1*bee06f07Skrw /* $OpenBSD: options.c,v 1.85 2017/04/08 17:00:10 krw Exp $ */ 29a2590e5Sderaadt 3e7eb2effShenning /* DHCP options parsing and reassembly. */ 49a2590e5Sderaadt 59a2590e5Sderaadt /* 69a2590e5Sderaadt * Copyright (c) 1995, 1996, 1997, 1998 The Internet Software Consortium. 79a2590e5Sderaadt * All rights reserved. 89a2590e5Sderaadt * 99a2590e5Sderaadt * Redistribution and use in source and binary forms, with or without 109a2590e5Sderaadt * modification, are permitted provided that the following conditions 119a2590e5Sderaadt * are met: 129a2590e5Sderaadt * 139a2590e5Sderaadt * 1. Redistributions of source code must retain the above copyright 149a2590e5Sderaadt * notice, this list of conditions and the following disclaimer. 159a2590e5Sderaadt * 2. Redistributions in binary form must reproduce the above copyright 169a2590e5Sderaadt * notice, this list of conditions and the following disclaimer in the 179a2590e5Sderaadt * documentation and/or other materials provided with the distribution. 189a2590e5Sderaadt * 3. Neither the name of The Internet Software Consortium nor the names 199a2590e5Sderaadt * of its contributors may be used to endorse or promote products derived 209a2590e5Sderaadt * from this software without specific prior written permission. 219a2590e5Sderaadt * 229a2590e5Sderaadt * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND 239a2590e5Sderaadt * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, 249a2590e5Sderaadt * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 259a2590e5Sderaadt * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 269a2590e5Sderaadt * DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR 279a2590e5Sderaadt * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 289a2590e5Sderaadt * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 299a2590e5Sderaadt * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 309a2590e5Sderaadt * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 319a2590e5Sderaadt * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 329a2590e5Sderaadt * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 339a2590e5Sderaadt * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 349a2590e5Sderaadt * SUCH DAMAGE. 359a2590e5Sderaadt * 369a2590e5Sderaadt * This software has been written for the Internet Software Consortium 379a2590e5Sderaadt * by Ted Lemon <mellon@fugue.com> in cooperation with Vixie 389a2590e5Sderaadt * Enterprises. To learn more about the Internet Software Consortium, 399a2590e5Sderaadt * see ``http://www.vix.com/isc''. To learn more about Vixie 409a2590e5Sderaadt * Enterprises, see ``http://www.vix.com''. 419a2590e5Sderaadt */ 429a2590e5Sderaadt 43711cae1eSkrw #include <sys/queue.h> 44711cae1eSkrw #include <sys/socket.h> 459a2590e5Sderaadt 46711cae1eSkrw #include <arpa/inet.h> 47711cae1eSkrw 48711cae1eSkrw #include <net/if.h> 49711cae1eSkrw 50711cae1eSkrw #include <netinet/in.h> 51711cae1eSkrw #include <netinet/if_ether.h> 52711cae1eSkrw 53711cae1eSkrw #include <ctype.h> 54711cae1eSkrw #include <signal.h> 55711cae1eSkrw #include <stdio.h> 56711cae1eSkrw #include <stdlib.h> 57711cae1eSkrw #include <string.h> 588d2bd14bSkrw #include <vis.h> 598d2bd14bSkrw 60711cae1eSkrw #include "dhcp.h" 61711cae1eSkrw #include "dhcpd.h" 62385a6373Skrw #include "log.h" 63711cae1eSkrw 6402e02bd5Skrw int parse_option_buffer(struct option_data *, unsigned char *, int); 65968fe952Skrw int expand_search_domain_name(unsigned char *, size_t, int *, unsigned char *); 669a2590e5Sderaadt 67c714dadcShenning /* 68c714dadcShenning * Parse options out of the specified buffer, storing addresses of 6992018899Skrw * option values in options. Return 0 if errors, 1 if not. 70c714dadcShenning */ 7102e02bd5Skrw int 724f062ee3Skrw parse_option_buffer(struct option_data *options, unsigned char *buffer, 734f062ee3Skrw int length) 749a2590e5Sderaadt { 75285f06efSderaadt unsigned char *s, *t, *end = buffer + length; 76285f06efSderaadt int len, code; 779a2590e5Sderaadt 789a2590e5Sderaadt for (s = buffer; *s != DHO_END && s < end; ) { 799a2590e5Sderaadt code = s[0]; 809a2590e5Sderaadt 819a2590e5Sderaadt /* Pad options don't have a length - just skip them. */ 829a2590e5Sderaadt if (code == DHO_PAD) { 83f1e89499Shenning s++; 849a2590e5Sderaadt continue; 859a2590e5Sderaadt } 869a2590e5Sderaadt 87c714dadcShenning /* 8899c003b1Skrw * All options other than DHO_PAD and DHO_END have a one-byte 8999c003b1Skrw * length field. It could be 0! Make sure that the length byte 9099c003b1Skrw * is present, and all the data is available. 91c714dadcShenning */ 9299c003b1Skrw if (s + 1 < end) { 939a2590e5Sderaadt len = s[1]; 9499c003b1Skrw if (s + 1 + len < end) { 9599c003b1Skrw ; /* option data is all there. */ 9699c003b1Skrw } else { 97385a6373Skrw log_warnx("option %s (%d) larger than buffer.", 98b6fc88b9Skrw dhcp_options[code].name, len); 9902e02bd5Skrw return (0); 1009a2590e5Sderaadt } 10199c003b1Skrw } else { 102385a6373Skrw log_warnx("option %s has no length field.", 10399c003b1Skrw dhcp_options[code].name); 10499c003b1Skrw return (0); 10599c003b1Skrw } 106df453039Skrw 107df453039Skrw /* 108df453039Skrw * Strip trailing NULs from ascii ('t') options. They 109df453039Skrw * will be treated as DHO_PAD options. i.e. ignored. RFC 2132 110df453039Skrw * says "Options containing NVT ASCII data SHOULD NOT include 111df453039Skrw * a trailing NULL; however, the receiver of such options 112df453039Skrw * MUST be prepared to delete trailing nulls if they exist." 113df453039Skrw */ 114df453039Skrw if (dhcp_options[code].format[0] == 't') { 11599c003b1Skrw while (len > 0 && s[len + 1] == '\0') 11699c003b1Skrw len--; 117df453039Skrw } 118df453039Skrw 119c714dadcShenning /* 120c714dadcShenning * If we haven't seen this option before, just make 121c714dadcShenning * space for it and copy it there. 122c714dadcShenning */ 1234f062ee3Skrw if (!options[code].data) { 1248e916ab9Shenning if (!(t = calloc(1, len + 1))) 125385a6373Skrw fatalx("Can't allocate storage for option %s.", 1269a2590e5Sderaadt dhcp_options[code].name); 127c714dadcShenning /* 128c714dadcShenning * Copy and NUL-terminate the option (in case 129cff08477Sstevesk * it's an ASCII string). 130c714dadcShenning */ 1319a2590e5Sderaadt memcpy(t, &s[2], len); 1329a2590e5Sderaadt t[len] = 0; 1334f062ee3Skrw options[code].len = len; 1344f062ee3Skrw options[code].data = t; 1359a2590e5Sderaadt } else { 136c714dadcShenning /* 137c714dadcShenning * If it's a repeat, concatenate it to whatever 13892018899Skrw * we last saw. 139c714dadcShenning */ 1404f062ee3Skrw t = calloc(1, len + options[code].len + 1); 1419a2590e5Sderaadt if (!t) 142385a6373Skrw fatalx("Can't expand storage for option %s.", 1439a2590e5Sderaadt dhcp_options[code].name); 1444f062ee3Skrw memcpy(t, options[code].data, options[code].len); 1454f062ee3Skrw memcpy(t + options[code].len, &s[2], len); 1464f062ee3Skrw options[code].len += len; 1474f062ee3Skrw t[options[code].len] = 0; 1484f062ee3Skrw free(options[code].data); 1494f062ee3Skrw options[code].data = t; 1509a2590e5Sderaadt } 1519a2590e5Sderaadt s += len + 2; 1529a2590e5Sderaadt } 15302e02bd5Skrw 15402e02bd5Skrw return (1); 1559a2590e5Sderaadt } 1569a2590e5Sderaadt 157c714dadcShenning /* 15896978980Skrw * Copy as many options as fit in buflen bytes of buf. Return the 15996978980Skrw * offset of the start of the last option copied. A caller can check 16096978980Skrw * to see if it's DHO_END to decide if all the options were copied. 161c714dadcShenning */ 162c714dadcShenning int 1636a2ee11aSmpi cons_options(struct interface_info *ifi, struct option_data *options) 1649a2590e5Sderaadt { 1656a2ee11aSmpi struct client_state *client = ifi->client; 166e7cf2d10Skrw unsigned char *buf = client->bootrequest_packet.options; 167d6a67f0fSkrw int buflen = 576 - DHCP_FIXED_LEN; 16896978980Skrw int ix, incr, length, bufix, code, lastopt = -1; 1699a2590e5Sderaadt 170736b0ed2Skrw memset(buf, 0, buflen); 1719a2590e5Sderaadt 17296978980Skrw memcpy(buf, DHCP_OPTIONS_COOKIE, 4); 173d6a67f0fSkrw if (options[DHO_DHCP_MESSAGE_TYPE].data) { 174d6a67f0fSkrw memcpy(&buf[4], DHCP_OPTIONS_MESSAGE_TYPE, 3); 175d6a67f0fSkrw buf[6] = options[DHO_DHCP_MESSAGE_TYPE].data[0]; 176d6a67f0fSkrw bufix = 7; 177d6a67f0fSkrw } else 17896978980Skrw bufix = 4; 1799a2590e5Sderaadt 18096978980Skrw for (code = DHO_SUBNET_MASK; code < DHO_END; code++) { 181d6a67f0fSkrw if (!options[code].data || code == DHO_DHCP_MESSAGE_TYPE) 1829a2590e5Sderaadt continue; 1839a2590e5Sderaadt 184d7d9bbf5Skrw length = options[code].len; 18596978980Skrw if (bufix + length + 2*((length+254)/255) >= buflen) 18696978980Skrw return (lastopt); 1879a2590e5Sderaadt 18896978980Skrw lastopt = bufix; 1899a2590e5Sderaadt ix = 0; 1909a2590e5Sderaadt 1919a2590e5Sderaadt while (length) { 19296978980Skrw incr = length > 255 ? 255 : length; 1939a2590e5Sderaadt 19496978980Skrw buf[bufix++] = code; 19596978980Skrw buf[bufix++] = incr; 19696978980Skrw memcpy(buf + bufix, options[code].data + ix, incr); 1979a2590e5Sderaadt 1989a2590e5Sderaadt length -= incr; 1999a2590e5Sderaadt ix += incr; 2006fc9f4f6Skrw bufix += incr; 2019a2590e5Sderaadt } 2029a2590e5Sderaadt } 20396978980Skrw 20496978980Skrw if (bufix < buflen) { 20596978980Skrw buf[bufix] = DHO_END; 20696978980Skrw lastopt = bufix; 20796978980Skrw } 20896978980Skrw 20996978980Skrw return (lastopt); 2109a2590e5Sderaadt } 2119a2590e5Sderaadt 212c714dadcShenning /* 213482123e8Skrw * Use vis() to encode characters of src and append encoded characters onto 214482123e8Skrw * dst. Also encode ", ', $, ` and \, to ensure resulting strings can be 215482123e8Skrw * represented as '"' delimited strings and safely passed to scripts. Surround 216482123e8Skrw * result with double quotes if emit_punct is true. 217482123e8Skrw */ 218*bee06f07Skrw char * 219*bee06f07Skrw pretty_print_string(unsigned char *src, size_t srclen, int emit_punct) 220482123e8Skrw { 221*bee06f07Skrw static char string[8196]; 222482123e8Skrw char visbuf[5]; 223482123e8Skrw unsigned char *origsrc = src; 224*bee06f07Skrw size_t rslt = 0; 225482123e8Skrw 226*bee06f07Skrw memset(string, 0, sizeof(string)); 227*bee06f07Skrw 228*bee06f07Skrw if (emit_punct) 229*bee06f07Skrw rslt = strlcat(string, "\"", sizeof(string)); 230482123e8Skrw 231482123e8Skrw for (; src < origsrc + srclen; src++) { 232482123e8Skrw if (*src && strchr("\"'$`\\", *src)) 233642cc348Skrw vis(visbuf, *src, VIS_ALL | VIS_OCTAL, *src+1); 234642cc348Skrw else 235482123e8Skrw vis(visbuf, *src, VIS_OCTAL, *src+1); 236*bee06f07Skrw rslt = strlcat(string, visbuf, sizeof(string)); 237482123e8Skrw } 238482123e8Skrw 239*bee06f07Skrw if (emit_punct) 240*bee06f07Skrw rslt = strlcat(string, "\"", sizeof(string)); 241*bee06f07Skrw 242*bee06f07Skrw if (rslt >= sizeof(string)) 243*bee06f07Skrw return (NULL); 244*bee06f07Skrw 245*bee06f07Skrw return (string); 246482123e8Skrw } 247482123e8Skrw 248482123e8Skrw /* 2495714f486Skrw * Must special case *_CLASSLESS_* route options due to the variable size 2505714f486Skrw * of the CIDR element in its CIA format. 2515714f486Skrw */ 2525714f486Skrw int 2535714f486Skrw pretty_print_classless_routes(unsigned char *dst, size_t dstlen, 2545714f486Skrw unsigned char *src, size_t srclen) 2555714f486Skrw { 2565714f486Skrw struct in_addr mask, gateway; 2575714f486Skrw int opcount = 0, total = 0, bits, bytes; 2585714f486Skrw char ntoabuf[INET_ADDRSTRLEN]; 2595714f486Skrw 2605714f486Skrw while (srclen && dstlen) { 2615714f486Skrw bits = *src; 2625714f486Skrw src++; 2635714f486Skrw srclen--; 2645714f486Skrw bytes = (bits + 7) / 8; 2655714f486Skrw if (srclen < bytes || bytes > sizeof(mask.s_addr)) 2665714f486Skrw break; 2675714f486Skrw memset(&mask, 0, sizeof(mask)); 2685714f486Skrw memcpy(&mask.s_addr, src, bytes); 2695714f486Skrw src += bytes; 2705714f486Skrw srclen -= bytes; 2715714f486Skrw strlcpy(ntoabuf, inet_ntoa(mask), sizeof(ntoabuf)); 2725714f486Skrw if (srclen < sizeof(gateway.s_addr)) 2735714f486Skrw break; 2745714f486Skrw memcpy(&gateway.s_addr, src, sizeof(gateway.s_addr)); 2755714f486Skrw src += sizeof(gateway.s_addr); 2765714f486Skrw srclen -= sizeof(gateway.s_addr); 2775714f486Skrw opcount = snprintf(dst, dstlen, "%s%s/%u %s", 2785714f486Skrw total ? ", " : "", ntoabuf, bits, 2795714f486Skrw inet_ntoa(gateway)); 2805714f486Skrw if (opcount == -1) 2815714f486Skrw return (-1); 2825714f486Skrw total += opcount; 2835714f486Skrw if (opcount >= dstlen) 2845714f486Skrw break; 2855714f486Skrw dst += opcount; 2865714f486Skrw dstlen -= opcount; 2875714f486Skrw } 2885714f486Skrw 2895714f486Skrw return (total); 2905714f486Skrw } 2915714f486Skrw 292968fe952Skrw int 293968fe952Skrw expand_search_domain_name(unsigned char *src, size_t srclen, int *offset, 294968fe952Skrw unsigned char *domain_search) 295968fe952Skrw { 296968fe952Skrw int domain_name_len, i, label_len, pointer, pointed_len; 297968fe952Skrw char *cursor; 298968fe952Skrw 299968fe952Skrw cursor = domain_search + strlen(domain_search); 300968fe952Skrw domain_name_len = 0; 301968fe952Skrw 302968fe952Skrw i = *offset; 303968fe952Skrw while (i <= srclen) { 304968fe952Skrw label_len = src[i]; 305968fe952Skrw if (label_len == 0) { 306968fe952Skrw /* 307968fe952Skrw * A zero-length label marks the end of this 308968fe952Skrw * domain name. 309968fe952Skrw */ 310968fe952Skrw *offset = i + 1; 311968fe952Skrw return (domain_name_len); 312968fe952Skrw } else if (label_len & 0xC0) { 313968fe952Skrw /* This is a pointer to another list of labels. */ 314968fe952Skrw if (i + 1 >= srclen) { 315968fe952Skrw /* The pointer is truncated. */ 316385a6373Skrw log_warnx("Truncated pointer in DHCP Domain " 317968fe952Skrw "Search option."); 318968fe952Skrw return (-1); 319968fe952Skrw } 320968fe952Skrw 321968fe952Skrw pointer = ((label_len & ~(0xC0)) << 8) + src[i + 1]; 322968fe952Skrw if (pointer >= *offset) { 323968fe952Skrw /* 324968fe952Skrw * The pointer must indicates a prior 325968fe952Skrw * occurance. 326968fe952Skrw */ 327385a6373Skrw log_warnx("Invalid forward pointer in DHCP " 328968fe952Skrw "Domain Search option compression."); 329968fe952Skrw return (-1); 330968fe952Skrw } 331968fe952Skrw 332968fe952Skrw pointed_len = expand_search_domain_name(src, srclen, 333968fe952Skrw &pointer, domain_search); 334968fe952Skrw domain_name_len += pointed_len; 335968fe952Skrw 336968fe952Skrw *offset = i + 2; 337968fe952Skrw return (domain_name_len); 338968fe952Skrw } 339968fe952Skrw if (i + label_len + 1 > srclen) { 340385a6373Skrw log_warnx("Truncated label in DHCP Domain Search " 341968fe952Skrw "option."); 342968fe952Skrw return (-1); 343968fe952Skrw } 344968fe952Skrw /* 345968fe952Skrw * Update the domain name length with the length of the 346968fe952Skrw * current label, plus a trailing dot ('.'). 347968fe952Skrw */ 348968fe952Skrw domain_name_len += label_len + 1; 349968fe952Skrw 350968fe952Skrw if (strlen(domain_search) + domain_name_len >= 351968fe952Skrw DHCP_DOMAIN_SEARCH_LEN) { 352385a6373Skrw log_warnx("Domain search list too long."); 353968fe952Skrw return (-1); 354968fe952Skrw } 355968fe952Skrw 356968fe952Skrw /* Copy the label found. */ 357968fe952Skrw memcpy(cursor, src + i + 1, label_len); 358968fe952Skrw cursor[label_len] = '.'; 359968fe952Skrw 360968fe952Skrw /* Move cursor. */ 361968fe952Skrw i += label_len + 1; 362968fe952Skrw cursor += label_len + 1; 363968fe952Skrw } 364968fe952Skrw 365385a6373Skrw log_warnx("Truncated DHCP Domain Search option."); 366968fe952Skrw 367968fe952Skrw return (-1); 368968fe952Skrw } 369968fe952Skrw 370968fe952Skrw /* 371968fe952Skrw * Must special case DHO_DOMAIN_SEARCH because it is encoded as described 372968fe952Skrw * in RFC 1035 section 4.1.4. 373968fe952Skrw */ 3744d36d16aSkrw char * 3754d36d16aSkrw pretty_print_domain_search(unsigned char *src, size_t srclen) 376968fe952Skrw { 3774d36d16aSkrw static char domain_search[DHCP_DOMAIN_SEARCH_LEN]; 378968fe952Skrw int offset, len, expanded_len, domains; 3794d36d16aSkrw unsigned char *cursor; 380968fe952Skrw 3814d36d16aSkrw memset(domain_search, 0, sizeof(domain_search)); 382968fe952Skrw 383968fe952Skrw /* Compute expanded length. */ 384968fe952Skrw expanded_len = len = 0; 385968fe952Skrw domains = 0; 386968fe952Skrw offset = 0; 387968fe952Skrw while (offset < srclen) { 388968fe952Skrw cursor = domain_search + strlen(domain_search); 389968fe952Skrw if (domain_search[0]) { 390968fe952Skrw *cursor = ' '; 391968fe952Skrw expanded_len++; 392968fe952Skrw } 393968fe952Skrw len = expand_search_domain_name(src, srclen, &offset, 394968fe952Skrw domain_search); 3954d36d16aSkrw if (len == -1) 3964d36d16aSkrw return (NULL); 397968fe952Skrw domains++; 398968fe952Skrw expanded_len += len; 3994d36d16aSkrw if (domains > DHCP_DOMAIN_SEARCH_CNT) 4004d36d16aSkrw return (NULL); 401968fe952Skrw } 402968fe952Skrw 4034d36d16aSkrw return (domain_search); 404968fe952Skrw } 405968fe952Skrw 4065714f486Skrw /* 407c714dadcShenning * Format the specified option so that a human can easily read it. 408c714dadcShenning */ 409c714dadcShenning char * 410acf4c28bSkrw pretty_print_option(unsigned int code, struct option_data *option, 411acf4c28bSkrw int emit_punct) 4129a2590e5Sderaadt { 413*bee06f07Skrw static char optbuf[8192]; /* XXX */ 414285f06efSderaadt int hunksize = 0, numhunk = -1, numelem = 0; 415*bee06f07Skrw char fmtbuf[32], *op = optbuf, *buf; 416285f06efSderaadt int i, j, k, opleft = sizeof(optbuf); 417acf4c28bSkrw unsigned char *data = option->data; 4189a2590e5Sderaadt unsigned char *dp = data; 419acf4c28bSkrw int len = option->len; 420f3a8c5fdSkrw int opcount = 0; 4219a2590e5Sderaadt struct in_addr foo; 4229a2590e5Sderaadt char comma; 423bce09e58Skrw int32_t int32val; 424bce09e58Skrw u_int32_t uint32val; 425bce09e58Skrw u_int16_t uint16val; 4269a2590e5Sderaadt 4272f18daabSkrw memset(optbuf, 0, sizeof(optbuf)); 4282f18daabSkrw 4299a2590e5Sderaadt /* Code should be between 0 and 255. */ 4302f18daabSkrw if (code > 255) { 431385a6373Skrw log_warnx("pretty_print_option: bad code %d", code); 4322f18daabSkrw goto done; 4332f18daabSkrw } 4349a2590e5Sderaadt 435acf4c28bSkrw if (emit_punct) 4369a2590e5Sderaadt comma = ','; 4379a2590e5Sderaadt else 4389a2590e5Sderaadt comma = ' '; 4399a2590e5Sderaadt 4405714f486Skrw /* Handle the princess class options with weirdo formats. */ 4415714f486Skrw switch (code) { 4425714f486Skrw case DHO_CLASSLESS_STATIC_ROUTES: 4435714f486Skrw case DHO_CLASSLESS_MS_STATIC_ROUTES: 4445714f486Skrw opcount = pretty_print_classless_routes(op, opleft, dp, len); 4455714f486Skrw if (opcount >= opleft || opcount == -1) 4465714f486Skrw goto toobig; 4475714f486Skrw goto done; 4485714f486Skrw default: 4495714f486Skrw break; 4505714f486Skrw } 4515714f486Skrw 4529a2590e5Sderaadt /* Figure out the size of the data. */ 4539a2590e5Sderaadt for (i = 0; dhcp_options[code].format[i]; i++) { 4549a2590e5Sderaadt if (!numhunk) { 455833082e5Skrw log_warnx("%s: Excess information in format string: " 456833082e5Skrw "%s", dhcp_options[code].name, 4579a2590e5Sderaadt &(dhcp_options[code].format[i])); 4582f18daabSkrw goto done; 4599a2590e5Sderaadt } 4609a2590e5Sderaadt numelem++; 4619a2590e5Sderaadt fmtbuf[i] = dhcp_options[code].format[i]; 4629a2590e5Sderaadt switch (dhcp_options[code].format[i]) { 4639a2590e5Sderaadt case 'A': 4649a2590e5Sderaadt --numelem; 4659a2590e5Sderaadt fmtbuf[i] = 0; 4669a2590e5Sderaadt numhunk = 0; 46729432cd9Sphessler if (hunksize == 0) { 468385a6373Skrw log_warnx("%s: no size indicator before A" 46929432cd9Sphessler " in format string: %s", 47029432cd9Sphessler dhcp_options[code].name, 47129432cd9Sphessler dhcp_options[code].format); 4722f18daabSkrw goto done; 47329432cd9Sphessler } 4749a2590e5Sderaadt break; 4759a2590e5Sderaadt case 'X': 476c714dadcShenning for (k = 0; k < len; k++) 4779a2590e5Sderaadt if (!isascii(data[k]) || 4789a2590e5Sderaadt !isprint(data[k])) 4799a2590e5Sderaadt break; 480b54c879eShenning if (k == len) { 4819a2590e5Sderaadt fmtbuf[i] = 't'; 4829a2590e5Sderaadt numhunk = -2; 4839a2590e5Sderaadt } else { 4849a2590e5Sderaadt hunksize++; 4859a2590e5Sderaadt comma = ':'; 4869a2590e5Sderaadt numhunk = 0; 4879a2590e5Sderaadt } 4889a2590e5Sderaadt fmtbuf[i + 1] = 0; 4899a2590e5Sderaadt break; 4909a2590e5Sderaadt case 't': 4919a2590e5Sderaadt fmtbuf[i + 1] = 0; 4929a2590e5Sderaadt numhunk = -2; 4939a2590e5Sderaadt break; 4949a2590e5Sderaadt case 'I': 4959a2590e5Sderaadt case 'l': 4969a2590e5Sderaadt case 'L': 4979a2590e5Sderaadt hunksize += 4; 4989a2590e5Sderaadt break; 4999a2590e5Sderaadt case 'S': 5009a2590e5Sderaadt hunksize += 2; 5019a2590e5Sderaadt break; 5029a2590e5Sderaadt case 'B': 5039a2590e5Sderaadt case 'f': 5049a2590e5Sderaadt hunksize++; 5059a2590e5Sderaadt break; 5069a2590e5Sderaadt case 'e': 5079a2590e5Sderaadt break; 5089a2590e5Sderaadt default: 509385a6373Skrw log_warnx("%s: garbage in format string: %s", 5109a2590e5Sderaadt dhcp_options[code].name, 5119a2590e5Sderaadt &(dhcp_options[code].format[i])); 5122f18daabSkrw goto done; 5139a2590e5Sderaadt } 5149a2590e5Sderaadt } 5159a2590e5Sderaadt 516d22f105fSkrw /* Check for too few bytes. */ 5179a2590e5Sderaadt if (hunksize > len) { 518385a6373Skrw log_warnx("%s: expecting at least %d bytes; got %d", 519c714dadcShenning dhcp_options[code].name, hunksize, len); 5202f18daabSkrw goto done; 5219a2590e5Sderaadt } 522d22f105fSkrw /* Check for too many bytes. */ 5232f18daabSkrw if (numhunk == -1 && hunksize < len) { 524385a6373Skrw log_warnx("%s: expecting only %d bytes: got %d", 52528f2359aSkrw dhcp_options[code].name, hunksize, len); 5262f18daabSkrw goto done; 5272f18daabSkrw } 5289a2590e5Sderaadt 5299a2590e5Sderaadt /* If this is an array, compute its size. */ 5309a2590e5Sderaadt if (!numhunk) 5319a2590e5Sderaadt numhunk = len / hunksize; 5329a2590e5Sderaadt /* See if we got an exact number of hunks. */ 5332f18daabSkrw if (numhunk > 0 && numhunk * hunksize != len) { 534385a6373Skrw log_warnx("%s: expecting %d bytes: got %d", 5352f18daabSkrw dhcp_options[code].name, numhunk * hunksize, len); 5362f18daabSkrw goto done; 5372f18daabSkrw } 5389a2590e5Sderaadt 5399a2590e5Sderaadt /* A one-hunk array prints the same as a single hunk. */ 5409a2590e5Sderaadt if (numhunk < 0) 5419a2590e5Sderaadt numhunk = 1; 5429a2590e5Sderaadt 5439a2590e5Sderaadt /* Cycle through the array (or hunk) printing the data. */ 5449a2590e5Sderaadt for (i = 0; i < numhunk; i++) { 5459a2590e5Sderaadt for (j = 0; j < numelem; j++) { 5469a2590e5Sderaadt switch (fmtbuf[j]) { 5479a2590e5Sderaadt case 't': 548*bee06f07Skrw buf = pretty_print_string(dp, len, emit_punct); 549*bee06f07Skrw if (buf == NULL) 550*bee06f07Skrw opcount = -1; 551*bee06f07Skrw else 552*bee06f07Skrw opcount = strlcat(op, buf, opleft); 5539a2590e5Sderaadt break; 5549a2590e5Sderaadt case 'I': 555e95625edSkrw memcpy(&foo.s_addr, dp, sizeof(foo.s_addr)); 556f3a8c5fdSkrw opcount = snprintf(op, opleft, "%s", 557f3a8c5fdSkrw inet_ntoa(foo)); 558e95625edSkrw dp += sizeof(foo.s_addr); 5599a2590e5Sderaadt break; 5609a2590e5Sderaadt case 'l': 561bce09e58Skrw memcpy(&int32val, dp, sizeof(int32val)); 562bce09e58Skrw opcount = snprintf(op, opleft, "%d", 563bce09e58Skrw ntohl(int32val)); 564bce09e58Skrw dp += sizeof(int32val); 5659a2590e5Sderaadt break; 5669a2590e5Sderaadt case 'L': 567bce09e58Skrw memcpy(&uint32val, dp, sizeof(uint32val)); 568bce09e58Skrw opcount = snprintf(op, opleft, "%u", 569bce09e58Skrw ntohl(uint32val)); 570bce09e58Skrw dp += sizeof(uint32val); 5719a2590e5Sderaadt break; 5729a2590e5Sderaadt case 'S': 573bce09e58Skrw memcpy(&uint16val, dp, sizeof(uint16val)); 574bce09e58Skrw opcount = snprintf(op, opleft, "%hu", 575bce09e58Skrw ntohs(uint16val)); 576bce09e58Skrw dp += sizeof(uint16val); 5779a2590e5Sderaadt break; 5789a2590e5Sderaadt case 'B': 579221bd6c0Skrw opcount = snprintf(op, opleft, "%u", *dp); 580de3ca9dbSkrw dp++; 5819a2590e5Sderaadt break; 582920d03efSkrw case 'X': 583de3ca9dbSkrw opcount = snprintf(op, opleft, "%x", *dp); 584de3ca9dbSkrw dp++; 5859a2590e5Sderaadt break; 5869a2590e5Sderaadt case 'f': 587f3a8c5fdSkrw opcount = snprintf(op, opleft, "%s", 588f3a8c5fdSkrw *dp ? "true" : "false"); 589de3ca9dbSkrw dp++; 5909a2590e5Sderaadt break; 5919a2590e5Sderaadt default: 592833082e5Skrw log_warnx("Unexpected format code %c", 593833082e5Skrw fmtbuf[j]); 5949a2590e5Sderaadt goto toobig; 595f3a8c5fdSkrw } 596f3a8c5fdSkrw if (opcount >= opleft || opcount == -1) 597f3a8c5fdSkrw goto toobig; 598f3a8c5fdSkrw opleft -= opcount; 599f3a8c5fdSkrw op += opcount; 6009a2590e5Sderaadt if (j + 1 < numelem && comma != ':') { 601f3a8c5fdSkrw opcount = snprintf(op, opleft, " "); 602f3a8c5fdSkrw if (opcount >= opleft || opcount == -1) 603f3a8c5fdSkrw goto toobig; 604f3a8c5fdSkrw opleft -= opcount; 605f3a8c5fdSkrw op += opcount; 6069a2590e5Sderaadt } 6079a2590e5Sderaadt } 6089a2590e5Sderaadt if (i + 1 < numhunk) { 609f3a8c5fdSkrw opcount = snprintf(op, opleft, "%c", comma); 610f3a8c5fdSkrw if (opcount >= opleft || opcount == -1) 6119a2590e5Sderaadt goto toobig; 612f3a8c5fdSkrw opleft -= opcount; 613f3a8c5fdSkrw op += opcount; 614f3a8c5fdSkrw } 6159a2590e5Sderaadt } 6162f18daabSkrw 6172f18daabSkrw done: 618c714dadcShenning return (optbuf); 6192f18daabSkrw 6209a2590e5Sderaadt toobig: 6212f18daabSkrw memset(optbuf, 0, sizeof(optbuf)); 6222f18daabSkrw return (optbuf); 6239a2590e5Sderaadt } 6249a2590e5Sderaadt 625c714dadcShenning void 626916c3997Smpi do_packet(struct interface_info *ifi, unsigned int from_port, 627916c3997Smpi struct in_addr from, struct ether_addr *hfrom) 6289a2590e5Sderaadt { 6296a2ee11aSmpi struct client_state *client = ifi->client; 63002e02bd5Skrw struct dhcp_packet *packet = &client->packet; 6314f062ee3Skrw struct option_data options[256]; 632b21b72f8Skrw struct reject_elem *ap; 63333b81fd8Smpi void (*handler)(struct interface_info *, struct in_addr, 63433b81fd8Smpi struct option_data *, char *); 6356896c986Skrw char *type, *info; 6366896c986Skrw int i, rslt, options_valid = 1; 6379a2590e5Sderaadt 638393831bbSkrw if (packet->hlen != ETHER_ADDR_LEN) { 639aff84b99Skrw #ifdef DEBUG 640385a6373Skrw log_debug("Discarding packet with hlen != %s (%u)", 641aff84b99Skrw ifi->name, packet->hlen); 64268c1ec45Skrw #endif /* DEBUG */ 643aff84b99Skrw return; 644393831bbSkrw } else if (memcmp(&ifi->hw_address, packet->chaddr, 645393831bbSkrw sizeof(ifi->hw_address))) { 646aff84b99Skrw #ifdef DEBUG 647833082e5Skrw log_debug("Discarding packet with chaddr != %s (%s)", 648833082e5Skrw ifi->name, 649aff84b99Skrw ether_ntoa((struct ether_addr *)packet->chaddr)); 65068c1ec45Skrw #endif /* DEBUG */ 6519a2590e5Sderaadt return; 6529a2590e5Sderaadt } 6539a2590e5Sderaadt 654aff84b99Skrw if (client->xid != client->packet.xid) { 655aff84b99Skrw #ifdef DEBUG 656385a6373Skrw log_debug("Discarding packet with XID != %u (%u)", client->xid, 657aff84b99Skrw client->packet.xid); 65868c1ec45Skrw #endif /* DEBUG */ 65902e02bd5Skrw return; 660aff84b99Skrw } 661aff84b99Skrw 662649a5e03Skrw TAILQ_FOREACH(ap, &config->reject_list, next) 663aff84b99Skrw if (from.s_addr == ap->addr.s_addr) { 664aff84b99Skrw #ifdef DEBUG 665833082e5Skrw log_debug("Discarding packet from address on reject " 666833082e5Skrw "list (%s)", inet_ntoa(from)); 66768c1ec45Skrw #endif /* DEBUG */ 668aff84b99Skrw return; 669aff84b99Skrw } 6709a2590e5Sderaadt 67102e02bd5Skrw memset(options, 0, sizeof(options)); 67202e02bd5Skrw 67302e02bd5Skrw if (memcmp(&packet->options, DHCP_OPTIONS_COOKIE, 4) == 0) { 67402e02bd5Skrw /* Parse the BOOTP/DHCP options field. */ 67502e02bd5Skrw options_valid = parse_option_buffer(options, 67602e02bd5Skrw &packet->options[4], sizeof(packet->options) - 4); 67702e02bd5Skrw 67802e02bd5Skrw /* Only DHCP packets have overload areas for options. */ 67902e02bd5Skrw if (options_valid && 68002e02bd5Skrw options[DHO_DHCP_MESSAGE_TYPE].data && 68102e02bd5Skrw options[DHO_DHCP_OPTION_OVERLOAD].data) { 68202e02bd5Skrw if (options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 1) 68302e02bd5Skrw options_valid = parse_option_buffer(options, 68402e02bd5Skrw (unsigned char *)packet->file, 68502e02bd5Skrw sizeof(packet->file)); 68602e02bd5Skrw if (options_valid && 68702e02bd5Skrw options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 2) 68802e02bd5Skrw options_valid = parse_option_buffer(options, 68902e02bd5Skrw (unsigned char *)packet->sname, 69002e02bd5Skrw sizeof(packet->sname)); 69102e02bd5Skrw } 69218d08eb0Skrw 69318d08eb0Skrw /* 69418d08eb0Skrw * RFC 6842 says if the server sends a client identifier 69518d08eb0Skrw * that doesn't match then the packet must be dropped. 69618d08eb0Skrw */ 69718d08eb0Skrw i = DHO_DHCP_CLIENT_IDENTIFIER; 69818d08eb0Skrw if ((options[i].len != 0) && 69918d08eb0Skrw ((options[i].len != config->send_options[i].len) || 70018d08eb0Skrw memcmp(options[i].data, config->send_options[i].data, 70118d08eb0Skrw options[i].len) != 0)) { 70218d08eb0Skrw #ifdef DEBUG 703833082e5Skrw log_debug("Discarding packet with client-identifier " 704833082e5Skrw "'%s'", pretty_print_option(i, &options[i], 0)); 70568c1ec45Skrw #endif /* DEBUG */ 70618d08eb0Skrw goto done; 70718d08eb0Skrw } 70802e02bd5Skrw } 70902e02bd5Skrw 7106896c986Skrw type = "<unknown>"; 71102e02bd5Skrw handler = NULL; 71202e02bd5Skrw 7134f062ee3Skrw if (options[DHO_DHCP_MESSAGE_TYPE].data) { 71402e02bd5Skrw /* Always try a DHCP packet, even if a bad option was seen. */ 71502e02bd5Skrw switch (options[DHO_DHCP_MESSAGE_TYPE].data[0]) { 71602e02bd5Skrw case DHCPOFFER: 71702e02bd5Skrw handler = dhcpoffer; 71802e02bd5Skrw type = "DHCPOFFER"; 71902e02bd5Skrw break; 72002e02bd5Skrw case DHCPNAK: 72102e02bd5Skrw handler = dhcpnak; 72202e02bd5Skrw type = "DHCPNACK"; 72302e02bd5Skrw break; 72402e02bd5Skrw case DHCPACK: 72502e02bd5Skrw handler = dhcpack; 72602e02bd5Skrw type = "DHCPACK"; 72702e02bd5Skrw break; 72802e02bd5Skrw default: 729aff84b99Skrw #ifdef DEBUG 730833082e5Skrw log_debug("Discarding DHCP packet of unknown type " 731833082e5Skrw "(%d)", options[DHO_DHCP_MESSAGE_TYPE].data[0]); 73268c1ec45Skrw #endif /* DEBUG */ 73302e02bd5Skrw break; 73402e02bd5Skrw } 73502e02bd5Skrw } else if (options_valid && packet->op == BOOTREPLY) { 73602e02bd5Skrw handler = dhcpoffer; 73702e02bd5Skrw type = "BOOTREPLY"; 738aff84b99Skrw } else { 739aff84b99Skrw #ifdef DEBUG 740385a6373Skrw log_debug("Discarding packet which is neither DHCP nor BOOTP"); 74168c1ec45Skrw #endif /* DEBUG */ 74202e02bd5Skrw } 7439a2590e5Sderaadt 7446896c986Skrw rslt = asprintf(&info, "%s from %s (%s)", type, inet_ntoa(from), 745393831bbSkrw ether_ntoa(hfrom)); 7466896c986Skrw if (rslt == -1) 747385a6373Skrw fatalx("no memory for info string"); 7486896c986Skrw 74902e02bd5Skrw if (handler) 75033b81fd8Smpi (*handler)(ifi, from, options, info); 7516896c986Skrw 7526896c986Skrw free(info); 75302e02bd5Skrw 75418d08eb0Skrw done: 755c714dadcShenning for (i = 0; i < 256; i++) 7564f062ee3Skrw free(options[i].data); 7579a2590e5Sderaadt } 758