1 /* 2 * dhcpcd - ARP handler 3 * Copyright (c) 2006-2018 Roy Marples <roy@marples.name> 4 * All rights reserved 5 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include <sys/socket.h> 29 #include <sys/types.h> 30 31 #include <arpa/inet.h> 32 33 #include <net/if.h> 34 #include <netinet/in.h> 35 #include <netinet/if_ether.h> 36 37 #include <errno.h> 38 #include <stdlib.h> 39 #include <string.h> 40 #include <unistd.h> 41 42 #define ELOOP_QUEUE 5 43 #include "config.h" 44 #include "arp.h" 45 #include "bpf.h" 46 #include "ipv4.h" 47 #include "common.h" 48 #include "dhcpcd.h" 49 #include "eloop.h" 50 #include "if.h" 51 #include "if-options.h" 52 #include "ipv4ll.h" 53 #include "logerr.h" 54 55 #if defined(ARP) 56 #define ARP_LEN \ 57 (sizeof(struct arphdr) + (2 * sizeof(uint32_t)) + (2 * HWADDR_LEN)) 58 59 /* ARP debugging can be quite noisy. Enable this for more noise! */ 60 //#define ARP_DEBUG 61 62 /* Assert the correct structure size for on wire */ 63 __CTASSERT(sizeof(struct arphdr) == 8); 64 65 ssize_t 66 arp_request(const struct interface *ifp, in_addr_t sip, in_addr_t tip) 67 { 68 uint8_t arp_buffer[ARP_LEN]; 69 struct arphdr ar; 70 size_t len; 71 uint8_t *p; 72 const struct iarp_state *state; 73 74 ar.ar_hrd = htons(ifp->family); 75 ar.ar_pro = htons(ETHERTYPE_IP); 76 ar.ar_hln = ifp->hwlen; 77 ar.ar_pln = sizeof(sip); 78 ar.ar_op = htons(ARPOP_REQUEST); 79 80 p = arp_buffer; 81 len = 0; 82 83 #define CHECK(fun, b, l) \ 84 do { \ 85 if (len + (l) > sizeof(arp_buffer)) \ 86 goto eexit; \ 87 fun(p, (b), (l)); \ 88 p += (l); \ 89 len += (l); \ 90 } while (/* CONSTCOND */ 0) 91 #define APPEND(b, l) CHECK(memcpy, b, l) 92 #define ZERO(l) CHECK(memset, 0, l) 93 94 APPEND(&ar, sizeof(ar)); 95 APPEND(ifp->hwaddr, ifp->hwlen); 96 APPEND(&sip, sizeof(sip)); 97 ZERO(ifp->hwlen); 98 APPEND(&tip, sizeof(tip)); 99 100 state = ARP_CSTATE(ifp); 101 return bpf_send(ifp, state->bpf_fd, ETHERTYPE_ARP, arp_buffer, len); 102 103 eexit: 104 errno = ENOBUFS; 105 return -1; 106 } 107 108 static void 109 arp_packet(struct interface *ifp, uint8_t *data, size_t len) 110 { 111 const struct interface *ifn; 112 struct arphdr ar; 113 struct arp_msg arm; 114 const struct iarp_state *state; 115 struct arp_state *astate, *astaten; 116 uint8_t *hw_s, *hw_t; 117 118 /* We must have a full ARP header */ 119 if (len < sizeof(ar)) 120 return; 121 memcpy(&ar, data, sizeof(ar)); 122 123 /* These checks are enforced in the BPF filter. */ 124 #if 0 125 /* Families must match */ 126 if (ar.ar_hrd != htons(ifp->family)) 127 return; 128 /* Protocol must be IP. */ 129 if (ar.ar_pro != htons(ETHERTYPE_IP)) 130 continue; 131 /* lladdr length matches */ 132 if (ar.ar_hln != ifp->hwlen) 133 continue; 134 /* Protocol length must match in_addr_t */ 135 if (ar.ar_pln != sizeof(arm.sip.s_addr)) 136 return; 137 /* Only these types are recognised */ 138 if (ar.ar_op != htons(ARPOP_REPLY) && 139 ar.ar_op != htons(ARPOP_REQUEST)) 140 continue; 141 #endif 142 143 /* Get pointers to the hardware addresses */ 144 hw_s = data + sizeof(ar); 145 hw_t = hw_s + ar.ar_hln + ar.ar_pln; 146 /* Ensure we got all the data */ 147 if ((size_t)((hw_t + ar.ar_hln + ar.ar_pln) - data) > len) 148 return; 149 /* Ignore messages from ourself */ 150 TAILQ_FOREACH(ifn, ifp->ctx->ifaces, next) { 151 if (ar.ar_hln == ifn->hwlen && 152 memcmp(hw_s, ifn->hwaddr, ifn->hwlen) == 0) 153 break; 154 } 155 if (ifn) { 156 #ifdef ARP_DEBUG 157 logdebugx("%s: ignoring ARP from self", ifp->name); 158 #endif 159 return; 160 } 161 /* Copy out the HW and IP addresses */ 162 memcpy(&arm.sha, hw_s, ar.ar_hln); 163 memcpy(&arm.sip.s_addr, hw_s + ar.ar_hln, ar.ar_pln); 164 memcpy(&arm.tha, hw_t, ar.ar_hln); 165 memcpy(&arm.tip.s_addr, hw_t + ar.ar_hln, ar.ar_pln); 166 167 /* Run the conflicts */ 168 state = ARP_CSTATE(ifp); 169 TAILQ_FOREACH_SAFE(astate, &state->arp_states, next, astaten) { 170 if (arm.sip.s_addr != astate->addr.s_addr && 171 arm.tip.s_addr != astate->addr.s_addr) 172 continue; 173 if (astate->conflicted_cb) 174 astate->conflicted_cb(astate, &arm); 175 } 176 } 177 178 void 179 arp_close(struct interface *ifp) 180 { 181 struct iarp_state *state; 182 183 if ((state = ARP_STATE(ifp)) != NULL && state->bpf_fd != -1) { 184 eloop_event_delete(ifp->ctx->eloop, state->bpf_fd); 185 bpf_close(ifp, state->bpf_fd); 186 state->bpf_fd = -1; 187 state->bpf_flags |= BPF_EOF; 188 } 189 } 190 191 static void 192 arp_tryfree(struct interface *ifp) 193 { 194 struct iarp_state *state = ARP_STATE(ifp); 195 196 /* If there are no more ARP states, close the socket. */ 197 if (TAILQ_FIRST(&state->arp_states) == NULL) { 198 arp_close(ifp); 199 if (state->bpf_flags & BPF_READING) 200 state->bpf_flags |= BPF_EOF; 201 else { 202 free(state); 203 ifp->if_data[IF_DATA_ARP] = NULL; 204 } 205 } else { 206 if (bpf_arp(ifp, state->bpf_fd) == -1) 207 logerr(__func__); 208 } 209 } 210 211 static void 212 arp_read(void *arg) 213 { 214 struct interface *ifp = arg; 215 struct iarp_state *state; 216 uint8_t buf[ARP_LEN]; 217 ssize_t bytes; 218 219 /* Some RAW mechanisms are generic file descriptors, not sockets. 220 * This means we have no kernel call to just get one packet, 221 * so we have to process the entire buffer. */ 222 state = ARP_STATE(ifp); 223 state->bpf_flags &= ~BPF_EOF; 224 state->bpf_flags |= BPF_READING; 225 while (!(state->bpf_flags & BPF_EOF)) { 226 bytes = bpf_read(ifp, state->bpf_fd, buf, sizeof(buf), 227 &state->bpf_flags); 228 if (bytes == -1) { 229 logerr("%s: %s", __func__, ifp->name); 230 arp_close(ifp); 231 break; 232 } 233 arp_packet(ifp, buf, (size_t)bytes); 234 /* Check we still have a state after processing. */ 235 if ((state = ARP_STATE(ifp)) == NULL) 236 break; 237 } 238 if (state != NULL) { 239 state->bpf_flags &= ~BPF_READING; 240 /* Try and free the state if nothing left to do. */ 241 arp_tryfree(ifp); 242 } 243 } 244 245 int 246 arp_open(struct interface *ifp) 247 { 248 struct iarp_state *state; 249 250 state = ARP_STATE(ifp); 251 if (state->bpf_fd == -1) { 252 state->bpf_fd = bpf_open(ifp, bpf_arp); 253 if (state->bpf_fd == -1) { 254 logerr("%s: %s", __func__, ifp->name); 255 return -1; 256 } 257 eloop_event_add(ifp->ctx->eloop, state->bpf_fd, arp_read, ifp); 258 } 259 return state->bpf_fd; 260 } 261 262 static void 263 arp_probed(void *arg) 264 { 265 struct arp_state *astate = arg; 266 267 astate->probed_cb(astate); 268 } 269 270 static void 271 arp_probe1(void *arg) 272 { 273 struct arp_state *astate = arg; 274 struct interface *ifp = astate->iface; 275 struct timespec tv; 276 277 if (++astate->probes < PROBE_NUM) { 278 tv.tv_sec = PROBE_MIN; 279 tv.tv_nsec = (suseconds_t)arc4random_uniform( 280 (PROBE_MAX - PROBE_MIN) * NSEC_PER_SEC); 281 timespecnorm(&tv); 282 eloop_timeout_add_tv(ifp->ctx->eloop, &tv, arp_probe1, astate); 283 } else { 284 tv.tv_sec = ANNOUNCE_WAIT; 285 tv.tv_nsec = 0; 286 eloop_timeout_add_tv(ifp->ctx->eloop, &tv, arp_probed, astate); 287 } 288 logdebugx("%s: ARP probing %s (%d of %d), next in %0.1f seconds", 289 ifp->name, inet_ntoa(astate->addr), 290 astate->probes ? astate->probes : PROBE_NUM, PROBE_NUM, 291 timespec_to_double(&tv)); 292 if (arp_request(ifp, 0, astate->addr.s_addr) == -1) 293 logerr(__func__); 294 } 295 296 void 297 arp_probe(struct arp_state *astate) 298 { 299 300 if (arp_open(astate->iface) == -1) { 301 logerr(__func__); 302 return; 303 } else { 304 const struct iarp_state *state = ARP_CSTATE(astate->iface); 305 306 if (bpf_arp(astate->iface, state->bpf_fd) == -1) 307 logerr(__func__); 308 } 309 astate->probes = 0; 310 logdebugx("%s: probing for %s", 311 astate->iface->name, inet_ntoa(astate->addr)); 312 arp_probe1(astate); 313 } 314 #endif /* ARP */ 315 316 static void 317 arp_announced(void *arg) 318 { 319 struct arp_state *astate = arg; 320 321 if (astate->announced_cb) { 322 astate->announced_cb(astate); 323 return; 324 } 325 326 /* Keep the ARP state open to handle ongoing ACD. */ 327 } 328 329 static void 330 arp_announce1(void *arg) 331 { 332 struct arp_state *astate = arg; 333 struct interface *ifp = astate->iface; 334 335 if (++astate->claims < ANNOUNCE_NUM) 336 logdebugx("%s: ARP announcing %s (%d of %d), " 337 "next in %d.0 seconds", 338 ifp->name, inet_ntoa(astate->addr), 339 astate->claims, ANNOUNCE_NUM, ANNOUNCE_WAIT); 340 else 341 logdebugx("%s: ARP announcing %s (%d of %d)", 342 ifp->name, inet_ntoa(astate->addr), 343 astate->claims, ANNOUNCE_NUM); 344 if (arp_request(ifp, astate->addr.s_addr, astate->addr.s_addr) == -1) 345 logerr(__func__); 346 eloop_timeout_add_sec(ifp->ctx->eloop, ANNOUNCE_WAIT, 347 astate->claims < ANNOUNCE_NUM ? arp_announce1 : arp_announced, 348 astate); 349 } 350 351 /* 352 * XXX FIXME 353 * Kernels supporting RFC5227 will announce the address when it's 354 * added. 355 * dhcpcd should not announce when this happens, nor need to open 356 * a BPF socket for it. 357 * Also, an address might be added to a non preferred inteface when 358 * the same address exists on a preferred one so we need to instruct 359 * the kernel not to announce the address somehow. 360 */ 361 362 void 363 arp_announce(struct arp_state *astate) 364 { 365 struct iarp_state *state; 366 struct interface *ifp; 367 struct arp_state *a2; 368 int r; 369 370 if (arp_open(astate->iface) == -1) { 371 logerr(__func__); 372 return; 373 } 374 375 /* Cancel any other ARP announcements for this address. */ 376 TAILQ_FOREACH(ifp, astate->iface->ctx->ifaces, next) { 377 state = ARP_STATE(ifp); 378 if (state == NULL) 379 continue; 380 TAILQ_FOREACH(a2, &state->arp_states, next) { 381 if (astate == a2 || 382 a2->addr.s_addr != astate->addr.s_addr) 383 continue; 384 r = eloop_timeout_delete(a2->iface->ctx->eloop, 385 a2->claims < ANNOUNCE_NUM 386 ? arp_announce1 : arp_announced, 387 a2); 388 if (r == -1) 389 logerr(__func__); 390 else if (r != 0) 391 logdebugx("%s: ARP announcement " 392 "of %s cancelled", 393 a2->iface->name, 394 inet_ntoa(a2->addr)); 395 } 396 } 397 398 astate->claims = 0; 399 arp_announce1(astate); 400 } 401 402 void 403 arp_announceaddr(struct dhcpcd_ctx *ctx, struct in_addr *ia) 404 { 405 struct interface *ifp; 406 struct ipv4_addr *iaf; 407 struct arp_state *astate; 408 409 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 410 iaf = ipv4_iffindaddr(ifp, ia, NULL); 411 #ifdef IN_IFF_NOTUSEABLE 412 if (iaf && !(iaf->addr_flags & IN_IFF_NOTUSEABLE)) 413 #else 414 if (iaf) 415 #endif 416 break; 417 } 418 if (ifp == NULL) 419 return; 420 421 astate = arp_find(ifp, ia); 422 if (astate != NULL) 423 arp_announce(astate); 424 } 425 426 void 427 arp_ifannounceaddr(struct interface *ifp, struct in_addr *ia) 428 { 429 struct arp_state *astate; 430 431 astate = arp_new(ifp, ia); 432 if (astate != NULL) 433 arp_announce(astate); 434 } 435 436 void 437 arp_report_conflicted(const struct arp_state *astate, 438 const struct arp_msg *amsg) 439 { 440 441 if (amsg != NULL) { 442 char buf[HWADDR_LEN * 3]; 443 444 logerrx("%s: hardware address %s claims %s", 445 astate->iface->name, 446 hwaddr_ntoa(amsg->sha, astate->iface->hwlen, 447 buf, sizeof(buf)), 448 inet_ntoa(astate->failed)); 449 } else 450 logerrx("%s: DAD detected %s", 451 astate->iface->name, inet_ntoa(astate->failed)); 452 } 453 454 struct arp_state * 455 arp_find(struct interface *ifp, const struct in_addr *addr) 456 { 457 struct iarp_state *state; 458 struct arp_state *astate; 459 460 if ((state = ARP_STATE(ifp)) == NULL) 461 goto out; 462 TAILQ_FOREACH(astate, &state->arp_states, next) { 463 if (astate->addr.s_addr == addr->s_addr && astate->iface == ifp) 464 return astate; 465 } 466 out: 467 errno = ESRCH; 468 return NULL; 469 } 470 471 struct arp_state * 472 arp_new(struct interface *ifp, const struct in_addr *addr) 473 { 474 struct iarp_state *state; 475 struct arp_state *astate; 476 477 if ((state = ARP_STATE(ifp)) == NULL) { 478 ifp->if_data[IF_DATA_ARP] = malloc(sizeof(*state)); 479 state = ARP_STATE(ifp); 480 if (state == NULL) { 481 logerr(__func__); 482 return NULL; 483 } 484 state->bpf_fd = -1; 485 state->bpf_flags = 0; 486 TAILQ_INIT(&state->arp_states); 487 } else { 488 if (addr && (astate = arp_find(ifp, addr))) 489 return astate; 490 } 491 492 if ((astate = calloc(1, sizeof(*astate))) == NULL) { 493 logerr(__func__); 494 return NULL; 495 } 496 astate->iface = ifp; 497 if (addr) 498 astate->addr = *addr; 499 state = ARP_STATE(ifp); 500 TAILQ_INSERT_TAIL(&state->arp_states, astate, next); 501 502 if (bpf_arp(ifp, state->bpf_fd) == -1) 503 logerr(__func__); /* try and continue */ 504 505 return astate; 506 } 507 508 void 509 arp_cancel(struct arp_state *astate) 510 { 511 512 eloop_timeout_delete(astate->iface->ctx->eloop, NULL, astate); 513 } 514 515 void 516 arp_free(struct arp_state *astate) 517 { 518 struct interface *ifp; 519 struct iarp_state *state; 520 521 if (astate == NULL) 522 return; 523 524 ifp = astate->iface; 525 eloop_timeout_delete(ifp->ctx->eloop, NULL, astate); 526 state = ARP_STATE(ifp); 527 TAILQ_REMOVE(&state->arp_states, astate, next); 528 if (astate->free_cb) 529 astate->free_cb(astate); 530 free(astate); 531 arp_tryfree(ifp); 532 } 533 534 static void 535 arp_free_but1(struct interface *ifp, struct arp_state *astate) 536 { 537 struct iarp_state *state; 538 539 if ((state = ARP_STATE(ifp)) != NULL) { 540 struct arp_state *p, *n; 541 542 TAILQ_FOREACH_SAFE(p, &state->arp_states, next, n) { 543 if (p != astate) 544 arp_free(p); 545 } 546 } 547 } 548 549 void 550 arp_free_but(struct arp_state *astate) 551 { 552 553 arp_free_but1(astate->iface, astate); 554 } 555 556 void 557 arp_drop(struct interface *ifp) 558 { 559 560 arp_free_but1(ifp, NULL); 561 arp_close(ifp); 562 } 563 564 void 565 arp_handleifa(int cmd, struct ipv4_addr *addr) 566 { 567 struct iarp_state *state; 568 struct arp_state *astate, *asn; 569 570 state = ARP_STATE(addr->iface); 571 if (state == NULL) 572 return; 573 574 TAILQ_FOREACH_SAFE(astate, &state->arp_states, next, asn) { 575 if (astate->addr.s_addr != addr->addr.s_addr) 576 continue; 577 if (cmd == RTM_DELADDR) 578 arp_free(astate); 579 #ifdef IN_IFF_DUPLICATED 580 if (cmd != RTM_NEWADDR) 581 continue; 582 if (addr->addr_flags & IN_IFF_DUPLICATED) { 583 if (astate->conflicted_cb) 584 astate->conflicted_cb(astate, NULL); 585 } else if (!(addr->addr_flags & IN_IFF_NOTUSEABLE)) { 586 if (astate->probed_cb) 587 astate->probed_cb(astate); 588 } 589 #endif 590 } 591 } 592