xref: /minix/external/bsd/dhcp/dist/common/packet.c (revision bb9622b5) 
1 /*	$NetBSD: packet.c,v 1.1.1.4 2014/07/12 11:57:46 spz Exp $	*/
2 /* packet.c
3 
4    Packet assembly code, originally contributed by Archie Cobbs. */
5 
6 /*
7  * Copyright (c) 2009,2012 by Internet Systems Consortium, Inc. ("ISC")
8  * Copyright (c) 2004,2005,2007 by Internet Systems Consortium, Inc. ("ISC")
9  * Copyright (c) 1996-2003 by Internet Software Consortium
10  *
11  * Permission to use, copy, modify, and distribute this software for any
12  * purpose with or without fee is hereby granted, provided that the above
13  * copyright notice and this permission notice appear in all copies.
14  *
15  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
16  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
17  * MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
18  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
19  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
21  * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22  *
23  *   Internet Systems Consortium, Inc.
24  *   950 Charter Street
25  *   Redwood City, CA 94063
26  *   <info@isc.org>
27  *   https://www.isc.org/
28  *
29  * This code was originally contributed by Archie Cobbs, and is still
30  * very similar to that contribution, although the packet checksum code
31  * has been hacked significantly with the help of quite a few ISC DHCP
32  * users, without whose gracious and thorough help the checksum code would
33  * still be disabled.
34  */
35 
36 #include <sys/cdefs.h>
37 __RCSID("$NetBSD: packet.c,v 1.1.1.4 2014/07/12 11:57:46 spz Exp $");
38 
39 #include "dhcpd.h"
40 
41 #if defined (PACKET_ASSEMBLY) || defined (PACKET_DECODING)
42 #include "includes/netinet/ip.h"
43 #include "includes/netinet/udp.h"
44 #include "includes/netinet/if_ether.h"
45 #endif /* PACKET_ASSEMBLY || PACKET_DECODING */
46 
47 /* Compute the easy part of the checksum on a range of bytes. */
48 
49 u_int32_t checksum (buf, nbytes, sum)
50 	unsigned char *buf;
51 	unsigned nbytes;
52 	u_int32_t sum;
53 {
54 	unsigned i;
55 
56 #ifdef DEBUG_CHECKSUM
57 	log_debug ("checksum (%x %d %x)", buf, nbytes, sum);
58 #endif
59 
60 	/* Checksum all the pairs of bytes first... */
61 	for (i = 0; i < (nbytes & ~1U); i += 2) {
62 #ifdef DEBUG_CHECKSUM_VERBOSE
63 		log_debug ("sum = %x", sum);
64 #endif
65 		sum += (u_int16_t) ntohs(*((u_int16_t *)(buf + i)));
66 		/* Add carry. */
67 		if (sum > 0xFFFF)
68 			sum -= 0xFFFF;
69 	}
70 
71 	/* If there's a single byte left over, checksum it, too.   Network
72 	   byte order is big-endian, so the remaining byte is the high byte. */
73 	if (i < nbytes) {
74 #ifdef DEBUG_CHECKSUM_VERBOSE
75 		log_debug ("sum = %x", sum);
76 #endif
77 		sum += buf [i] << 8;
78 		/* Add carry. */
79 		if (sum > 0xFFFF)
80 			sum -= 0xFFFF;
81 	}
82 
83 	return sum;
84 }
85 
86 /* Finish computing the checksum, and then put it into network byte order. */
87 
88 u_int32_t wrapsum (sum)
89 	u_int32_t sum;
90 {
91 #ifdef DEBUG_CHECKSUM
92 	log_debug ("wrapsum (%x)", sum);
93 #endif
94 
95 	sum = ~sum & 0xFFFF;
96 #ifdef DEBUG_CHECKSUM_VERBOSE
97 	log_debug ("sum = %x", sum);
98 #endif
99 
100 #ifdef DEBUG_CHECKSUM
101 	log_debug ("wrapsum returns %x", htons (sum));
102 #endif
103 	return htons(sum);
104 }
105 
106 #ifdef PACKET_ASSEMBLY
107 void assemble_hw_header (interface, buf, bufix, to)
108 	struct interface_info *interface;
109 	unsigned char *buf;
110 	unsigned *bufix;
111 	struct hardware *to;
112 {
113 	switch (interface->hw_address.hbuf[0]) {
114 #if defined(HAVE_TR_SUPPORT)
115 	case HTYPE_IEEE802:
116 		assemble_tr_header(interface, buf, bufix, to);
117 		break;
118 #endif
119 #if defined (DEC_FDDI)
120 	case HTYPE_FDDI:
121 		assemble_fddi_header(interface, buf, bufix, to);
122 		break;
123 #endif
124 	case HTYPE_INFINIBAND:
125 		log_error("Attempt to assemble hw header for infiniband");
126 		break;
127 	case HTYPE_ETHER:
128 	default:
129 		assemble_ethernet_header(interface, buf, bufix, to);
130 		break;
131 	}
132 }
133 
134 /* UDP header and IP header assembled together for convenience. */
135 
136 void assemble_udp_ip_header (interface, buf, bufix,
137 			     from, to, port, data, len)
138 	struct interface_info *interface;
139 	unsigned char *buf;
140 	unsigned *bufix;
141 	u_int32_t from;
142 	u_int32_t to;
143 	u_int32_t port;
144 	unsigned char *data;
145 	unsigned len;
146 {
147 	struct ip ip;
148 	struct udphdr udp;
149 
150 	memset (&ip, 0, sizeof ip);
151 
152 	/* Fill out the IP header */
153 	IP_V_SET (&ip, 4);
154 	IP_HL_SET (&ip, 20);
155 	ip.ip_tos = IPTOS_LOWDELAY;
156 	ip.ip_len = htons(sizeof(ip) + sizeof(udp) + len);
157 	ip.ip_id = 0;
158 	ip.ip_off = 0;
159 	ip.ip_ttl = 128;
160 	ip.ip_p = IPPROTO_UDP;
161 	ip.ip_sum = 0;
162 	ip.ip_src.s_addr = from;
163 	ip.ip_dst.s_addr = to;
164 
165 	/* Checksum the IP header... */
166 	ip.ip_sum = wrapsum (checksum ((unsigned char *)&ip, sizeof ip, 0));
167 
168 	/* Copy the ip header into the buffer... */
169 	memcpy (&buf [*bufix], &ip, sizeof ip);
170 	*bufix += sizeof ip;
171 
172 	/* Fill out the UDP header */
173 	udp.uh_sport = local_port;		/* XXX */
174 	udp.uh_dport = port;			/* XXX */
175 	udp.uh_ulen = htons(sizeof(udp) + len);
176 	memset (&udp.uh_sum, 0, sizeof udp.uh_sum);
177 
178 	/* Compute UDP checksums, including the ``pseudo-header'', the UDP
179 	   header and the data. */
180 
181 	udp.uh_sum =
182 		wrapsum (checksum ((unsigned char *)&udp, sizeof udp,
183 				   checksum (data, len,
184 					     checksum ((unsigned char *)
185 						       &ip.ip_src,
186 						       2 * sizeof ip.ip_src,
187 						       IPPROTO_UDP +
188 						       (u_int32_t)
189 						       ntohs (udp.uh_ulen)))));
190 
191 	/* Copy the udp header into the buffer... */
192 	memcpy (&buf [*bufix], &udp, sizeof udp);
193 	*bufix += sizeof udp;
194 }
195 #endif /* PACKET_ASSEMBLY */
196 
197 #ifdef PACKET_DECODING
198 /* Decode a hardware header... */
199 /* Support for ethernet, TR and FDDI
200  * Doesn't support infiniband yet as the supported oses shouldn't get here
201  */
202 
203 ssize_t decode_hw_header (interface, buf, bufix, from)
204      struct interface_info *interface;
205      unsigned char *buf;
206      unsigned bufix;
207      struct hardware *from;
208 {
209 	switch(interface->hw_address.hbuf[0]) {
210 #if defined (HAVE_TR_SUPPORT)
211 	case HTYPE_IEEE802:
212 		return (decode_tr_header(interface, buf, bufix, from));
213 #endif
214 #if defined (DEC_FDDI)
215 	case HTYPE_FDDI:
216 		return (decode_fddi_header(interface, buf, bufix, from));
217 #endif
218 	case HTYPE_INFINIBAND:
219 		log_error("Attempt to decode hw header for infiniband");
220 		return (0);
221 	case HTYPE_ETHER:
222 	default:
223 		return (decode_ethernet_header(interface, buf, bufix, from));
224 	}
225 }
226 
227 /* UDP header and IP header decoded together for convenience. */
228 
229 ssize_t
230 decode_udp_ip_header(struct interface_info *interface,
231 		     unsigned char *buf, unsigned bufix,
232 		     struct sockaddr_in *from, unsigned buflen,
233 		     unsigned *rbuflen)
234 {
235   unsigned char *data;
236   struct ip ip;
237   struct udphdr udp;
238   unsigned char *upp, *endbuf;
239   u_int32_t ip_len, ulen, pkt_len;
240   u_int32_t sum, usum;
241   static int ip_packets_seen;
242   static int ip_packets_bad_checksum;
243   static int udp_packets_seen;
244   static int udp_packets_bad_checksum;
245   static int udp_packets_length_checked;
246   static int udp_packets_length_overflow;
247   unsigned len;
248 
249   /* Designate the end of the input buffer for bounds checks. */
250   endbuf = buf + bufix + buflen;
251 
252   /* Assure there is at least an IP header there. */
253   if ((buf + bufix + sizeof(ip)) > endbuf)
254 	  return -1;
255 
256   /* Copy the IP header into a stack aligned structure for inspection.
257    * There may be bits in the IP header that we're not decoding, so we
258    * copy out the bits we grok and skip ahead by ip.ip_hl * 4.
259    */
260   upp = buf + bufix;
261   memcpy(&ip, upp, sizeof(ip));
262   ip_len = (*upp & 0x0f) << 2;
263   upp += ip_len;
264 
265   /* Check the IP packet length. */
266   pkt_len = ntohs(ip.ip_len);
267   if (pkt_len > buflen)
268 	return -1;
269 
270   /* Assure after ip_len bytes that there is enough room for a UDP header. */
271   if ((upp + sizeof(udp)) > endbuf)
272 	  return -1;
273 
274   /* Copy the UDP header into a stack aligned structure for inspection. */
275   memcpy(&udp, upp, sizeof(udp));
276 
277 #ifdef USERLAND_FILTER
278   /* Is it a UDP packet? */
279   if (ip.ip_p != IPPROTO_UDP)
280 	  return -1;
281 
282   /* Is it to the port we're serving? */
283   if (udp.uh_dport != local_port)
284 	  return -1;
285 #endif /* USERLAND_FILTER */
286 
287   ulen = ntohs(udp.uh_ulen);
288   if (ulen < sizeof(udp))
289 	return -1;
290 
291   udp_packets_length_checked++;
292   if ((upp + ulen) > endbuf) {
293 	udp_packets_length_overflow++;
294 	if ((udp_packets_length_checked > 4) &&
295 	    ((udp_packets_length_checked /
296 	      udp_packets_length_overflow) < 2)) {
297 		log_info("%d udp packets in %d too long - dropped",
298 			 udp_packets_length_overflow,
299 			 udp_packets_length_checked);
300 		udp_packets_length_overflow = 0;
301 		udp_packets_length_checked = 0;
302 	}
303 	return -1;
304   }
305 
306   if ((ulen < sizeof(udp)) || ((upp + ulen) > endbuf))
307 	return -1;
308 
309   /* Check the IP header checksum - it should be zero. */
310   ++ip_packets_seen;
311   if (wrapsum (checksum (buf + bufix, ip_len, 0))) {
312 	  ++ip_packets_bad_checksum;
313 	  if (ip_packets_seen > 4 &&
314 	      (ip_packets_seen / ip_packets_bad_checksum) < 2) {
315 		  log_info ("%d bad IP checksums seen in %d packets",
316 			    ip_packets_bad_checksum, ip_packets_seen);
317 		  ip_packets_seen = ip_packets_bad_checksum = 0;
318 	  }
319 	  return -1;
320   }
321 
322   /* Copy out the IP source address... */
323   memcpy(&from->sin_addr, &ip.ip_src, 4);
324 
325   /* Compute UDP checksums, including the ``pseudo-header'', the UDP
326      header and the data.   If the UDP checksum field is zero, we're
327      not supposed to do a checksum. */
328 
329   data = upp + sizeof(udp);
330   len = ulen - sizeof(udp);
331 
332   usum = udp.uh_sum;
333   udp.uh_sum = 0;
334 
335   /* XXX: We have to pass &udp, because we have to zero the checksum
336    * field before calculating the sum...'upp' isn't zeroed.
337    */
338   sum = wrapsum(checksum((unsigned char *)&udp, sizeof(udp),
339 			 checksum(data, len,
340 				  checksum((unsigned char *)&ip.ip_src,
341 					   8, IPPROTO_UDP + ulen))));
342 
343   udp_packets_seen++;
344   if (usum && usum != sum) {
345 	  udp_packets_bad_checksum++;
346 	  if (udp_packets_seen > 4 &&
347 	      (udp_packets_seen / udp_packets_bad_checksum) < 2) {
348 		  log_info ("%d bad udp checksums in %d packets",
349 			    udp_packets_bad_checksum, udp_packets_seen);
350 		  udp_packets_seen = udp_packets_bad_checksum = 0;
351 	  }
352 	  return -1;
353   }
354 
355   /* Copy out the port... */
356   memcpy (&from -> sin_port, &udp.uh_sport, sizeof udp.uh_sport);
357 
358   /* Save the length of the UDP payload. */
359   if (rbuflen != NULL)
360 	*rbuflen = len;
361 
362   /* Return the index to the UDP payload. */
363   return ip_len + sizeof udp;
364 }
365 #endif /* PACKET_DECODING */
366