1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * dhcpcd - ARP handler 4 * Copyright (c) 2006-2023 Roy Marples <roy@marples.name> 5 * All rights reserved 6 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <sys/socket.h> 30 #include <sys/types.h> 31 32 #include <arpa/inet.h> 33 34 #include <net/if.h> 35 #include <netinet/in.h> 36 #include <netinet/if_ether.h> 37 38 #include <errno.h> 39 #include <stdlib.h> 40 #include <stdio.h> 41 #include <string.h> 42 #include <unistd.h> 43 44 #define ELOOP_QUEUE ELOOP_ARP 45 #include "config.h" 46 #include "arp.h" 47 #include "bpf.h" 48 #include "ipv4.h" 49 #include "common.h" 50 #include "dhcpcd.h" 51 #include "eloop.h" 52 #include "if.h" 53 #include "if-options.h" 54 #include "ipv4ll.h" 55 #include "logerr.h" 56 #include "privsep.h" 57 58 #if defined(ARP) 59 #define ARP_LEN \ 60 (FRAMEHDRLEN_MAX + \ 61 sizeof(struct arphdr) + (2 * sizeof(uint32_t)) + (2 * HWADDR_LEN)) 62 63 /* ARP debugging can be quite noisy. Enable this for more noise! */ 64 //#define ARP_DEBUG 65 66 /* Assert the correct structure size for on wire */ 67 __CTASSERT(sizeof(struct arphdr) == 8); 68 69 static ssize_t 70 arp_request(const struct arp_state *astate, 71 const struct in_addr *sip) 72 { 73 const struct interface *ifp = astate->iface; 74 const struct in_addr *tip = &astate->addr; 75 uint8_t arp_buffer[ARP_LEN]; 76 struct arphdr ar; 77 size_t len; 78 uint8_t *p; 79 80 ar.ar_hrd = htons(ifp->hwtype); 81 ar.ar_pro = htons(ETHERTYPE_IP); 82 ar.ar_hln = ifp->hwlen; 83 ar.ar_pln = sizeof(tip->s_addr); 84 ar.ar_op = htons(ARPOP_REQUEST); 85 86 p = arp_buffer; 87 len = 0; 88 89 #define CHECK(fun, b, l) \ 90 do { \ 91 if (len + (l) > sizeof(arp_buffer)) \ 92 goto eexit; \ 93 fun(p, (b), (l)); \ 94 p += (l); \ 95 len += (l); \ 96 } while (/* CONSTCOND */ 0) 97 #define APPEND(b, l) CHECK(memcpy, b, l) 98 #define ZERO(l) CHECK(memset, 0, l) 99 100 APPEND(&ar, sizeof(ar)); 101 APPEND(ifp->hwaddr, ifp->hwlen); 102 if (sip != NULL) 103 APPEND(&sip->s_addr, sizeof(sip->s_addr)); 104 else 105 ZERO(sizeof(tip->s_addr)); 106 ZERO(ifp->hwlen); 107 APPEND(&tip->s_addr, sizeof(tip->s_addr)); 108 109 #ifdef PRIVSEP 110 if (ifp->ctx->options & DHCPCD_PRIVSEP) 111 return ps_bpf_sendarp(ifp, tip, arp_buffer, len); 112 #endif 113 /* Note that well formed ethernet will add extra padding 114 * to ensure that the packet is at least 60 bytes (64 including FCS). */ 115 return bpf_send(astate->bpf, ETHERTYPE_ARP, arp_buffer, len); 116 117 eexit: 118 errno = ENOBUFS; 119 return -1; 120 } 121 122 static void 123 arp_report_conflicted(const struct arp_state *astate, 124 const struct arp_msg *amsg) 125 { 126 char abuf[HWADDR_LEN * 3]; 127 char fbuf[HWADDR_LEN * 3]; 128 129 if (amsg == NULL) { 130 logerrx("%s: DAD detected %s", 131 astate->iface->name, inet_ntoa(astate->addr)); 132 return; 133 } 134 135 hwaddr_ntoa(amsg->sha, astate->iface->hwlen, abuf, sizeof(abuf)); 136 if (bpf_frame_header_len(astate->iface) == 0) { 137 logwarnx("%s: %s claims %s", 138 astate->iface->name, abuf, inet_ntoa(astate->addr)); 139 return; 140 } 141 142 logwarnx("%s: %s(%s) claims %s", 143 astate->iface->name, abuf, 144 hwaddr_ntoa(amsg->fsha, astate->iface->hwlen, fbuf, sizeof(fbuf)), 145 inet_ntoa(astate->addr)); 146 } 147 148 static void 149 arp_found(struct arp_state *astate, const struct arp_msg *amsg) 150 { 151 struct interface *ifp; 152 struct ipv4_addr *ia; 153 #ifndef KERNEL_RFC5227 154 struct timespec now; 155 #endif 156 157 arp_report_conflicted(astate, amsg); 158 ifp = astate->iface; 159 160 /* If we haven't added the address we're doing a probe. */ 161 ia = ipv4_iffindaddr(ifp, &astate->addr, NULL); 162 if (ia == NULL) { 163 if (astate->found_cb != NULL) 164 astate->found_cb(astate, amsg); 165 return; 166 } 167 168 #ifndef KERNEL_RFC5227 169 /* RFC 3927 Section 2.5 says a defence should 170 * broadcast an ARP announcement. 171 * Because the kernel will also unicast a reply to the 172 * hardware address which requested the IP address 173 * the other IPv4LL client will receieve two ARP 174 * messages. 175 * If another conflict happens within DEFEND_INTERVAL 176 * then we must drop our address and negotiate a new one. */ 177 clock_gettime(CLOCK_MONOTONIC, &now); 178 if (timespecisset(&astate->defend) && 179 eloop_timespec_diff(&now, &astate->defend, NULL) < DEFEND_INTERVAL) 180 logwarnx("%s: %d second defence failed for %s", 181 ifp->name, DEFEND_INTERVAL, inet_ntoa(astate->addr)); 182 else if (arp_request(astate, &astate->addr) == -1) 183 logerr(__func__); 184 else { 185 logdebugx("%s: defended address %s", 186 ifp->name, inet_ntoa(astate->addr)); 187 astate->defend = now; 188 return; 189 } 190 #endif 191 192 if (astate->defend_failed_cb != NULL) 193 astate->defend_failed_cb(astate); 194 } 195 196 static bool 197 arp_validate(const struct interface *ifp, struct arphdr *arp) 198 { 199 200 /* Address type must match */ 201 if (arp->ar_hrd != htons(ifp->hwtype)) 202 return false; 203 204 /* Protocol must be IP. */ 205 if (arp->ar_pro != htons(ETHERTYPE_IP)) 206 return false; 207 208 /* lladdr length matches */ 209 if (arp->ar_hln != ifp->hwlen) 210 return false; 211 212 /* Protocol length must match in_addr_t */ 213 if (arp->ar_pln != sizeof(in_addr_t)) 214 return false; 215 216 /* Only these types are recognised */ 217 if (arp->ar_op != htons(ARPOP_REPLY) && 218 arp->ar_op != htons(ARPOP_REQUEST)) 219 return false; 220 221 return true; 222 } 223 224 void 225 arp_packet(struct interface *ifp, uint8_t *data, size_t len, 226 unsigned int bpf_flags) 227 { 228 size_t fl = bpf_frame_header_len(ifp), falen; 229 const struct interface *ifn; 230 struct arphdr ar; 231 struct arp_msg arm; 232 const struct iarp_state *state; 233 struct arp_state *astate, *astaten; 234 uint8_t *hw_s, *hw_t; 235 #ifndef KERNEL_RFC5227 236 bool is_probe; 237 #endif /* KERNEL_RFC5227 */ 238 239 /* Copy the frame header source and destination out */ 240 memset(&arm, 0, sizeof(arm)); 241 if (fl != 0) { 242 hw_s = bpf_frame_header_src(ifp, data, &falen); 243 if (hw_s != NULL && falen <= sizeof(arm.fsha)) 244 memcpy(arm.fsha, hw_s, falen); 245 hw_t = bpf_frame_header_dst(ifp, data, &falen); 246 if (hw_t != NULL && falen <= sizeof(arm.ftha)) 247 memcpy(arm.ftha, hw_t, falen); 248 249 /* Skip past the frame header */ 250 data += fl; 251 len -= fl; 252 } 253 254 /* We must have a full ARP header */ 255 if (len < sizeof(ar)) 256 return; 257 memcpy(&ar, data, sizeof(ar)); 258 259 if (!arp_validate(ifp, &ar)) { 260 #ifdef BPF_DEBUG 261 logerrx("%s: ARP BPF validation failure", ifp->name); 262 #endif 263 return; 264 } 265 266 /* Get pointers to the hardware addresses */ 267 hw_s = data + sizeof(ar); 268 hw_t = hw_s + ar.ar_hln + ar.ar_pln; 269 /* Ensure we got all the data */ 270 if ((size_t)((hw_t + ar.ar_hln + ar.ar_pln) - data) > len) 271 return; 272 /* Ignore messages from ourself */ 273 TAILQ_FOREACH(ifn, ifp->ctx->ifaces, next) { 274 if (ar.ar_hln == ifn->hwlen && 275 memcmp(hw_s, ifn->hwaddr, ifn->hwlen) == 0) 276 break; 277 } 278 if (ifn) { 279 #ifdef ARP_DEBUG 280 logdebugx("%s: ignoring ARP from self", ifp->name); 281 #endif 282 return; 283 } 284 /* Copy out the HW and IP addresses */ 285 memcpy(&arm.sha, hw_s, ar.ar_hln); 286 memcpy(&arm.sip.s_addr, hw_s + ar.ar_hln, ar.ar_pln); 287 memcpy(&arm.tha, hw_t, ar.ar_hln); 288 memcpy(&arm.tip.s_addr, hw_t + ar.ar_hln, ar.ar_pln); 289 290 #ifndef KERNEL_RFC5227 291 /* During ARP probe the 'sender hardware address' MUST contain the hardware 292 * address of the interface sending the packet. RFC5227, 1.1 */ 293 is_probe = ar.ar_op == htons(ARPOP_REQUEST) && IN_IS_ADDR_UNSPECIFIED(&arm.sip) && 294 bpf_flags & BPF_BCAST; 295 if (is_probe && falen > 0 && (falen != ar.ar_hln || 296 memcmp(&arm.sha, &arm.fsha, ar.ar_hln))) { 297 char abuf[HWADDR_LEN * 3]; 298 char fbuf[HWADDR_LEN * 3]; 299 hwaddr_ntoa(&arm.sha, ar.ar_hln, abuf, sizeof(abuf)); 300 hwaddr_ntoa(&arm.fsha, falen, fbuf, sizeof(fbuf)); 301 logwarnx("%s: invalid ARP probe, sender hw address mismatch (%s, %s)", 302 ifp->name, abuf, fbuf); 303 return; 304 } 305 #endif /* KERNEL_RFC5227 */ 306 307 /* Match the ARP probe to our states. 308 * Ignore Unicast Poll, RFC1122. */ 309 state = ARP_CSTATE(ifp); 310 if (state == NULL) 311 return; 312 TAILQ_FOREACH_SAFE(astate, &state->arp_states, next, astaten) { 313 if (IN_ARE_ADDR_EQUAL(&arm.sip, &astate->addr) || 314 (IN_IS_ADDR_UNSPECIFIED(&arm.sip) && 315 IN_ARE_ADDR_EQUAL(&arm.tip, &astate->addr) && 316 bpf_flags & BPF_BCAST)) 317 arp_found(astate, &arm); 318 } 319 } 320 321 static void 322 arp_read(void *arg, unsigned short events) 323 { 324 struct arp_state *astate = arg; 325 struct bpf *bpf = astate->bpf; 326 struct interface *ifp = astate->iface; 327 uint8_t buf[ARP_LEN]; 328 ssize_t bytes; 329 struct in_addr addr = astate->addr; 330 331 if (events != ELE_READ) 332 logerrx("%s: unexpected event 0x%04x", __func__, events); 333 334 /* Some RAW mechanisms are generic file descriptors, not sockets. 335 * This means we have no kernel call to just get one packet, 336 * so we have to process the entire buffer. */ 337 bpf->bpf_flags &= ~BPF_EOF; 338 while (!(bpf->bpf_flags & BPF_EOF)) { 339 bytes = bpf_read(bpf, buf, sizeof(buf)); 340 if (bytes == -1) { 341 logerr("%s: %s", __func__, ifp->name); 342 arp_free(astate); 343 return; 344 } 345 arp_packet(ifp, buf, (size_t)bytes, bpf->bpf_flags); 346 /* Check we still have a state after processing. */ 347 if ((astate = arp_find(ifp, &addr)) == NULL) 348 break; 349 if ((bpf = astate->bpf) == NULL) 350 break; 351 } 352 } 353 354 static void 355 arp_probed(void *arg) 356 { 357 struct arp_state *astate = arg; 358 359 timespecclear(&astate->defend); 360 astate->not_found_cb(astate); 361 } 362 363 static void 364 arp_probe1(void *arg) 365 { 366 struct arp_state *astate = arg; 367 struct interface *ifp = astate->iface; 368 unsigned int delay; 369 370 if (++astate->probes < PROBE_NUM) { 371 delay = (PROBE_MIN * MSEC_PER_SEC) + 372 (arc4random_uniform( 373 (PROBE_MAX - PROBE_MIN) * MSEC_PER_SEC)); 374 eloop_timeout_add_msec(ifp->ctx->eloop, delay, arp_probe1, astate); 375 } else { 376 delay = ANNOUNCE_WAIT * MSEC_PER_SEC; 377 eloop_timeout_add_msec(ifp->ctx->eloop, delay, arp_probed, astate); 378 } 379 logdebugx("%s: ARP probing %s (%d of %d), next in %0.1f seconds", 380 ifp->name, inet_ntoa(astate->addr), 381 astate->probes ? astate->probes : PROBE_NUM, PROBE_NUM, 382 (float)delay / MSEC_PER_SEC); 383 if (arp_request(astate, NULL) == -1) 384 logerr(__func__); 385 } 386 387 void 388 arp_probe(struct arp_state *astate) 389 { 390 391 astate->probes = 0; 392 logdebugx("%s: probing for %s", 393 astate->iface->name, inet_ntoa(astate->addr)); 394 arp_probe1(astate); 395 } 396 #endif /* ARP */ 397 398 struct arp_state * 399 arp_find(struct interface *ifp, const struct in_addr *addr) 400 { 401 struct iarp_state *state; 402 struct arp_state *astate; 403 404 if ((state = ARP_STATE(ifp)) == NULL) 405 goto out; 406 TAILQ_FOREACH(astate, &state->arp_states, next) { 407 if (astate->addr.s_addr == addr->s_addr && astate->iface == ifp) 408 return astate; 409 } 410 out: 411 errno = ESRCH; 412 return NULL; 413 } 414 415 static void 416 arp_announced(void *arg) 417 { 418 struct arp_state *astate = arg; 419 420 if (astate->announced_cb) { 421 astate->announced_cb(astate); 422 return; 423 } 424 425 /* Keep the ARP state open to handle ongoing ACD. */ 426 } 427 428 static void 429 arp_announce1(void *arg) 430 { 431 struct arp_state *astate = arg; 432 struct interface *ifp = astate->iface; 433 struct ipv4_addr *ia; 434 435 if (++astate->claims < ANNOUNCE_NUM) 436 logdebugx("%s: ARP announcing %s (%d of %d), " 437 "next in %d.0 seconds", 438 ifp->name, inet_ntoa(astate->addr), 439 astate->claims, ANNOUNCE_NUM, ANNOUNCE_WAIT); 440 else 441 logdebugx("%s: ARP announcing %s (%d of %d)", 442 ifp->name, inet_ntoa(astate->addr), 443 astate->claims, ANNOUNCE_NUM); 444 445 /* The kernel will send a Gratuitous ARP for newly added addresses. 446 * So we can avoid sending the same. 447 * Linux is special and doesn't send one. */ 448 ia = ipv4_iffindaddr(ifp, &astate->addr, NULL); 449 #ifndef __linux__ 450 if (astate->claims == 1 && ia != NULL && ia->flags & IPV4_AF_NEW) 451 goto skip_request; 452 #endif 453 454 if (arp_request(astate, &astate->addr) == -1) 455 logerr(__func__); 456 457 #ifndef __linux__ 458 skip_request: 459 #endif 460 /* No longer a new address. */ 461 if (ia != NULL) 462 ia->flags |= ~IPV4_AF_NEW; 463 464 eloop_timeout_add_sec(ifp->ctx->eloop, ANNOUNCE_WAIT, 465 astate->claims < ANNOUNCE_NUM ? arp_announce1 : arp_announced, 466 astate); 467 } 468 469 static void 470 arp_announce(struct arp_state *astate) 471 { 472 struct iarp_state *state; 473 struct interface *ifp; 474 struct arp_state *a2; 475 int r; 476 477 /* Cancel any other ARP announcements for this address. */ 478 TAILQ_FOREACH(ifp, astate->iface->ctx->ifaces, next) { 479 state = ARP_STATE(ifp); 480 if (state == NULL) 481 continue; 482 TAILQ_FOREACH(a2, &state->arp_states, next) { 483 if (astate == a2 || 484 a2->addr.s_addr != astate->addr.s_addr) 485 continue; 486 r = eloop_timeout_delete(a2->iface->ctx->eloop, 487 a2->claims < ANNOUNCE_NUM 488 ? arp_announce1 : arp_announced, 489 a2); 490 if (r == -1) 491 logerr(__func__); 492 else if (r != 0) { 493 logdebugx("%s: ARP announcement " 494 "of %s cancelled", 495 a2->iface->name, 496 inet_ntoa(a2->addr)); 497 arp_announced(a2); 498 } 499 } 500 } 501 502 astate->claims = 0; 503 arp_announce1(astate); 504 } 505 506 struct arp_state * 507 arp_ifannounceaddr(struct interface *ifp, const struct in_addr *ia) 508 { 509 struct arp_state *astate; 510 511 if (ifp->flags & IFF_NOARP || !(ifp->options->options & DHCPCD_ARP)) 512 return NULL; 513 514 astate = arp_find(ifp, ia); 515 if (astate == NULL) { 516 astate = arp_new(ifp, ia); 517 if (astate == NULL) 518 return NULL; 519 astate->announced_cb = arp_free; 520 } 521 arp_announce(astate); 522 return astate; 523 } 524 525 struct arp_state * 526 arp_announceaddr(struct dhcpcd_ctx *ctx, const struct in_addr *ia) 527 { 528 struct interface *ifp, *iff = NULL; 529 struct ipv4_addr *iap; 530 531 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 532 if (!ifp->active || !if_is_link_up(ifp)) 533 continue; 534 iap = ipv4_iffindaddr(ifp, ia, NULL); 535 if (iap == NULL) 536 continue; 537 #ifdef IN_IFF_NOTUSEABLE 538 if (iap->addr_flags & IN_IFF_NOTUSEABLE) 539 continue; 540 #endif 541 if (iff != NULL && iff->metric < ifp->metric) 542 continue; 543 iff = ifp; 544 } 545 if (iff == NULL) 546 return NULL; 547 548 return arp_ifannounceaddr(iff, ia); 549 } 550 551 struct arp_state * 552 arp_new(struct interface *ifp, const struct in_addr *addr) 553 { 554 struct iarp_state *state; 555 struct arp_state *astate; 556 557 if ((state = ARP_STATE(ifp)) == NULL) { 558 ifp->if_data[IF_DATA_ARP] = malloc(sizeof(*state)); 559 state = ARP_STATE(ifp); 560 if (state == NULL) { 561 logerr(__func__); 562 return NULL; 563 } 564 TAILQ_INIT(&state->arp_states); 565 } else { 566 if ((astate = arp_find(ifp, addr)) != NULL) 567 return astate; 568 } 569 570 if ((astate = calloc(1, sizeof(*astate))) == NULL) { 571 logerr(__func__); 572 return NULL; 573 } 574 astate->iface = ifp; 575 astate->addr = *addr; 576 577 #ifdef PRIVSEP 578 if (IN_PRIVSEP(ifp->ctx)) { 579 if (ps_bpf_openarp(ifp, addr) == -1) { 580 logerr(__func__); 581 free(astate); 582 return NULL; 583 } 584 } else 585 #endif 586 { 587 astate->bpf = bpf_open(ifp, bpf_arp, addr); 588 if (astate->bpf == NULL) { 589 logerr(__func__); 590 free(astate); 591 return NULL; 592 } 593 if (eloop_event_add(ifp->ctx->eloop, astate->bpf->bpf_fd, ELE_READ, 594 arp_read, astate) == -1) 595 logerr("%s: eloop_event_add", __func__); 596 } 597 598 599 state = ARP_STATE(ifp); 600 TAILQ_INSERT_TAIL(&state->arp_states, astate, next); 601 return astate; 602 } 603 604 void 605 arp_free(struct arp_state *astate) 606 { 607 struct interface *ifp; 608 struct dhcpcd_ctx *ctx; 609 struct iarp_state *state; 610 611 if (astate == NULL) 612 return; 613 614 ifp = astate->iface; 615 ctx = ifp->ctx; 616 eloop_timeout_delete(ctx->eloop, NULL, astate); 617 618 state = ARP_STATE(ifp); 619 TAILQ_REMOVE(&state->arp_states, astate, next); 620 if (astate->free_cb) 621 astate->free_cb(astate); 622 623 #ifdef PRIVSEP 624 if (IN_PRIVSEP(ctx) && ps_bpf_closearp(ifp, &astate->addr) == -1) 625 logerr(__func__); 626 #endif 627 if (astate->bpf != NULL) { 628 eloop_event_delete(ctx->eloop, astate->bpf->bpf_fd); 629 bpf_close(astate->bpf); 630 } 631 632 free(astate); 633 634 if (TAILQ_FIRST(&state->arp_states) == NULL) { 635 free(state); 636 ifp->if_data[IF_DATA_ARP] = NULL; 637 } 638 } 639 640 void 641 arp_freeaddr(struct interface *ifp, const struct in_addr *ia) 642 { 643 struct arp_state *astate; 644 645 astate = arp_find(ifp, ia); 646 arp_free(astate); 647 } 648 649 void 650 arp_drop(struct interface *ifp) 651 { 652 struct iarp_state *state; 653 struct arp_state *astate; 654 655 while ((state = ARP_STATE(ifp)) != NULL && 656 (astate = TAILQ_FIRST(&state->arp_states)) != NULL) 657 arp_free(astate); 658 } 659