xref: /openbsd-src/usr.sbin/vmd/packet.c (revision 99fd087599a8791921855f21bd7e36130f39aadc) 
1 /*	$OpenBSD: packet.c,v 1.1 2017/04/19 15:38:32 reyk Exp $	*/
2 
3 /* Packet assembly code, originally contributed by Archie Cobbs. */
4 
5 /*
6  * Copyright (c) 1995, 1996, 1999 The Internet Software Consortium.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  *
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  * 3. Neither the name of The Internet Software Consortium nor the names
19  *    of its contributors may be used to endorse or promote products derived
20  *    from this software without specific prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
23  * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
24  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
25  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
26  * DISCLAIMED.  IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
27  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
29  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
30  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
31  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
32  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
33  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34  * SUCH DAMAGE.
35  *
36  * This software has been written for the Internet Software Consortium
37  * by Ted Lemon <mellon@fugue.com> in cooperation with Vixie
38  * Enterprises.  To learn more about the Internet Software Consortium,
39  * see ``http://www.vix.com/isc''.  To learn more about Vixie
40  * Enterprises, see ``http://www.vix.com''.
41  */
42 
43 #include <sys/types.h>
44 #include <sys/socket.h>
45 
46 #include <arpa/inet.h>
47 
48 #include <net/if.h>
49 #include <net/if_enc.h>
50 
51 #include <netinet/in.h>
52 #include <netinet/ip.h>
53 #include <netinet/udp.h>
54 #include <netinet/if_ether.h>
55 
56 #include <string.h>
57 
58 #include "dhcp.h"
59 #include "vmd.h"
60 #include "proc.h"
61 
62 u_int32_t	checksum(unsigned char *, u_int32_t, u_int32_t);
63 u_int32_t	wrapsum(u_int32_t);
64 
65 u_int32_t
66 checksum(unsigned char *buf, u_int32_t nbytes, u_int32_t sum)
67 {
68 	u_int32_t i;
69 
70 	/* Checksum all the pairs of bytes first... */
71 	for (i = 0; i < (nbytes & ~1U); i += 2) {
72 		sum += (u_int16_t)ntohs(*((u_int16_t *)(buf + i)));
73 		if (sum > 0xFFFF)
74 			sum -= 0xFFFF;
75 	}
76 
77 	/*
78 	 * If there's a single byte left over, checksum it, too.
79 	 * Network byte order is big-endian, so the remaining byte is
80 	 * the high byte.
81 	 */
82 	if (i < nbytes) {
83 		sum += buf[i] << 8;
84 		if (sum > 0xFFFF)
85 			sum -= 0xFFFF;
86 	}
87 
88 	return (sum);
89 }
90 
91 u_int32_t
92 wrapsum(u_int32_t sum)
93 {
94 	sum = ~sum & 0xFFFF;
95 	return (htons(sum));
96 }
97 
98 ssize_t
99 assemble_hw_header(unsigned char *buf, size_t buflen,
100     size_t offset, struct packet_ctx *pc, unsigned int intfhtype)
101 {
102 	struct ether_header eh;
103 
104 	switch (intfhtype) {
105 	case HTYPE_ETHER:
106 		if (buflen < offset + ETHER_HDR_LEN)
107 			return (-1);
108 
109 		/* Use the supplied address or let the kernel fill it. */
110 		memcpy(eh.ether_shost, pc->pc_smac, ETHER_ADDR_LEN);
111 		memcpy(eh.ether_dhost, pc->pc_dmac, ETHER_ADDR_LEN);
112 
113 		eh.ether_type = htons(ETHERTYPE_IP);
114 
115 		memcpy(&buf[offset], &eh, ETHER_HDR_LEN);
116 		offset += ETHER_HDR_LEN;
117 		break;
118 	default:
119 		return (-1);
120 	}
121 
122 	return (offset);
123 }
124 
125 ssize_t
126 assemble_udp_ip_header(unsigned char *buf, size_t buflen, size_t offset,
127     struct packet_ctx *pc, unsigned char *data, size_t datalen)
128 {
129 	struct ip ip;
130 	struct udphdr udp;
131 
132 	if (buflen < offset + sizeof(ip) + sizeof(udp))
133 		return (-1);
134 
135 	ip.ip_v = 4;
136 	ip.ip_hl = 5;
137 	ip.ip_tos = IPTOS_LOWDELAY;
138 	ip.ip_len = htons(sizeof(ip) + sizeof(udp) + datalen);
139 	ip.ip_id = 0;
140 	ip.ip_off = 0;
141 	ip.ip_ttl = 16;
142 	ip.ip_p = IPPROTO_UDP;
143 	ip.ip_sum = 0;
144 	ip.ip_src.s_addr = ss2sin(&pc->pc_src)->sin_addr.s_addr;
145 	ip.ip_dst.s_addr = ss2sin(&pc->pc_dst)->sin_addr.s_addr;
146 
147 	ip.ip_sum = wrapsum(checksum((unsigned char *)&ip, sizeof(ip), 0));
148 	memcpy(&buf[offset], &ip, sizeof(ip));
149 	offset += sizeof(ip);
150 
151 	udp.uh_sport = ss2sin(&pc->pc_src)->sin_port;
152 	udp.uh_dport = ss2sin(&pc->pc_dst)->sin_port;
153 	udp.uh_ulen = htons(sizeof(udp) + datalen);
154 	memset(&udp.uh_sum, 0, sizeof(udp.uh_sum));
155 
156 	udp.uh_sum = wrapsum(checksum((unsigned char *)&udp, sizeof(udp),
157 	    checksum(data, datalen, checksum((unsigned char *)&ip.ip_src,
158 	    2 * sizeof(ip.ip_src),
159 	    IPPROTO_UDP + (u_int32_t)ntohs(udp.uh_ulen)))));
160 
161 	memcpy(&buf[offset], &udp, sizeof(udp));
162 	offset += sizeof(udp);
163 
164 	return (offset);
165 }
166 
167 ssize_t
168 decode_hw_header(unsigned char *buf, size_t buflen,
169     size_t offset, struct packet_ctx *pc, unsigned int intfhtype)
170 {
171 	u_int32_t ip_len;
172 	struct ip *ip;
173 
174 	switch (intfhtype) {
175 	case HTYPE_IPSEC_TUNNEL:
176 		if (buflen < offset + ENC_HDRLEN + sizeof(*ip))
177 			return (-1);
178 		offset += ENC_HDRLEN;
179 		ip_len = (buf[offset] & 0xf) << 2;
180 		if (buflen < offset + ip_len)
181 			return (-1);
182 
183 		ip = (struct ip *)(buf + offset);
184 
185 		/* Encapsulated IP */
186 		if (ip->ip_p != IPPROTO_IPIP)
187 			return (-1);
188 
189 		memset(pc->pc_dmac, 0xff, ETHER_ADDR_LEN);
190 		offset += ip_len;
191 
192 		pc->pc_htype = ARPHRD_ETHER;
193 		pc->pc_hlen = ETHER_ADDR_LEN;
194 		break;
195 	case HTYPE_ETHER:
196 		if (buflen < offset + ETHER_HDR_LEN)
197 			return (-1);
198 
199 		memcpy(pc->pc_dmac, buf + offset, ETHER_ADDR_LEN);
200 		memcpy(pc->pc_smac, buf + offset + ETHER_ADDR_LEN,
201 		    ETHER_ADDR_LEN);
202 		offset += ETHER_HDR_LEN;
203 
204 		pc->pc_htype = ARPHRD_ETHER;
205 		pc->pc_hlen = ETHER_ADDR_LEN;
206 		break;
207 	default:
208 		return (-1);
209 	}
210 
211 	return (offset);
212 }
213 
214 ssize_t
215 decode_udp_ip_header(unsigned char *buf, size_t buflen,
216     size_t offset, struct packet_ctx *pc)
217 {
218 	struct ip *ip;
219 	struct udphdr *udp;
220 	unsigned char *data;
221 	u_int32_t ip_len;
222 	u_int32_t sum, usum;
223 	static unsigned int ip_packets_seen;
224 	static unsigned int ip_packets_bad_checksum;
225 	static unsigned int udp_packets_seen;
226 	static unsigned int udp_packets_bad_checksum;
227 	static unsigned int udp_packets_length_checked;
228 	static unsigned int udp_packets_length_overflow;
229 	int len;
230 
231 	/* Assure that an entire IP header is within the buffer. */
232 	if (buflen < offset + sizeof(*ip))
233 		return (-1);
234 	ip_len = (buf[offset] & 0xf) << 2;
235 	if (buflen < offset + ip_len)
236 		return (-1);
237 
238 	ip = (struct ip *)(buf + offset);
239 	ip_packets_seen++;
240 
241 	/* Check the IP header checksum - it should be zero. */
242 	if (wrapsum(checksum(buf + offset, ip_len, 0)) != 0) {
243 		ip_packets_bad_checksum++;
244 		if (ip_packets_seen > 4 && ip_packets_bad_checksum != 0 &&
245 		    (ip_packets_seen / ip_packets_bad_checksum) < 2) {
246 			log_info("%u bad IP checksums seen in %u packets",
247 			    ip_packets_bad_checksum, ip_packets_seen);
248 			ip_packets_seen = ip_packets_bad_checksum = 0;
249 		}
250 		return (-1);
251 	}
252 
253 	pc->pc_src.ss_len = sizeof(struct sockaddr_in);
254 	pc->pc_src.ss_family = AF_INET;
255 	memcpy(&ss2sin(&pc->pc_src)->sin_addr, &ip->ip_src,
256 	    sizeof(ss2sin(&pc->pc_src)->sin_addr));
257 
258 	pc->pc_dst.ss_len = sizeof(struct sockaddr_in);
259 	pc->pc_dst.ss_family = AF_INET;
260 	memcpy(&ss2sin(&pc->pc_dst)->sin_addr, &ip->ip_dst,
261 	    sizeof(ss2sin(&pc->pc_dst)->sin_addr));
262 
263 #ifdef DEBUG
264 	if (buflen != offset + ntohs(ip->ip_len))
265 		log_debug("ip length %d disagrees with bytes received %zd.",
266 		    ntohs(ip->ip_len), buflen - offset);
267 #endif
268 
269 	/* Assure that the entire IP packet is within the buffer. */
270 	if (buflen < offset + ntohs(ip->ip_len))
271 		return (-1);
272 
273 	/* Assure that the UDP header is within the buffer. */
274 	if (buflen < offset + ip_len + sizeof(*udp))
275 		return (-1);
276 	udp = (struct udphdr *)(buf + offset + ip_len);
277 	udp_packets_seen++;
278 
279 	/* Assure that the entire UDP packet is within the buffer. */
280 	if (buflen < offset + ip_len + ntohs(udp->uh_ulen))
281 		return (-1);
282 	data = buf + offset + ip_len + sizeof(*udp);
283 
284 	/*
285 	 * Compute UDP checksums, including the ``pseudo-header'', the
286 	 * UDP header and the data. If the UDP checksum field is zero,
287 	 * we're not supposed to do a checksum.
288 	 */
289 	udp_packets_length_checked++;
290 	len = ntohs(udp->uh_ulen) - sizeof(*udp);
291 	if ((len < 0) || (len + data > buf + buflen)) {
292 		udp_packets_length_overflow++;
293 		if (udp_packets_length_checked > 4 &&
294 		    udp_packets_length_overflow != 0 &&
295 		    (udp_packets_length_checked /
296 		    udp_packets_length_overflow) < 2) {
297 			log_info("%u udp packets in %u too long - dropped",
298 			    udp_packets_length_overflow,
299 			    udp_packets_length_checked);
300 			udp_packets_length_overflow =
301 			    udp_packets_length_checked = 0;
302 		}
303 		return (-1);
304 	}
305 	if (len + data != buf + buflen)
306 		log_debug("accepting packet with data after udp payload.");
307 
308 	usum = udp->uh_sum;
309 	udp->uh_sum = 0;
310 
311 	sum = wrapsum(checksum((unsigned char *)udp, sizeof(*udp),
312 	    checksum(data, len, checksum((unsigned char *)&ip->ip_src,
313 	    2 * sizeof(ip->ip_src),
314 	    IPPROTO_UDP + (u_int32_t)ntohs(udp->uh_ulen)))));
315 
316 	udp_packets_seen++;
317 	if (usum && usum != sum) {
318 		udp_packets_bad_checksum++;
319 		if (udp_packets_seen > 4 && udp_packets_bad_checksum != 0 &&
320 		    (udp_packets_seen / udp_packets_bad_checksum) < 2) {
321 			log_info("%u bad udp checksums in %u packets",
322 			    udp_packets_bad_checksum, udp_packets_seen);
323 			udp_packets_seen = udp_packets_bad_checksum = 0;
324 		}
325 		return (-1);
326 	}
327 
328 	ss2sin(&pc->pc_src)->sin_port = udp->uh_sport;
329 	ss2sin(&pc->pc_dst)->sin_port = udp->uh_dport;
330 
331 	return (offset + ip_len + sizeof(*udp));
332 }
333