1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * dhcpcd - ARP handler 4 * Copyright (c) 2006-2020 Roy Marples <roy@marples.name> 5 * All rights reserved 6 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <sys/socket.h> 30 #include <sys/types.h> 31 32 #include <arpa/inet.h> 33 34 #include <net/if.h> 35 #include <netinet/in.h> 36 #include <netinet/if_ether.h> 37 38 #include <errno.h> 39 #include <stdlib.h> 40 #include <stdio.h> 41 #include <string.h> 42 #include <unistd.h> 43 44 #define ELOOP_QUEUE ELOOP_ARP 45 #include "config.h" 46 #include "arp.h" 47 #include "bpf.h" 48 #include "ipv4.h" 49 #include "common.h" 50 #include "dhcpcd.h" 51 #include "eloop.h" 52 #include "if.h" 53 #include "if-options.h" 54 #include "ipv4ll.h" 55 #include "logerr.h" 56 #include "privsep.h" 57 58 #if defined(ARP) 59 #define ARP_LEN \ 60 (FRAMEHDRLEN_MAX + \ 61 sizeof(struct arphdr) + (2 * sizeof(uint32_t)) + (2 * HWADDR_LEN)) 62 63 /* ARP debugging can be quite noisy. Enable this for more noise! */ 64 //#define ARP_DEBUG 65 66 /* Assert the correct structure size for on wire */ 67 __CTASSERT(sizeof(struct arphdr) == 8); 68 69 static ssize_t 70 arp_request(const struct arp_state *astate, 71 const struct in_addr *sip) 72 { 73 const struct interface *ifp = astate->iface; 74 const struct in_addr *tip = &astate->addr; 75 uint8_t arp_buffer[ARP_LEN]; 76 struct arphdr ar; 77 size_t len; 78 uint8_t *p; 79 80 ar.ar_hrd = htons(ifp->hwtype); 81 ar.ar_pro = htons(ETHERTYPE_IP); 82 ar.ar_hln = ifp->hwlen; 83 ar.ar_pln = sizeof(tip->s_addr); 84 ar.ar_op = htons(ARPOP_REQUEST); 85 86 p = arp_buffer; 87 len = 0; 88 89 #define CHECK(fun, b, l) \ 90 do { \ 91 if (len + (l) > sizeof(arp_buffer)) \ 92 goto eexit; \ 93 fun(p, (b), (l)); \ 94 p += (l); \ 95 len += (l); \ 96 } while (/* CONSTCOND */ 0) 97 #define APPEND(b, l) CHECK(memcpy, b, l) 98 #define ZERO(l) CHECK(memset, 0, l) 99 100 APPEND(&ar, sizeof(ar)); 101 APPEND(ifp->hwaddr, ifp->hwlen); 102 if (sip != NULL) 103 APPEND(&sip->s_addr, sizeof(sip->s_addr)); 104 else 105 ZERO(sizeof(tip->s_addr)); 106 ZERO(ifp->hwlen); 107 APPEND(&tip->s_addr, sizeof(tip->s_addr)); 108 109 #ifdef PRIVSEP 110 if (ifp->ctx->options & DHCPCD_PRIVSEP) 111 return ps_bpf_sendarp(ifp, tip, arp_buffer, len); 112 #endif 113 /* Note that well formed ethernet will add extra padding 114 * to ensure that the packet is at least 60 bytes (64 including FCS). */ 115 return bpf_send(astate->bpf, ETHERTYPE_ARP, arp_buffer, len); 116 117 eexit: 118 errno = ENOBUFS; 119 return -1; 120 } 121 122 static void 123 arp_report_conflicted(const struct arp_state *astate, 124 const struct arp_msg *amsg) 125 { 126 char abuf[HWADDR_LEN * 3]; 127 char fbuf[HWADDR_LEN * 3]; 128 129 if (amsg == NULL) { 130 logerrx("%s: DAD detected %s", 131 astate->iface->name, inet_ntoa(astate->addr)); 132 return; 133 } 134 135 hwaddr_ntoa(amsg->sha, astate->iface->hwlen, abuf, sizeof(abuf)); 136 if (bpf_frame_header_len(astate->iface) == 0) { 137 logwarnx("%s: %s claims %s", 138 astate->iface->name, abuf, inet_ntoa(astate->addr)); 139 return; 140 } 141 142 logwarnx("%s: %s(%s) claims %s", 143 astate->iface->name, abuf, 144 hwaddr_ntoa(amsg->fsha, astate->iface->hwlen, fbuf, sizeof(fbuf)), 145 inet_ntoa(astate->addr)); 146 } 147 148 static void 149 arp_found(struct arp_state *astate, const struct arp_msg *amsg) 150 { 151 struct interface *ifp; 152 struct ipv4_addr *ia; 153 #ifndef KERNEL_RFC5227 154 struct timespec now; 155 #endif 156 157 arp_report_conflicted(astate, amsg); 158 ifp = astate->iface; 159 160 /* If we haven't added the address we're doing a probe. */ 161 ia = ipv4_iffindaddr(ifp, &astate->addr, NULL); 162 if (ia == NULL) { 163 if (astate->found_cb != NULL) 164 astate->found_cb(astate, amsg); 165 return; 166 } 167 168 #ifndef KERNEL_RFC5227 169 /* RFC 3927 Section 2.5 says a defence should 170 * broadcast an ARP announcement. 171 * Because the kernel will also unicast a reply to the 172 * hardware address which requested the IP address 173 * the other IPv4LL client will receieve two ARP 174 * messages. 175 * If another conflict happens within DEFEND_INTERVAL 176 * then we must drop our address and negotiate a new one. */ 177 clock_gettime(CLOCK_MONOTONIC, &now); 178 if (timespecisset(&astate->defend) && 179 eloop_timespec_diff(&now, &astate->defend, NULL) < DEFEND_INTERVAL) 180 logwarnx("%s: %d second defence failed for %s", 181 ifp->name, DEFEND_INTERVAL, inet_ntoa(astate->addr)); 182 else if (arp_request(astate, &astate->addr) == -1) 183 logerr(__func__); 184 else { 185 logdebugx("%s: defended address %s", 186 ifp->name, inet_ntoa(astate->addr)); 187 astate->defend = now; 188 return; 189 } 190 #endif 191 192 if (astate->defend_failed_cb != NULL) 193 astate->defend_failed_cb(astate); 194 } 195 196 static bool 197 arp_validate(const struct interface *ifp, struct arphdr *arp) 198 { 199 200 /* Address type must match */ 201 if (arp->ar_hrd != htons(ifp->hwtype)) 202 return false; 203 204 /* Protocol must be IP. */ 205 if (arp->ar_pro != htons(ETHERTYPE_IP)) 206 return false; 207 208 /* lladdr length matches */ 209 if (arp->ar_hln != ifp->hwlen) 210 return false; 211 212 /* Protocol length must match in_addr_t */ 213 if (arp->ar_pln != sizeof(in_addr_t)) 214 return false; 215 216 /* Only these types are recognised */ 217 if (arp->ar_op != htons(ARPOP_REPLY) && 218 arp->ar_op != htons(ARPOP_REQUEST)) 219 return false; 220 221 return true; 222 } 223 224 void 225 arp_packet(struct interface *ifp, uint8_t *data, size_t len, 226 unsigned int bpf_flags) 227 { 228 size_t fl = bpf_frame_header_len(ifp), falen; 229 const struct interface *ifn; 230 struct arphdr ar; 231 struct arp_msg arm; 232 const struct iarp_state *state; 233 struct arp_state *astate, *astaten; 234 uint8_t *hw_s, *hw_t; 235 236 /* Copy the frame header source and destination out */ 237 memset(&arm, 0, sizeof(arm)); 238 if (fl != 0) { 239 hw_s = bpf_frame_header_src(ifp, data, &falen); 240 if (hw_s != NULL && falen <= sizeof(arm.fsha)) 241 memcpy(arm.fsha, hw_s, falen); 242 hw_t = bpf_frame_header_dst(ifp, data, &falen); 243 if (hw_t != NULL && falen <= sizeof(arm.ftha)) 244 memcpy(arm.ftha, hw_t, falen); 245 246 /* Skip past the frame header */ 247 data += fl; 248 len -= fl; 249 } 250 251 /* We must have a full ARP header */ 252 if (len < sizeof(ar)) 253 return; 254 memcpy(&ar, data, sizeof(ar)); 255 256 if (!arp_validate(ifp, &ar)) { 257 #ifdef BPF_DEBUG 258 logerrx("%s: ARP BPF validation failure", ifp->name); 259 #endif 260 return; 261 } 262 263 /* Get pointers to the hardware addresses */ 264 hw_s = data + sizeof(ar); 265 hw_t = hw_s + ar.ar_hln + ar.ar_pln; 266 /* Ensure we got all the data */ 267 if ((size_t)((hw_t + ar.ar_hln + ar.ar_pln) - data) > len) 268 return; 269 /* Ignore messages from ourself */ 270 TAILQ_FOREACH(ifn, ifp->ctx->ifaces, next) { 271 if (ar.ar_hln == ifn->hwlen && 272 memcmp(hw_s, ifn->hwaddr, ifn->hwlen) == 0) 273 break; 274 } 275 if (ifn) { 276 #ifdef ARP_DEBUG 277 logdebugx("%s: ignoring ARP from self", ifp->name); 278 #endif 279 return; 280 } 281 /* Copy out the HW and IP addresses */ 282 memcpy(&arm.sha, hw_s, ar.ar_hln); 283 memcpy(&arm.sip.s_addr, hw_s + ar.ar_hln, ar.ar_pln); 284 memcpy(&arm.tha, hw_t, ar.ar_hln); 285 memcpy(&arm.tip.s_addr, hw_t + ar.ar_hln, ar.ar_pln); 286 287 /* Match the ARP probe to our states. 288 * Ignore Unicast Poll, RFC1122. */ 289 state = ARP_CSTATE(ifp); 290 if (state == NULL) 291 return; 292 TAILQ_FOREACH_SAFE(astate, &state->arp_states, next, astaten) { 293 if (IN_ARE_ADDR_EQUAL(&arm.sip, &astate->addr) || 294 (IN_IS_ADDR_UNSPECIFIED(&arm.sip) && 295 IN_ARE_ADDR_EQUAL(&arm.tip, &astate->addr) && 296 bpf_flags & BPF_BCAST)) 297 arp_found(astate, &arm); 298 } 299 } 300 301 static void 302 arp_read(void *arg) 303 { 304 struct arp_state *astate = arg; 305 struct bpf *bpf = astate->bpf; 306 struct interface *ifp = astate->iface; 307 uint8_t buf[ARP_LEN]; 308 ssize_t bytes; 309 struct in_addr addr = astate->addr; 310 311 /* Some RAW mechanisms are generic file descriptors, not sockets. 312 * This means we have no kernel call to just get one packet, 313 * so we have to process the entire buffer. */ 314 bpf->bpf_flags &= ~BPF_EOF; 315 while (!(bpf->bpf_flags & BPF_EOF)) { 316 bytes = bpf_read(bpf, buf, sizeof(buf)); 317 if (bytes == -1) { 318 logerr("%s: %s", __func__, ifp->name); 319 arp_free(astate); 320 return; 321 } 322 arp_packet(ifp, buf, (size_t)bytes, bpf->bpf_flags); 323 /* Check we still have a state after processing. */ 324 if ((astate = arp_find(ifp, &addr)) == NULL) 325 break; 326 if ((bpf = astate->bpf) == NULL) 327 break; 328 } 329 } 330 331 static void 332 arp_probed(void *arg) 333 { 334 struct arp_state *astate = arg; 335 336 timespecclear(&astate->defend); 337 astate->not_found_cb(astate); 338 } 339 340 static void 341 arp_probe1(void *arg) 342 { 343 struct arp_state *astate = arg; 344 struct interface *ifp = astate->iface; 345 unsigned int delay; 346 347 if (++astate->probes < PROBE_NUM) { 348 delay = (PROBE_MIN * MSEC_PER_SEC) + 349 (arc4random_uniform( 350 (PROBE_MAX - PROBE_MIN) * MSEC_PER_SEC)); 351 eloop_timeout_add_msec(ifp->ctx->eloop, delay, arp_probe1, astate); 352 } else { 353 delay = ANNOUNCE_WAIT * MSEC_PER_SEC; 354 eloop_timeout_add_msec(ifp->ctx->eloop, delay, arp_probed, astate); 355 } 356 logdebugx("%s: ARP probing %s (%d of %d), next in %0.1f seconds", 357 ifp->name, inet_ntoa(astate->addr), 358 astate->probes ? astate->probes : PROBE_NUM, PROBE_NUM, 359 (float)delay / MSEC_PER_SEC); 360 if (arp_request(astate, NULL) == -1) 361 logerr(__func__); 362 } 363 364 void 365 arp_probe(struct arp_state *astate) 366 { 367 368 astate->probes = 0; 369 logdebugx("%s: probing for %s", 370 astate->iface->name, inet_ntoa(astate->addr)); 371 arp_probe1(astate); 372 } 373 #endif /* ARP */ 374 375 struct arp_state * 376 arp_find(struct interface *ifp, const struct in_addr *addr) 377 { 378 struct iarp_state *state; 379 struct arp_state *astate; 380 381 if ((state = ARP_STATE(ifp)) == NULL) 382 goto out; 383 TAILQ_FOREACH(astate, &state->arp_states, next) { 384 if (astate->addr.s_addr == addr->s_addr && astate->iface == ifp) 385 return astate; 386 } 387 out: 388 errno = ESRCH; 389 return NULL; 390 } 391 392 static void 393 arp_announced(void *arg) 394 { 395 struct arp_state *astate = arg; 396 397 if (astate->announced_cb) { 398 astate->announced_cb(astate); 399 return; 400 } 401 402 /* Keep the ARP state open to handle ongoing ACD. */ 403 } 404 405 static void 406 arp_announce1(void *arg) 407 { 408 struct arp_state *astate = arg; 409 struct interface *ifp = astate->iface; 410 struct ipv4_addr *ia; 411 412 if (++astate->claims < ANNOUNCE_NUM) 413 logdebugx("%s: ARP announcing %s (%d of %d), " 414 "next in %d.0 seconds", 415 ifp->name, inet_ntoa(astate->addr), 416 astate->claims, ANNOUNCE_NUM, ANNOUNCE_WAIT); 417 else 418 logdebugx("%s: ARP announcing %s (%d of %d)", 419 ifp->name, inet_ntoa(astate->addr), 420 astate->claims, ANNOUNCE_NUM); 421 422 /* The kernel will send a Gratuitous ARP for newly added addresses. 423 * So we can avoid sending the same. 424 * Linux is special and doesn't send one. */ 425 ia = ipv4_iffindaddr(ifp, &astate->addr, NULL); 426 #ifndef __linux__ 427 if (astate->claims == 1 && ia != NULL && ia->flags & IPV4_AF_NEW) 428 goto skip_request; 429 #endif 430 431 if (arp_request(astate, &astate->addr) == -1) 432 logerr(__func__); 433 434 #ifndef __linux__ 435 skip_request: 436 #endif 437 /* No longer a new address. */ 438 if (ia != NULL) 439 ia->flags |= ~IPV4_AF_NEW; 440 441 eloop_timeout_add_sec(ifp->ctx->eloop, ANNOUNCE_WAIT, 442 astate->claims < ANNOUNCE_NUM ? arp_announce1 : arp_announced, 443 astate); 444 } 445 446 static void 447 arp_announce(struct arp_state *astate) 448 { 449 struct iarp_state *state; 450 struct interface *ifp; 451 struct arp_state *a2; 452 int r; 453 454 /* Cancel any other ARP announcements for this address. */ 455 TAILQ_FOREACH(ifp, astate->iface->ctx->ifaces, next) { 456 state = ARP_STATE(ifp); 457 if (state == NULL) 458 continue; 459 TAILQ_FOREACH(a2, &state->arp_states, next) { 460 if (astate == a2 || 461 a2->addr.s_addr != astate->addr.s_addr) 462 continue; 463 r = eloop_timeout_delete(a2->iface->ctx->eloop, 464 a2->claims < ANNOUNCE_NUM 465 ? arp_announce1 : arp_announced, 466 a2); 467 if (r == -1) 468 logerr(__func__); 469 else if (r != 0) { 470 logdebugx("%s: ARP announcement " 471 "of %s cancelled", 472 a2->iface->name, 473 inet_ntoa(a2->addr)); 474 arp_announced(a2); 475 } 476 } 477 } 478 479 astate->claims = 0; 480 arp_announce1(astate); 481 } 482 483 struct arp_state * 484 arp_ifannounceaddr(struct interface *ifp, const struct in_addr *ia) 485 { 486 struct arp_state *astate; 487 488 if (ifp->flags & IFF_NOARP || !(ifp->options->options & DHCPCD_ARP)) 489 return NULL; 490 491 astate = arp_find(ifp, ia); 492 if (astate == NULL) { 493 astate = arp_new(ifp, ia); 494 if (astate == NULL) 495 return NULL; 496 astate->announced_cb = arp_free; 497 } 498 arp_announce(astate); 499 return astate; 500 } 501 502 struct arp_state * 503 arp_announceaddr(struct dhcpcd_ctx *ctx, const struct in_addr *ia) 504 { 505 struct interface *ifp, *iff = NULL; 506 struct ipv4_addr *iap; 507 508 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 509 if (!ifp->active || !if_is_link_up(ifp)) 510 continue; 511 iap = ipv4_iffindaddr(ifp, ia, NULL); 512 if (iap == NULL) 513 continue; 514 #ifdef IN_IFF_NOTUSEABLE 515 if (iap->addr_flags & IN_IFF_NOTUSEABLE) 516 continue; 517 #endif 518 if (iff != NULL && iff->metric < ifp->metric) 519 continue; 520 iff = ifp; 521 } 522 if (iff == NULL) 523 return NULL; 524 525 return arp_ifannounceaddr(iff, ia); 526 } 527 528 struct arp_state * 529 arp_new(struct interface *ifp, const struct in_addr *addr) 530 { 531 struct iarp_state *state; 532 struct arp_state *astate; 533 534 if ((state = ARP_STATE(ifp)) == NULL) { 535 ifp->if_data[IF_DATA_ARP] = malloc(sizeof(*state)); 536 state = ARP_STATE(ifp); 537 if (state == NULL) { 538 logerr(__func__); 539 return NULL; 540 } 541 TAILQ_INIT(&state->arp_states); 542 } else { 543 if ((astate = arp_find(ifp, addr)) != NULL) 544 return astate; 545 } 546 547 if ((astate = calloc(1, sizeof(*astate))) == NULL) { 548 logerr(__func__); 549 return NULL; 550 } 551 astate->iface = ifp; 552 astate->addr = *addr; 553 554 #ifdef PRIVSEP 555 if (IN_PRIVSEP(ifp->ctx)) { 556 if (ps_bpf_openarp(ifp, addr) == -1) { 557 logerr(__func__); 558 free(astate); 559 return NULL; 560 } 561 } else 562 #endif 563 { 564 astate->bpf = bpf_open(ifp, bpf_arp, addr); 565 if (astate->bpf == NULL) { 566 logerr(__func__); 567 free(astate); 568 return NULL; 569 } 570 eloop_event_add(ifp->ctx->eloop, astate->bpf->bpf_fd, 571 arp_read, astate); 572 } 573 574 575 state = ARP_STATE(ifp); 576 TAILQ_INSERT_TAIL(&state->arp_states, astate, next); 577 return astate; 578 } 579 580 void 581 arp_free(struct arp_state *astate) 582 { 583 struct interface *ifp; 584 struct dhcpcd_ctx *ctx; 585 struct iarp_state *state; 586 587 if (astate == NULL) 588 return; 589 590 ifp = astate->iface; 591 ctx = ifp->ctx; 592 eloop_timeout_delete(ctx->eloop, NULL, astate); 593 594 state = ARP_STATE(ifp); 595 TAILQ_REMOVE(&state->arp_states, astate, next); 596 if (astate->free_cb) 597 astate->free_cb(astate); 598 599 #ifdef PRIVSEP 600 if (IN_PRIVSEP(ctx) && ps_bpf_closearp(ifp, &astate->addr) == -1) 601 logerr(__func__); 602 #endif 603 if (astate->bpf != NULL) { 604 eloop_event_delete(ctx->eloop, astate->bpf->bpf_fd); 605 bpf_close(astate->bpf); 606 } 607 608 free(astate); 609 610 if (TAILQ_FIRST(&state->arp_states) == NULL) { 611 free(state); 612 ifp->if_data[IF_DATA_ARP] = NULL; 613 } 614 } 615 616 void 617 arp_freeaddr(struct interface *ifp, const struct in_addr *ia) 618 { 619 struct arp_state *astate; 620 621 astate = arp_find(ifp, ia); 622 arp_free(astate); 623 } 624 625 void 626 arp_drop(struct interface *ifp) 627 { 628 struct iarp_state *state; 629 struct arp_state *astate; 630 631 while ((state = ARP_STATE(ifp)) != NULL && 632 (astate = TAILQ_FIRST(&state->arp_states)) != NULL) 633 arp_free(astate); 634 } 635