs(ldp_hdr.length));
		return;
	}

	if (len < LDP_HDR_SIZE + LDP_MSG_LEN) {
		log_debug("disc_recv_packet: invalid LDP packet length %d",
		    ntohs(ldp_hdr.length));
		return;
	}

	bcopy(buf + LDP_HDR_SIZE, &ldp_msg, sizeof(ldp_msg));


	/* switch LDP packet type */
	switch (ntohs(ldp_msg.type)) {
	case MSG_TYPE_HELLO:
		recv_hello(iface, src.sin_addr, buf, len);
		break;
	default:
		log_debug("recv_packet: unknown LDP packet type, interface %s",
		    iface->name);
	}
}

int
ldp_hdr_sanity_check(struct ldp_hdr *ldp_hdr, u_int16_t len,
    const struct iface *iface)
{
	struct in_addr		 addr;

	if (ldp_hdr->lspace_id != iface->lspace_id) {
		addr.s_addr = ldp_hdr->lspace_id;
		log_debug("ldp_hdr_sanity_check: invalid label space "
		    "ID %s, interface %s", inet_ntoa(addr),
		    iface->name);
		return (-1);
	}

	return (ntohs(ldp_hdr->length));
}

struct iface *
find_iface(struct ldpd_conf *xconf, unsigned int ifindex, struct in_addr src)
{
	struct iface	*iface = NULL;

	/* returned interface needs to be active */
	LIST_FOREACH(iface, &xconf->iface_list, entry) {
		switch (iface->type) {
		case IF_TYPE_POINTOPOINT:
			if (ifindex == iface->ifindex &&
			    iface->dst.s_addr == src.s_addr &&
			    !iface->passive)
				return (iface);
			break;
		default:
			if (ifindex == iface->ifindex &&
			    (iface->addr.s_addr & iface->mask.s_addr) ==
			    (src.s_addr & iface->mask.s_addr) &&
			    !iface->passive)
				return (iface);
			break;
		}
	}

	return (NULL);
}

void
session_accept(int fd, short event, void *bula)
{
	struct sockaddr_in	 src;
	struct nbr		*nbr = NULL;
	int			 newfd;
	socklen_t		 len = sizeof(src);

	if (!(event & EV_READ))
		return;

	newfd = accept(fd, (struct sockaddr *)&src, &len);
	if (newfd == -1) {
		/*
		 * Pause accept if we are out of file descriptors, or
		 * libevent will haunt us here too.
		 */
		if (errno == ENFILE || errno == EMFILE) {
			accept_pause();
		} else if (errno != EWOULDBLOCK && errno != EINTR)
			log_debug("sess_recv_packet: accept error: %s",
			    strerror(errno));
		return;
	}

	session_socket_blockmode(newfd, BM_NONBLOCK);

	nbr = nbr_find_ip(src.sin_addr.s_addr);
	if (nbr == NULL) {
		struct ibuf	*buf;
		/* If there is no neighbor matching there is no
		   Hello adjacency: try to send notification */
		log_warnx("Connection attempt from unknown neighbor %s: %s",
		    inet_ntoa(src.sin_addr), "NO HELLO");
		buf = send_notification(S_NO_HELLO, NULL, 0, 0);
		write(newfd, buf->buf, buf->wpos);
		ibuf_free(buf);
		close(newfd);
		return;
	}

	nbr->fd = newfd;
	nbr_fsm(nbr, NBR_EVT_SESSION_UP);
}

void
session_read(int fd, short event, void *arg)
{
	struct nbr	*nbr = arg;
	struct iface	*iface = nbr->iface;
	struct ldp_hdr	*ldp_hdr;
	struct ldp_msg	*ldp_msg;
	char		*buf, *pdu;
	ssize_t		 n, len;
	int		 l, msg_size;
	u_int16_t	 pdu_len;

	if (event != EV_READ) {
		log_debug("session_read: spurious event");
		return;
	}

	if ((n = read(fd, nbr->rbuf->buf + nbr->rbuf->wpos,
	    sizeof(nbr->rbuf->buf) - nbr->rbuf->wpos)) == -1) {
		if (errno != EINTR && errno != EAGAIN) {
			session_shutdown(nbr, S_SHUTDOWN, 0, 0);
			return;
		}
		/* retry read */
		return;
	}
	if (n == 0) {
		/* connection closed */
		session_shutdown(nbr, S_SHUTDOWN, 0, 0);
		return;
	}
	nbr->rbuf->wpos += n;

	while ((len = session_get_pdu(nbr->rbuf, &buf)) > 0) {
		pdu = buf;
		ldp_hdr = (struct ldp_hdr *)pdu;
		if (ntohs(ldp_hdr->version) != LDP_VERSION) {
			session_shutdown(nbr, S_BAD_PROTO_VER, 0, 0);
			free(buf);
			return;
		}

		pdu_len = ntohs(ldp_hdr->length);
		if (pdu_len < LDP_HDR_SIZE || pdu_len > LDP_MAX_LEN) {
			session_shutdown(nbr, S_BAD_MSG_LEN, 0, 0);
			free(buf);
			return;
		}

		if ((l = ldp_hdr_sanity_check(ldp_hdr, len, iface)) == -1) {
			session_shutdown(nbr, S_BAD_LDP_ID, 0, 0);
			free(buf);
			return;
		}

		pdu += LDP_HDR_SIZE;
		len -= LDP_HDR_SIZE;

		while (len >= LDP_MSG_LEN) {
			ldp_msg = (struct ldp_msg *)pdu;

			pdu_len = ntohs(ldp_msg->length) + TLV_HDR_LEN;
			if (pdu_len > len ||
			    pdu_len < LDP_MSG_LEN - TLV_HDR_LEN) {
				session_shutdown(nbr, S_BAD_TLV_LEN, 0, 0);
				free(buf);
				return;
			}

			/* switch LDP packet type */
			switch (ntohs(ldp_msg->type)) {
			case MSG_TYPE_NOTIFICATION:
				msg_size = recv_notification(nbr, pdu, pdu_len);
				break;
			case MSG_TYPE_INIT:
				msg_size = recv_init(nbr, pdu, pdu_len);
				break;
			case MSG_TYPE_KEEPALIVE:
				msg_size = recv_keepalive(nbr, pdu, pdu_len);
				break;
			case MSG_TYPE_ADDR:
			case MSG_TYPE_ADDRWITHDRAW:
				msg_size = recv_address(nbr, pdu, pdu_len);
				break;
			case MSG_TYPE_LABELMAPPING:
				msg_size = recv_labelmapping(nbr, pdu, pdu_len);
				break;
			case MSG_TYPE_LABELREQUEST:
				msg_size = recv_labelrequest(nbr, pdu, pdu_len);
				break;
			case MSG_TYPE_LABELWITHDRAW:
				msg_size = recv_labelwithdraw(nbr, pdu, pdu_len);
				break;
			case MSG_TYPE_LABELRELEASE:
				msg_size = recv_labelrelease(nbr, pdu, pdu_len);
				break;
			case MSG_TYPE_LABELABORTREQ:
			case MSG_TYPE_HELLO:
			default:
				log_debug("session_read: unknown LDP packet "
				    "type interface %s", iface->name);
				free(buf);
				return;
			}

			if (msg_size == -1) {
				/* parser failed, giving up */
				free(buf);
				return;
			}

			/* Analyse the next message */
			pdu += msg_size + TLV_HDR_LEN;
			len -= msg_size + TLV_HDR_LEN;
		}
		free(buf);
		if (len != 0) {
			session_shutdown(nbr, S_BAD_PDU_LEN, 0, 0);
			return;
		}
	}
}

void
session_write(int fd, short event, void *arg)
{
	struct nbr *nbr = arg;

	if (event & EV_WRITE) {
		if (msgbuf_write(&nbr->wbuf.wbuf) == -1)
			nbr_fsm(nbr, NBR_EVT_CLOSE_SESSION);
	} else
		log_debug("session_write: spurious event");

	evbuf_event_add(&nbr->wbuf);
}

void
session_shutdown(struct nbr *nbr, u_int32_t status, u_int32_t msgid,
    u_int32_t type)
{
	log_debug("session_shutdown: nbr ID %s, status %x",
	    inet_ntoa(nbr->id), status);

	send_notification_nbr(nbr, status, msgid, type);

	/* try to flush write buffer, if it fails tough shit */
	msgbuf_write(&nbr->wbuf.wbuf);

	nbr_fsm(nbr, NBR_EVT_CLOSE_SESSION);
}

void
session_close(struct nbr *nbr)
{
	log_debug("session_close: closing session with nbr ID %s",
	    inet_ntoa(nbr->id));

	evbuf_clear(&nbr->wbuf);
	event_del(&nbr->rev);

	if (evtimer_pending(&nbr->keepalive_timer, NULL))
		evtimer_del(&nbr->keepalive_timer);
	if (evtimer_pending(&nbr->keepalive_timeout, NULL))
		evtimer_del(&nbr->keepalive_timeout);

	close(nbr->fd);
	accept_unpause();
}

ssize_t
session_get_pdu(struct ibuf_read *r, char **b)
{
	struct ldp_hdr	l;
	size_t		av, dlen, left;

	av = r->wpos;
	if (av < sizeof(l))
		return (0);

	memcpy(&l, r->buf, sizeof(l));
	dlen = ntohs(l.length) + TLV_HDR_LEN;
	if (dlen > av)
		return (0);

	if ((*b = malloc(dlen)) == NULL)
		return (-1);

	memcpy(*b, r->buf, dlen);
	if (dlen < av) {
		left = av - dlen;
		memmove(r->buf, r->buf + dlen, left);
		r->wpos = left;
	} else
		r->wpos = 0;

	return (dlen);
}