Annotation of embedaddon/coova-chilli/src/dhcp.c, revision 1.1
1.1 ! misho 1: /*
! 2: * DHCP library functions.
! 3: * Copyright (C) 2003, 2004, 2005, 2006 Mondru AB.
! 4: * Copyright (c) 2006-2008 David Bird <david@coova.com>
! 5: *
! 6: * The contents of this file may be used under the terms of the GNU
! 7: * General Public License Version 2, provided that the above copyright
! 8: * notice and this permission notice is included in all copies or
! 9: * substantial portions of the software.
! 10: *
! 11: */
! 12:
! 13: #include "system.h"
! 14: #include "syserr.h"
! 15: #include "radius.h"
! 16: #include "radius_wispr.h"
! 17: #include "radius_chillispot.h"
! 18: #include "redir.h"
! 19: #include "md5.h"
! 20: #include "dhcp.h"
! 21: #include "dns.h"
! 22: #include "tun.h"
! 23: #include "chilli.h"
! 24: #include "options.h"
! 25: #include "ippool.h"
! 26: #include "lookup.h"
! 27:
! 28: const uint32_t DHCP_OPTION_MAGIC = 0x63825363;
! 29:
! 30: #ifdef NAIVE
! 31: const static int paranoid = 0; /* Trust that the program has no bugs */
! 32: #else
! 33: const static int paranoid = 0; /* Check for errors which cannot happen */
! 34: #endif
! 35:
! 36: extern time_t mainclock;
! 37:
! 38: char *dhcp_state2name(int authstate) {
! 39: switch(authstate) {
! 40: case DHCP_AUTH_NONE: return "none";
! 41: case DHCP_AUTH_DROP: return "drop";
! 42: case DHCP_AUTH_PASS: return "pass";
! 43: case DHCP_AUTH_DNAT: return "dnat";
! 44: case DHCP_AUTH_SPLASH: return "splash";
! 45: default: return "unknown";
! 46: }
! 47: }
! 48:
! 49: void dhcp_list(struct dhcp_t *this, bstring s, bstring pre, bstring post, int listfmt) {
! 50: struct dhcp_conn_t *conn = this->firstusedconn;
! 51: if (listfmt == LIST_JSON_FMT) {
! 52: bcatcstr(s, "{ \"sessions\":[");
! 53: }
! 54: while (conn) {
! 55: if (pre) bconcat(s, pre);
! 56: dhcp_print(this, s, listfmt, conn);
! 57: if (post) bconcat(s, post);
! 58: conn = conn->next;
! 59: }
! 60: if (listfmt == LIST_JSON_FMT) {
! 61: bcatcstr(s, "]}");
! 62: }
! 63: }
! 64:
! 65: void dhcp_print(struct dhcp_t *this, bstring s, int listfmt, struct dhcp_conn_t *conn) {
! 66: struct app_conn_t *appconn = (struct app_conn_t *)conn->peer;
! 67: bstring b = bfromcstr("");
! 68: bstring tmp = bfromcstr("");
! 69:
! 70: if (conn && conn->inuse) {
! 71:
! 72: if (listfmt == LIST_JSON_FMT) {
! 73:
! 74: if (conn != this->firstusedconn)
! 75: bcatcstr(b, ",");
! 76:
! 77: bcatcstr(b, "{");
! 78:
! 79: if (appconn) {
! 80: bcatcstr(b, "\"nasPort\":");
! 81: bassignformat(tmp, "%d", appconn->unit);
! 82: bconcat(b, tmp);
! 83: bcatcstr(b, ",\"clientState\":");
! 84: bassignformat(tmp, "%d", appconn->s_state.authenticated);
! 85: bconcat(b, tmp);
! 86: bcatcstr(b, ",\"macAddress\":\"");
! 87: bassignformat(tmp, "%.2X-%.2X-%.2X-%.2X-%.2X-%.2X",
! 88: conn->hismac[0], conn->hismac[1], conn->hismac[2],
! 89: conn->hismac[3], conn->hismac[4], conn->hismac[5]);
! 90: bconcat(b, tmp);
! 91: bcatcstr(b, "\",\"ipAddress\":\"");
! 92: bcatcstr(b, inet_ntoa(conn->hisip));
! 93: bcatcstr(b, "\"");
! 94: }
! 95:
! 96: } else {
! 97:
! 98: bassignformat(b, "%.2X-%.2X-%.2X-%.2X-%.2X-%.2X %s %s",
! 99: conn->hismac[0], conn->hismac[1], conn->hismac[2],
! 100: conn->hismac[3], conn->hismac[4], conn->hismac[5],
! 101: inet_ntoa(conn->hisip), dhcp_state2name(conn->authstate));
! 102:
! 103: }
! 104:
! 105: if (listfmt && this->cb_getinfo)
! 106: this->cb_getinfo(conn, b, listfmt);
! 107:
! 108: if (listfmt == LIST_JSON_FMT)
! 109: bcatcstr(b, "}");
! 110: else
! 111: bcatcstr(b, "\n");
! 112:
! 113: bconcat(s, b);
! 114: }
! 115:
! 116: bdestroy(b);
! 117: bdestroy(tmp);
! 118: }
! 119:
! 120: void dhcp_release_mac(struct dhcp_t *this, uint8_t *hwaddr, int term_cause) {
! 121: struct dhcp_conn_t *conn;
! 122: if (!dhcp_hashget(this, &conn, hwaddr)) {
! 123: dhcp_freeconn(conn, term_cause);
! 124: }
! 125: }
! 126:
! 127: int dhcp_send(struct dhcp_t *this, struct _net_interface *netif,
! 128: unsigned char *hismac, void *packet, size_t length) {
! 129: #if defined(__linux__)
! 130: struct sockaddr_ll dest;
! 131:
! 132: memset(&dest, 0, sizeof(dest));
! 133: dest.sll_family = AF_PACKET;
! 134: dest.sll_protocol = htons(netif->protocol);
! 135: dest.sll_ifindex = netif->ifindex;
! 136: dest.sll_halen = PKT_ETH_ALEN;
! 137: memcpy(dest.sll_addr, hismac, PKT_ETH_ALEN);
! 138:
! 139: if (sendto(netif->fd, packet, length, 0, (struct sockaddr *)&dest, sizeof(dest)) < 0) {
! 140: #ifdef ENETDOWN
! 141: if (errno == ENETDOWN) {
! 142: net_reopen(netif);
! 143: }
! 144: #endif
! 145: #ifdef ENXIO
! 146: if (errno == ENXIO) {
! 147: net_reopen(netif);
! 148: }
! 149: #endif
! 150: log_err(errno, "sendto(fd=%d, len=%d) failed", netif->fd, length);
! 151: return -1;
! 152: }
! 153: #elif defined (__FreeBSD__) || defined (__APPLE__) || defined (__OpenBSD__) || defined (__NetBSD__)
! 154: if (write(netif->fd, packet, length) < 0) {
! 155: log_err(errno, "write() failed");
! 156: return -1;
! 157: }
! 158: #endif
! 159: return 0;
! 160: }
! 161:
! 162:
! 163: /**
! 164: * dhcp_hash()
! 165: * Generates a 32 bit hash based on a mac address
! 166: **/
! 167: uint32_t dhcp_hash(uint8_t *hwaddr) {
! 168: return lookup(hwaddr, PKT_ETH_ALEN, 0);
! 169: }
! 170:
! 171:
! 172: /**
! 173: * dhcp_hashinit()
! 174: * Initialises hash tables
! 175: **/
! 176: int dhcp_hashinit(struct dhcp_t *this, int listsize) {
! 177: /* Determine hashlog */
! 178: for ((this)->hashlog = 0;
! 179: ((1 << (this)->hashlog) < listsize);
! 180: (this)->hashlog++);
! 181:
! 182: /* Determine hashsize */
! 183: (this)->hashsize = 1 << (this)->hashlog;
! 184: (this)->hashmask = (this)->hashsize -1;
! 185:
! 186: /* Allocate hash table */
! 187: if (!((this)->hash = calloc(sizeof(struct dhcp_conn_t), (this)->hashsize))){
! 188: /* Failed to allocate memory for hash members */
! 189: return -1;
! 190: }
! 191: return 0;
! 192: }
! 193:
! 194:
! 195: /**
! 196: * dhcp_hashadd()
! 197: * Adds a connection to the hash table
! 198: **/
! 199: int dhcp_hashadd(struct dhcp_t *this, struct dhcp_conn_t *conn) {
! 200: uint32_t hash;
! 201: struct dhcp_conn_t *p;
! 202: struct dhcp_conn_t *p_prev = NULL;
! 203:
! 204: /* Insert into hash table */
! 205: hash = dhcp_hash(conn->hismac) & this->hashmask;
! 206: for (p = this->hash[hash]; p; p = p->nexthash)
! 207: p_prev = p;
! 208: if (!p_prev)
! 209: this->hash[hash] = conn;
! 210: else
! 211: p_prev->nexthash = conn;
! 212: return 0; /* Always OK to insert */
! 213: }
! 214:
! 215:
! 216: /**
! 217: * dhcp_hashdel()
! 218: * Removes a connection from the hash table
! 219: **/
! 220: int dhcp_hashdel(struct dhcp_t *this, struct dhcp_conn_t *conn) {
! 221: uint32_t hash;
! 222: struct dhcp_conn_t *p;
! 223: struct dhcp_conn_t *p_prev = NULL;
! 224:
! 225: /* Find in hash table */
! 226: hash = dhcp_hash(conn->hismac) & this->hashmask;
! 227: for (p = this->hash[hash]; p; p = p->nexthash) {
! 228: if (p == conn) {
! 229: break;
! 230: }
! 231: p_prev = p;
! 232: }
! 233:
! 234: if ((paranoid) && (p!= conn)) {
! 235: log_err(0, "Tried to delete connection not in hash table");
! 236: }
! 237:
! 238: if (!p_prev)
! 239: this->hash[hash] = p->nexthash;
! 240: else
! 241: p_prev->nexthash = p->nexthash;
! 242:
! 243: return 0;
! 244: }
! 245:
! 246:
! 247: /**
! 248: * dhcp_hashget()
! 249: * Uses the hash tables to find a connection based on the mac address.
! 250: * Returns -1 if not found.
! 251: **/
! 252: int dhcp_hashget(struct dhcp_t *this, struct dhcp_conn_t **conn,
! 253: uint8_t *hwaddr) {
! 254: struct dhcp_conn_t *p;
! 255: uint32_t hash;
! 256:
! 257: /* Find in hash table */
! 258: hash = dhcp_hash(hwaddr) & this->hashmask;
! 259: for (p = this->hash[hash]; p; p = p->nexthash) {
! 260: if ((!memcmp(p->hismac, hwaddr, PKT_ETH_ALEN)) && (p->inuse)) {
! 261: *conn = p;
! 262: return 0;
! 263: }
! 264: }
! 265: *conn = NULL;
! 266: return -1; /* Address could not be found */
! 267: }
! 268:
! 269:
! 270: /**
! 271: * dhcp_validate()
! 272: * Valides reference structures of connections.
! 273: * Returns the number of active connections
! 274: **/
! 275: int dhcp_validate(struct dhcp_t *this)
! 276: {
! 277: int used = 0;
! 278: int unused = 0;
! 279: struct dhcp_conn_t *conn;
! 280: struct dhcp_conn_t *hash_conn;
! 281:
! 282: /* Count the number of used connections */
! 283: conn = this->firstusedconn;
! 284: while (conn) {
! 285:
! 286: if (!conn->inuse) {
! 287: log_err(0, "Connection with inuse == 0!");
! 288: }
! 289:
! 290: dhcp_hashget(this, &hash_conn, conn->hismac);
! 291:
! 292: if (conn != hash_conn) {
! 293: log_err(0, "Connection could not be found by hashget!");
! 294: }
! 295:
! 296: used ++;
! 297: conn = conn->next;
! 298: }
! 299:
! 300: /* Count the number of unused connections */
! 301: conn = this->firstfreeconn;
! 302: while (conn) {
! 303: if (conn->inuse) {
! 304: log_err(0, "Connection with inuse != 0!");
! 305: }
! 306: unused ++;
! 307: conn = conn->next;
! 308: }
! 309:
! 310: if (this->numconn != (used + unused)) {
! 311: log_err(0, "The number of free and unused connections does not match!");
! 312: if (this->debug) {
! 313: log_dbg("used %d unused %d", used, unused);
! 314: conn = this->firstusedconn;
! 315: while (conn) {
! 316: log_dbg("%.2x:%.2x:%.2x:%.2x:%.2x:%.2x",
! 317: conn->hismac[0], conn->hismac[1], conn->hismac[2],
! 318: conn->hismac[3], conn->hismac[4], conn->hismac[5]);
! 319: conn = conn->next;
! 320: }
! 321: }
! 322: }
! 323:
! 324: return used;
! 325: }
! 326:
! 327:
! 328: /**
! 329: * dhcp_initconn()
! 330: * Initialises connection references
! 331: **/
! 332: int dhcp_initconn(struct dhcp_t *this)
! 333: {
! 334: int n;
! 335: this->firstusedconn = NULL; /* Redundant */
! 336: this->lastusedconn = NULL; /* Redundant */
! 337:
! 338: for (n=0; n<this->numconn; n++) {
! 339: this->conn[n].inuse = 0; /* Redundant */
! 340: if (n == 0) {
! 341: this->conn[n].prev = NULL; /* Redundant */
! 342: this->firstfreeconn = &this->conn[n];
! 343:
! 344: }
! 345: else {
! 346: this->conn[n].prev = &this->conn[n-1];
! 347: this->conn[n-1].next = &this->conn[n];
! 348: }
! 349: if (n == (this->numconn-1)) {
! 350: this->conn[n].next = NULL; /* Redundant */
! 351: this->lastfreeconn = &this->conn[n];
! 352: }
! 353: }
! 354:
! 355: if (paranoid) dhcp_validate(this);
! 356:
! 357: return 0;
! 358: }
! 359:
! 360: /**
! 361: * dhcp_newconn()
! 362: * Allocates a new connection from the pool.
! 363: * Returns -1 if unsuccessful.
! 364: **/
! 365: int dhcp_newconn(struct dhcp_t *this,
! 366: struct dhcp_conn_t **conn,
! 367: uint8_t *hwaddr)
! 368: {
! 369:
! 370: if (this->debug)
! 371: log_dbg("DHCP newconn: %.2x:%.2x:%.2x:%.2x:%.2x:%.2x",
! 372: hwaddr[0], hwaddr[1], hwaddr[2],
! 373: hwaddr[3], hwaddr[4], hwaddr[5]);
! 374:
! 375:
! 376: if (!this->firstfreeconn) {
! 377: log_err(0, "Out of free connections");
! 378: return -1;
! 379: }
! 380:
! 381: *conn = this->firstfreeconn;
! 382:
! 383: /* Remove from link of free */
! 384: if (this->firstfreeconn->next) {
! 385: this->firstfreeconn->next->prev = NULL;
! 386: this->firstfreeconn = this->firstfreeconn->next;
! 387: }
! 388: else { /* Took the last one */
! 389: this->firstfreeconn = NULL;
! 390: this->lastfreeconn = NULL;
! 391: }
! 392:
! 393: /* Initialise structures */
! 394: memset(*conn, 0, sizeof(**conn));
! 395:
! 396: /* Insert into link of used */
! 397: if (this->firstusedconn) {
! 398: this->firstusedconn->prev = *conn;
! 399: (*conn)->next = this->firstusedconn;
! 400: }
! 401: else { /* First insert */
! 402: this->lastusedconn = *conn;
! 403: }
! 404:
! 405: this->firstusedconn = *conn;
! 406:
! 407: (*conn)->inuse = 1;
! 408: (*conn)->parent = this;
! 409:
! 410: /* Application specific initialisations */
! 411: memcpy((*conn)->hismac, hwaddr, PKT_ETH_ALEN);
! 412: memcpy((*conn)->ourmac, this->ipif.hwaddr, PKT_ETH_ALEN);
! 413: (*conn)->lasttime = mainclock;
! 414:
! 415: dhcp_hashadd(this, *conn);
! 416:
! 417: if (paranoid) dhcp_validate(this);
! 418:
! 419: /* Inform application that connection was created */
! 420: if (this->cb_connect)
! 421: this->cb_connect(*conn);
! 422:
! 423: return 0; /* Success */
! 424: }
! 425:
! 426:
! 427: /**
! 428: * dhcp_freeconn()
! 429: * Returns a connection to the pool.
! 430: **/
! 431: int dhcp_freeconn(struct dhcp_conn_t *conn, int term_cause)
! 432: {
! 433: /* TODO: Always returns success? */
! 434:
! 435: struct dhcp_t *this = conn->parent;
! 436:
! 437: /* Tell application that we disconnected */
! 438: if (this->cb_disconnect)
! 439: this->cb_disconnect(conn, term_cause);
! 440:
! 441: if (this->debug)
! 442: log_dbg("DHCP freeconn: %.2x:%.2x:%.2x:%.2x:%.2x:%.2x",
! 443: conn->hismac[0], conn->hismac[1], conn->hismac[2],
! 444: conn->hismac[3], conn->hismac[4], conn->hismac[5]);
! 445:
! 446:
! 447: /* Application specific code */
! 448: /* First remove from hash table */
! 449: dhcp_hashdel(this, conn);
! 450:
! 451: /* Remove from link of used */
! 452: if ((conn->next) && (conn->prev)) {
! 453: conn->next->prev = conn->prev;
! 454: conn->prev->next = conn->next;
! 455: }
! 456: else if (conn->next) { /* && prev == 0 */
! 457: conn->next->prev = NULL;
! 458: this->firstusedconn = conn->next;
! 459: }
! 460: else if (conn->prev) { /* && next == 0 */
! 461: conn->prev->next = NULL;
! 462: this->lastusedconn = conn->prev;
! 463: }
! 464: else { /* if ((next == 0) && (prev == 0)) */
! 465: this->firstusedconn = NULL;
! 466: this->lastusedconn = NULL;
! 467: }
! 468:
! 469: /* Initialise structures */
! 470: memset(conn, 0, sizeof(*conn));
! 471:
! 472: /* Insert into link of free */
! 473: if (this->firstfreeconn) {
! 474: this->firstfreeconn->prev = conn;
! 475: }
! 476: else { /* First insert */
! 477: this->lastfreeconn = conn;
! 478: }
! 479:
! 480: conn->next = this->firstfreeconn;
! 481: this->firstfreeconn = conn;
! 482:
! 483: if (paranoid) dhcp_validate(this);
! 484:
! 485: return 0;
! 486: }
! 487:
! 488:
! 489: /**
! 490: * dhcp_checkconn()
! 491: * Checks connections to see if the lease has expired
! 492: **/
! 493: int dhcp_checkconn(struct dhcp_t *this)
! 494: {
! 495: struct dhcp_conn_t *conn;
! 496: time_t now = mainclock;
! 497:
! 498: now -= this->lease;
! 499: conn = this->firstusedconn;
! 500: while (conn) {
! 501: if (now > conn->lasttime) {
! 502: if (this->debug)
! 503: log_dbg("DHCP timeout: Removing connection");
! 504: dhcp_freeconn(conn, RADIUS_TERMINATE_CAUSE_LOST_CARRIER);
! 505: return 0; /* Returning after first deletion */
! 506: }
! 507: conn = conn->next;
! 508: }
! 509: return 0;
! 510: }
! 511:
! 512: /**
! 513: * dhcp_new()
! 514: * Allocates a new instance of the library
! 515: **/
! 516:
! 517: int
! 518: dhcp_new(struct dhcp_t **pdhcp, int numconn, char *interface,
! 519: int usemac, uint8_t *mac, int promisc,
! 520: struct in_addr *listen, int lease, int allowdyn,
! 521: struct in_addr *uamlisten, uint16_t uamport, int useeapol) {
! 522: struct dhcp_t *dhcp;
! 523:
! 524: if (!(dhcp = *pdhcp = calloc(sizeof(struct dhcp_t), 1))) {
! 525: log_err(0, "calloc() failed");
! 526: return -1;
! 527: }
! 528:
! 529: dhcp->numconn = numconn;
! 530:
! 531: if (!(dhcp->conn = calloc(sizeof(struct dhcp_conn_t), numconn))) {
! 532: log_err(0, "calloc() failed");
! 533: free(dhcp);
! 534: return -1;
! 535: }
! 536:
! 537: dhcp_initconn(dhcp);
! 538:
! 539: if (net_init(&dhcp->ipif, interface, PKT_ETH_PROTO_IP, promisc, usemac ? mac : 0) < 0) {
! 540: free(dhcp->conn);
! 541: free(dhcp);
! 542: return -1;
! 543: }
! 544:
! 545: #if defined (__FreeBSD__) || defined (__APPLE__) || defined (__OpenBSD__)
! 546: {
! 547: int blen=0;
! 548: if (ioctl(dhcp->ipif.fd, BIOCGBLEN, &blen) < 0) {
! 549: log_err(errno,"ioctl() failed!");
! 550: }
! 551: dhcp->rbuf_max = blen;
! 552: if (!(dhcp->rbuf = calloc(dhcp->rbuf_max, 1))) {
! 553: /* TODO: Free malloc */
! 554: log_err(errno, "malloc() failed");
! 555: }
! 556: dhcp->rbuf_offset = 0;
! 557: dhcp->rbuf_len = 0;
! 558: }
! 559: #endif
! 560:
! 561: if (net_init(&dhcp->arpif, interface, PKT_ETH_PROTO_ARP, promisc, usemac ? mac : 0) < 0) {
! 562: close(dhcp->ipif.fd);
! 563: free(dhcp->conn);
! 564: free(dhcp);
! 565: return -1; /* Error reporting done in dhcp_open_eth */
! 566: }
! 567:
! 568: if (useeapol) {
! 569: if (net_init(&dhcp->eapif, interface, PKT_ETH_PROTO_EAPOL, promisc, usemac ? mac : 0) < 0) {
! 570: close(dhcp->ipif.fd);
! 571: close(dhcp->arpif.fd);
! 572: free(dhcp->conn);
! 573: free(dhcp);
! 574: return -1; /* Error reporting done in eapol_open_eth */
! 575: }
! 576: }
! 577:
! 578: if (options.dhcpgwip.s_addr != 0) {
! 579: int fd;
! 580: struct sockaddr_in addr;
! 581: int on = 1;
! 582:
! 583: memset(&addr, 0, sizeof(addr));
! 584: addr.sin_family = AF_INET;
! 585: addr.sin_addr.s_addr = htonl(INADDR_ANY);
! 586: addr.sin_port = htons(68);
! 587:
! 588: if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0 ||
! 589: bind(fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
! 590: log_err(errno, "socket or bind failed for dhcp relay!");
! 591: close(dhcp->ipif.fd);
! 592: close(dhcp->arpif.fd);
! 593: close(dhcp->eapif.fd);
! 594: free(dhcp->conn);
! 595: free(dhcp);
! 596: close(fd);
! 597: return -1;
! 598: }
! 599:
! 600: if (setsockopt(dhcp->relayfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0) {
! 601: log_err(errno, "Can't set reuse option");
! 602: }
! 603:
! 604: dhcp->relayfd = fd;
! 605: }
! 606:
! 607: if (dhcp_hashinit(dhcp, dhcp->numconn))
! 608: return -1; /* Failed to allocate hash tables */
! 609:
! 610: /* Initialise various variables */
! 611: dhcp->ourip.s_addr = listen->s_addr;
! 612: dhcp->lease = lease;
! 613: dhcp->allowdyn = allowdyn;
! 614: dhcp->uamlisten.s_addr = uamlisten->s_addr;
! 615: dhcp->uamport = uamport;
! 616:
! 617: /* Initialise call back functions */
! 618: dhcp->cb_data_ind = 0;
! 619: dhcp->cb_eap_ind = 0;
! 620: dhcp->cb_request = 0;
! 621: dhcp->cb_disconnect = 0;
! 622: dhcp->cb_connect = 0;
! 623:
! 624: return 0;
! 625: }
! 626:
! 627: /**
! 628: * dhcp_se()
! 629: * Set dhcp parameters which can be altered at runtime.
! 630: **/
! 631: int
! 632: dhcp_set(struct dhcp_t *dhcp, int debug) {
! 633: dhcp->debug = debug;
! 634: dhcp->anydns = options.uamanydns;
! 635:
! 636: /* Copy list of uamserver IP addresses */
! 637: if (dhcp->authip) free(dhcp->authip);
! 638: dhcp->authiplen = options.uamserverlen;
! 639:
! 640: if (!(dhcp->authip = calloc(sizeof(struct in_addr), options.uamserverlen))) {
! 641: log_err(0, "calloc() failed");
! 642: dhcp->authip = 0;
! 643: return -1;
! 644: }
! 645:
! 646: memcpy(dhcp->authip, &options.uamserver, sizeof(struct in_addr) * options.uamserverlen);
! 647:
! 648: return 0;
! 649: }
! 650:
! 651: /**
! 652: * dhcp_free()
! 653: * Releases ressources allocated to the instance of the library
! 654: **/
! 655: int dhcp_free(struct dhcp_t *dhcp) {
! 656: if (dhcp->hash) free(dhcp->hash);
! 657: if (dhcp->authip) free(dhcp->authip);
! 658: dev_set_flags(dhcp->ipif.devname, dhcp->ipif.devflags);
! 659: net_close(&dhcp->ipif);
! 660: net_close(&dhcp->arpif);
! 661: net_close(&dhcp->eapif);
! 662: free(dhcp->conn);
! 663: free(dhcp);
! 664: return 0;
! 665: }
! 666:
! 667: /**
! 668: * dhcp_timeout()
! 669: * Need to call this function at regular intervals to clean up old connections.
! 670: **/
! 671: int
! 672: dhcp_timeout(struct dhcp_t *this)
! 673: {
! 674: if (paranoid)
! 675: dhcp_validate(this);
! 676:
! 677: dhcp_checkconn(this);
! 678:
! 679: return 0;
! 680: }
! 681:
! 682: /**
! 683: * dhcp_timeleft()
! 684: * Use this function to find out when to call dhcp_timeout()
! 685: * If service is needed after the value given by tvp then tvp
! 686: * is left unchanged.
! 687: **/
! 688: struct timeval* dhcp_timeleft(struct dhcp_t *this, struct timeval *tvp) {
! 689: return tvp;
! 690: }
! 691:
! 692: int check_garden(pass_through *ptlist, int ptcnt, struct pkt_ippacket_t *pack, int dst) {
! 693: struct pkt_tcphdr_t *tcph = (struct pkt_tcphdr_t *)pack->payload;
! 694: struct pkt_udphdr_t *udph = (struct pkt_udphdr_t *)pack->payload;
! 695: pass_through *pt;
! 696: int i;
! 697:
! 698: for (i = 0; i < ptcnt; i++) {
! 699: pt = &ptlist[i];
! 700: if (pt->proto == 0 || pack->iph.protocol == pt->proto)
! 701: if (pt->host.s_addr == 0 ||
! 702: pt->host.s_addr == ((dst ? pack->iph.daddr : pack->iph.saddr) & pt->mask.s_addr))
! 703: if (pt->port == 0 ||
! 704: (pack->iph.protocol == PKT_IP_PROTO_TCP && (dst ? tcph->dst : tcph->src) == htons(pt->port)) ||
! 705: (pack->iph.protocol == PKT_IP_PROTO_UDP && (dst ? udph->dst : udph->src) == htons(pt->port)))
! 706: return 1;
! 707: }
! 708:
! 709: return 0;
! 710: }
! 711:
! 712: static
! 713: int dhcp_nakDNS(struct dhcp_conn_t *conn, struct pkt_ippacket_t *pack, size_t len) {
! 714: struct dhcp_t *this = conn->parent;
! 715: struct pkt_udphdr_t *udph = (struct pkt_udphdr_t *)pack->payload;
! 716: struct dns_packet_t *dnsp = (struct dns_packet_t *)((char*)pack->payload + sizeof(struct pkt_udphdr_t));
! 717: struct dns_fullpacket_t answer;
! 718:
! 719: memcpy(&answer, pack, len);
! 720:
! 721: /* DNS response, with no host error code */
! 722: answer.dns.flags = htons(0x8583);
! 723:
! 724: /* UDP */
! 725: answer.udph.src = udph->dst;
! 726: answer.udph.dst = udph->src;
! 727:
! 728: /* IP */
! 729: answer.iph.check = 0; /* Calculate at end of packet */
! 730: memcpy(&answer.iph.daddr, &pack->iph.saddr, PKT_IP_ALEN);
! 731: memcpy(&answer.iph.saddr, &pack->iph.daddr, PKT_IP_ALEN);
! 732:
! 733: /* Ethernet */
! 734: memcpy(&answer.ethh.dst, &pack->ethh.src, PKT_ETH_ALEN);
! 735: memcpy(&answer.ethh.src, &pack->ethh.dst, PKT_ETH_ALEN);
! 736: answer.ethh.prot = htons(PKT_ETH_PROTO_IP);
! 737:
! 738: /* checksums */
! 739: chksum(&answer.iph);
! 740:
! 741: dhcp_send(this, &this->ipif, conn->hismac, &answer, len);
! 742:
! 743: return 0;
! 744: }
! 745:
! 746: static
! 747: int _filterDNSreq(struct dhcp_conn_t *conn, struct pkt_ippacket_t *pack, size_t plen) {
! 748: /*struct dhcp_udphdr_t *udph = (struct dhcp_udphdr_t*)pack->payload;*/
! 749: struct dns_packet_t *dnsp = (struct dns_packet_t *)((char*)pack->payload + sizeof(struct pkt_udphdr_t));
! 750: size_t len = plen - DHCP_DNS_HLEN - PKT_UDP_HLEN - PKT_IP_HLEN - PKT_ETH_HLEN;
! 751: size_t olen = len;
! 752:
! 753: uint16_t id = ntohs(dnsp->id);
! 754: uint16_t flags = ntohs(dnsp->flags);
! 755: uint16_t qdcount = ntohs(dnsp->qdcount);
! 756: uint16_t ancount = ntohs(dnsp->ancount);
! 757: uint16_t nscount = ntohs(dnsp->nscount);
! 758: uint16_t arcount = ntohs(dnsp->arcount);
! 759:
! 760: uint8_t *p_pkt = (uint8_t *)dnsp->records;
! 761: char q[256];
! 762:
! 763: int d = options.debug; /* XXX: debug */
! 764: int i;
! 765:
! 766: if (d) log_dbg("DNS ID: %d", id);
! 767: if (d) log_dbg("DNS Flags: %d", flags);
! 768:
! 769: /* it was a response? shouldn't be */
! 770: /*if (((flags & 0x8000) >> 15) == 1) return 0;*/
! 771:
! 772: memset(q,0,sizeof(q));
! 773:
! 774: #undef copyres
! 775: #define copyres(isq,n) \
! 776: if (d) log_dbg(#n ": %d", n ## count); \
! 777: for (i=0; i < n ## count; i++) \
! 778: if (dns_copy_res(isq, &p_pkt, &len, \
! 779: (uint8_t *)dnsp, olen, \
! 780: q, sizeof(q))) \
! 781: return dhcp_nakDNS(conn,pack,plen)
! 782:
! 783: copyres(1,qd);
! 784: copyres(0,an);
! 785: copyres(0,ns);
! 786: copyres(0,ar);
! 787:
! 788: if (d) log_dbg("left (should be zero): %d", len);
! 789:
! 790: return 1;
! 791: }
! 792:
! 793: static
! 794: int _filterDNSresp(struct dhcp_conn_t *conn, struct pkt_ippacket_t *pack, size_t plen) {
! 795: /*struct dhcp_udphdr_t *udph = (struct dhcp_udphdr_t*)pack->payload;*/
! 796: struct dns_packet_t *dnsp = (struct dns_packet_t *)((char*)pack->payload + sizeof(struct pkt_udphdr_t));
! 797: size_t len = plen - DHCP_DNS_HLEN - PKT_UDP_HLEN - PKT_IP_HLEN - PKT_ETH_HLEN;
! 798: size_t olen = len;
! 799:
! 800: uint16_t id = ntohs(dnsp->id);
! 801: uint16_t flags = ntohs(dnsp->flags);
! 802: uint16_t qdcount = ntohs(dnsp->qdcount);
! 803: uint16_t ancount = ntohs(dnsp->ancount);
! 804: uint16_t nscount = ntohs(dnsp->nscount);
! 805: uint16_t arcount = ntohs(dnsp->arcount);
! 806:
! 807: uint8_t *p_pkt = (uint8_t *)dnsp->records;
! 808: char q[256];
! 809:
! 810: int d = options.debug; /* XXX: debug */
! 811: int i;
! 812:
! 813: if (d) log_dbg("DNS ID: %d", id);
! 814: if (d) log_dbg("DNS Flags: %d", flags);
! 815:
! 816: /* it was a query? shouldn't be */
! 817: if (((flags & 0x8000) >> 15) == 0) return 0;
! 818:
! 819: memset(q,0,sizeof(q));
! 820:
! 821: #undef copyres
! 822: #define copyres(isq,n) \
! 823: if (d) log_dbg(#n ": %d", n ## count); \
! 824: for (i=0; i < n ## count; i++) \
! 825: dns_copy_res(isq, &p_pkt, &len, \
! 826: (uint8_t *)dnsp, olen, \
! 827: q, sizeof(q))
! 828:
! 829: copyres(1,qd);
! 830: copyres(0,an);
! 831: copyres(0,ns);
! 832: copyres(0,ar);
! 833:
! 834: if (d) log_dbg("left (should be zero): %d", len);
! 835:
! 836: /*
! 837: dnsp->flags = htons(flags);
! 838: dnsp->qdcount = htons(qdcount);
! 839: dnsp->ancount = htons(ancount);
! 840: dnsp->nscount = htons(nscount);
! 841: dnsp->arcount = htons(arcount);
! 842: */
! 843:
! 844: return 1;
! 845: }
! 846:
! 847:
! 848: /**
! 849: * dhcp_doDNAT()
! 850: * Change destination address to authentication server.
! 851: **/
! 852: int dhcp_doDNAT(struct dhcp_conn_t *conn,
! 853: struct pkt_ippacket_t *pack, size_t len) {
! 854: struct dhcp_t *this = conn->parent;
! 855: struct pkt_tcphdr_t *tcph = (struct pkt_tcphdr_t *)pack->payload;
! 856: struct pkt_udphdr_t *udph = (struct pkt_udphdr_t *)pack->payload;
! 857: int i;
! 858:
! 859: /* Allow localhost through network... */
! 860: if (pack->iph.daddr == INADDR_LOOPBACK)
! 861: return 0;
! 862:
! 863: /* Was it an ICMP request for us? */
! 864: if (pack->iph.protocol == PKT_IP_PROTO_ICMP)
! 865: if (pack->iph.daddr == conn->ourip.s_addr)
! 866: return 0;
! 867:
! 868: /* Was it a DNS request? */
! 869: if (((this->anydns) ||
! 870: (pack->iph.daddr == conn->dns1.s_addr) ||
! 871: (pack->iph.daddr == conn->dns2.s_addr)) &&
! 872: (pack->iph.protocol == PKT_IP_PROTO_UDP && udph->dst == htons(DHCP_DNS))) {
! 873: if (options.dnsparanoia) {
! 874: if (_filterDNSreq(conn, pack, len))
! 875: return 0;
! 876: else /* drop */
! 877: return -1;
! 878: } else { /* allow */
! 879: return 0;
! 880: }
! 881: }
! 882:
! 883: /* Was it a request for authentication server? */
! 884: for (i = 0; i<this->authiplen; i++) {
! 885: if ((pack->iph.daddr == this->authip[i].s_addr) /* &&
! 886: (pack->iph.protocol == PKT_IP_PROTO_TCP) &&
! 887: ((tcph->dst == htons(DHCP_HTTP)) ||
! 888: (tcph->dst == htons(DHCP_HTTPS)))*/)
! 889: return 0; /* Destination was authentication server */
! 890: }
! 891:
! 892: /* Was it a request for local redirection server? */
! 893: if ((pack->iph.daddr == this->uamlisten.s_addr) &&
! 894: (pack->iph.protocol == PKT_IP_PROTO_TCP) &&
! 895: (tcph->dst == htons(this->uamport)))
! 896: return 0; /* Destination was local redir server */
! 897:
! 898: /* Was it a request for a pass-through entry? */
! 899: if (check_garden(options.pass_throughs, options.num_pass_throughs, pack, 1))
! 900: return 0;
! 901: /* Check uamdomain driven walled garden */
! 902: if (check_garden(this->pass_throughs, this->num_pass_throughs, pack, 1))
! 903: return 0;
! 904:
! 905: /* Check appconn session specific pass-throughs */
! 906: if (conn->peer) {
! 907: struct app_conn_t *appconn = (struct app_conn_t *)conn->peer;
! 908: if (check_garden(appconn->s_params.pass_throughs, appconn->s_params.pass_through_count, pack, 1))
! 909: return 0;
! 910: }
! 911:
! 912: /* Was it a http request for another server? */
! 913: /* We are changing dest IP and dest port to local UAM server */
! 914: if ((pack->iph.protocol == PKT_IP_PROTO_TCP) &&
! 915: (tcph->dst == htons(DHCP_HTTP))) {
! 916: int n;
! 917: int pos=-1;
! 918:
! 919: for (n=0; n<DHCP_DNAT_MAX; n++) {
! 920: if ((conn->dnatip[n] == pack->iph.daddr) &&
! 921: (conn->dnatport[n] == tcph->src)) {
! 922: pos = n;
! 923: break;
! 924: }
! 925: }
! 926: if (pos==-1) { /* Save for undoing */
! 927: if (options.usetap)
! 928: memcpy(conn->dnatmac[conn->nextdnat], pack->ethh.dst, PKT_ETH_ALEN);
! 929: conn->dnatip[conn->nextdnat] = pack->iph.daddr;
! 930: conn->dnatport[conn->nextdnat] = tcph->src;
! 931: conn->nextdnat = (conn->nextdnat + 1) % DHCP_DNAT_MAX;
! 932: }
! 933:
! 934: if (options.usetap)
! 935: memcpy(pack->ethh.dst, tuntap(tun).hwaddr, PKT_ETH_ALEN);
! 936:
! 937: pack->iph.daddr = this->uamlisten.s_addr;
! 938: tcph->dst = htons(this->uamport);
! 939:
! 940: chksum(&pack->iph);
! 941: return 0;
! 942: }
! 943:
! 944: return -1; /* Something else */
! 945:
! 946: }
! 947:
! 948: int dhcp_postauthDNAT(struct dhcp_conn_t *conn, struct pkt_ippacket_t *pack, size_t len, int isreturn) {
! 949: struct dhcp_t *this = conn->parent;
! 950: struct pkt_tcphdr_t *tcph = (struct pkt_tcphdr_t *)pack->payload;
! 951: /*struct pkt_udphdr_t *udph = (struct pkt_udphdr_t *)pack->payload;*/
! 952:
! 953: if (options.postauth_proxyport > 0) {
! 954: if (isreturn) {
! 955: if ((pack->iph.protocol == PKT_IP_PROTO_TCP) &&
! 956: (pack->iph.saddr == options.postauth_proxyip.s_addr) &&
! 957: (tcph->src == htons(options.postauth_proxyport))) {
! 958: int n;
! 959: for (n=0; n<DHCP_DNAT_MAX; n++) {
! 960: if (tcph->dst == conn->dnatport[n]) {
! 961: if (options.usetap)
! 962: memcpy(pack->ethh.src, conn->dnatmac[n], PKT_ETH_ALEN);
! 963: pack->iph.saddr = conn->dnatip[n];
! 964: tcph->src = htons(DHCP_HTTP);
! 965:
! 966: chksum(&pack->iph);
! 967:
! 968: return 0; /* It was a DNAT reply */
! 969: }
! 970: }
! 971: return 0;
! 972: }
! 973: }
! 974: else {
! 975: if ((pack->iph.protocol == PKT_IP_PROTO_TCP) &&
! 976: (tcph->dst == htons(DHCP_HTTP))) {
! 977:
! 978: int n;
! 979: int pos=-1;
! 980:
! 981: for (n = 0; n<this->authiplen; n++)
! 982: if ((pack->iph.daddr == this->authip[n].s_addr))
! 983: return 0;
! 984:
! 985: for (n=0; n<DHCP_DNAT_MAX; n++) {
! 986: if ((conn->dnatip[n] == pack->iph.daddr) &&
! 987: (conn->dnatport[n] == tcph->src)) {
! 988: pos = n;
! 989: break;
! 990: }
! 991: }
! 992:
! 993: if (pos==-1) { /* Save for undoing */
! 994: if (options.usetap)
! 995: memcpy(conn->dnatmac[conn->nextdnat], pack->ethh.dst, PKT_ETH_ALEN);
! 996: conn->dnatip[conn->nextdnat] = pack->iph.daddr;
! 997: conn->dnatport[conn->nextdnat] = tcph->src;
! 998: conn->nextdnat = (conn->nextdnat + 1) % DHCP_DNAT_MAX;
! 999: }
! 1000:
! 1001: log_dbg("rewriting packet for post-auth proxy %s:%d",
! 1002: inet_ntoa(options.postauth_proxyip),
! 1003: options.postauth_proxyport);
! 1004:
! 1005: pack->iph.daddr = options.postauth_proxyip.s_addr;
! 1006: tcph->dst = htons(options.postauth_proxyport);
! 1007:
! 1008: chksum(&pack->iph);
! 1009:
! 1010: return 0;
! 1011: }
! 1012: }
! 1013: }
! 1014:
! 1015: return -1; /* Something else */
! 1016: }
! 1017:
! 1018: /**
! 1019: * dhcp_undoDNAT()
! 1020: * Change source address back to original server
! 1021: **/
! 1022: int dhcp_undoDNAT(struct dhcp_conn_t *conn, struct pkt_ippacket_t *pack, size_t *plen) {
! 1023: struct dhcp_t *this = conn->parent;
! 1024: struct pkt_tcphdr_t *tcph = (struct pkt_tcphdr_t *)pack->payload;
! 1025: struct pkt_udphdr_t *udph = (struct pkt_udphdr_t *)pack->payload;
! 1026: size_t len = *plen;
! 1027: int i;
! 1028:
! 1029: /* Allow localhost through network... */
! 1030: if (pack->iph.saddr == INADDR_LOOPBACK)
! 1031: return 0;
! 1032:
! 1033: /* Was it a DNS reply? */
! 1034: if (((this->anydns) ||
! 1035: (pack->iph.saddr == conn->dns1.s_addr) ||
! 1036: (pack->iph.saddr == conn->dns2.s_addr)) &&
! 1037: (pack->iph.protocol == PKT_IP_PROTO_UDP && udph->src == htons(DHCP_DNS))) {
! 1038: if (options.uamdomains) {
! 1039: if (_filterDNSresp(conn, pack, *plen))
! 1040: return 0;
! 1041: else
! 1042: return -1; /* drop */
! 1043: } else { /* always let through dns when not filtering */
! 1044: return 0;
! 1045: }
! 1046: }
! 1047:
! 1048: if (pack->iph.protocol == PKT_IP_PROTO_ICMP) {
! 1049: /* Was it an ICMP reply from us? */
! 1050: if (pack->iph.saddr == conn->ourip.s_addr)
! 1051: return 0;
! 1052: /* Allow for MTU negotiation */
! 1053: if (options.debug)
! 1054: log_dbg("Received ICMP type=%d code=%d",
! 1055: (int)pack->payload[0],(int)pack->payload[1]);
! 1056: switch((unsigned char)pack->payload[0]) {
! 1057: case 0: /* echo reply */
! 1058: case 3: /* destination unreachable */
! 1059: case 5: /* redirect */
! 1060: case 11: /* time excedded */
! 1061: switch((unsigned char)pack->payload[1]) {
! 1062: case 4:
! 1063: log(LOG_NOTICE, "Fragmentation needed ICMP");
! 1064: }
! 1065: if (options.debug)
! 1066: log_dbg("Forwarding ICMP to chilli client");
! 1067: return 0;
! 1068: }
! 1069: /* fail all else */
! 1070: return -1;
! 1071: }
! 1072:
! 1073: /*
! 1074: 12:46:20.767600 IP 10.1.0.1.49335 > 68.142.197.198.80: S 1442428713:1442428713(0) win 65535 <mss 1460,sackOK,eol>
! 1075: 12:46:20.768234 IP 10.1.0.10.3990 > 10.1.0.1.49335: S 746818639:746818639(0) ack 1442428714 win 5840 <mss 1460,nop,nop,sackOK>
! 1076: */
! 1077:
! 1078: /* Was it a reply from redir server? */
! 1079: if ((pack->iph.saddr == this->uamlisten.s_addr) &&
! 1080: (pack->iph.protocol == PKT_IP_PROTO_TCP) &&
! 1081: (tcph->src == htons(this->uamport))) {
! 1082: int n;
! 1083:
! 1084: for (n=0; n<DHCP_DNAT_MAX; n++) {
! 1085: if (tcph->dst == conn->dnatport[n]) {
! 1086:
! 1087: if (options.usetap)
! 1088: memcpy(pack->ethh.src, conn->dnatmac[n], PKT_ETH_ALEN);
! 1089:
! 1090: pack->iph.saddr = conn->dnatip[n];
! 1091: tcph->src = htons(DHCP_HTTP);
! 1092:
! 1093: chksum(&pack->iph);
! 1094:
! 1095: return 0; /* It was a DNAT reply */
! 1096: }
! 1097: }
! 1098: return 0; /* It was a normal reply from redir server */
! 1099: }
! 1100:
! 1101: /* Was it a normal http or https reply from authentication server? */
! 1102: /* Was it a normal reply from authentication server? */
! 1103: for (i = 0; i<this->authiplen; i++) {
! 1104: if ((pack->iph.saddr == this->authip[i].s_addr) /* &&
! 1105: (pack->iph.protocol == PKT_IP_PROTO_TCP) &&
! 1106: ((tcph->src == htons(DHCP_HTTP)) ||
! 1107: (tcph->src == htons(DHCP_HTTPS)))*/)
! 1108: return 0; /* Destination was authentication server */
! 1109: }
! 1110:
! 1111: /* Was it a reply for a pass-through entry? */
! 1112: if (check_garden(options.pass_throughs, options.num_pass_throughs, pack, 0))
! 1113: return 0;
! 1114: if (check_garden(this->pass_throughs, this->num_pass_throughs, pack, 0))
! 1115: return 0;
! 1116:
! 1117: /* Check appconn session specific pass-throughs */
! 1118: if (conn->peer) {
! 1119: struct app_conn_t *appconn = (struct app_conn_t *)conn->peer;
! 1120: if (check_garden(appconn->s_params.pass_throughs, appconn->s_params.pass_through_count, pack, 0))
! 1121: return 0;
! 1122: }
! 1123:
! 1124: return -1; /* Something else */
! 1125: }
! 1126:
! 1127: /**
! 1128: * dhcp_checkDNS()
! 1129: * Check if it was request for known domain name.
! 1130: * In case it was a request for a known keyword then
! 1131: * redirect to the login/logout page
! 1132: * 2005-09-19: This stuff is highly experimental.
! 1133: **/
! 1134: int dhcp_checkDNS(struct dhcp_conn_t *conn,
! 1135: struct pkt_ippacket_t *pack, size_t len) {
! 1136:
! 1137: struct dhcp_t *this = conn->parent;
! 1138: struct pkt_udphdr_t *udph = (struct pkt_udphdr_t *)pack->payload;
! 1139: struct dns_packet_t *dnsp = (struct dns_packet_t *)((char*)pack->payload + sizeof(struct pkt_udphdr_t));
! 1140: struct dns_fullpacket_t answer;
! 1141: uint8_t *p1 = NULL;
! 1142: uint8_t *p2 = NULL;
! 1143: size_t length;
! 1144: size_t udp_len;
! 1145: uint8_t query[256];
! 1146: size_t query_len = 0;
! 1147: int n;
! 1148:
! 1149: log_dbg("DNS ID: %d", ntohs(dnsp->id));
! 1150: log_dbg("DNS flags: %d", ntohs(dnsp->flags));
! 1151:
! 1152: if ((ntohs(dnsp->flags) == 0x0100) &&
! 1153: (ntohs(dnsp->qdcount) == 0x0001) &&
! 1154: (ntohs(dnsp->ancount) == 0x0000) &&
! 1155: (ntohs(dnsp->nscount) == 0x0000) &&
! 1156: (ntohs(dnsp->arcount) == 0x0000)) {
! 1157:
! 1158: log_dbg("It was a query %s", dnsp->records);
! 1159:
! 1160: p1 = dnsp->records + 1 + dnsp->records[0];
! 1161: p2 = dnsp->records;
! 1162:
! 1163: do {
! 1164: if (query_len < 256)
! 1165: query[query_len++] = *p2;
! 1166: } while (*p2++ != 0); /* TODO */
! 1167:
! 1168: for (n=0; n<4; n++) {
! 1169: if (query_len < 256)
! 1170: query[query_len++] = *p2++;
! 1171: }
! 1172:
! 1173: query[query_len++] = 0xc0;
! 1174: query[query_len++] = 0x0c;
! 1175: query[query_len++] = 0x00;
! 1176: query[query_len++] = 0x01;
! 1177: query[query_len++] = 0x00;
! 1178: query[query_len++] = 0x01;
! 1179: query[query_len++] = 0x00;
! 1180: query[query_len++] = 0x00;
! 1181: query[query_len++] = 0x01;
! 1182: query[query_len++] = 0x2c;
! 1183: query[query_len++] = 0x00;
! 1184: query[query_len++] = 0x04;
! 1185: memcpy(&query[query_len], &conn->ourip.s_addr, 4);
! 1186: query_len += 4;
! 1187:
! 1188: if (!memcmp(p1,
! 1189: "\3key\12chillispot\3org",
! 1190: sizeof("\3key\12chillispot\3org"))) {
! 1191: log_dbg("It was a matching query %s: \n", dnsp->records);
! 1192: memcpy(&answer, pack, len); /* TODO */
! 1193:
! 1194: /* DNS Header */
! 1195: answer.dns.id = dnsp->id;
! 1196: answer.dns.flags = htons(0x8000);
! 1197: answer.dns.qdcount = htons(0x0001);
! 1198: answer.dns.ancount = htons(0x0001);
! 1199: answer.dns.nscount = htons(0x0000);
! 1200: answer.dns.arcount = htons(0x0000);
! 1201: memcpy(answer.dns.records, query, query_len);
! 1202:
! 1203: /* UDP header */
! 1204: udp_len = query_len + DHCP_DNS_HLEN + PKT_UDP_HLEN;
! 1205: answer.udph.len = htons(udp_len);
! 1206: answer.udph.src = udph->dst;
! 1207: answer.udph.dst = udph->src;
! 1208:
! 1209: /* IP header */
! 1210: answer.iph.version_ihl = PKT_IP_VER_HLEN;
! 1211: answer.iph.tos = 0;
! 1212: answer.iph.tot_len = htons(udp_len + PKT_IP_HLEN);
! 1213: answer.iph.id = 0;
! 1214: answer.iph.frag_off = 0;
! 1215: answer.iph.ttl = 0x10;
! 1216: answer.iph.protocol = 0x11;
! 1217: answer.iph.check = 0; /* Calculate at end of packet */
! 1218: memcpy(&answer.iph.daddr, &pack->iph.saddr, PKT_IP_ALEN);
! 1219: memcpy(&answer.iph.saddr, &pack->iph.saddr, PKT_IP_ALEN);
! 1220:
! 1221: /* Ethernet header */
! 1222: memcpy(&answer.ethh.dst, &pack->ethh.src, PKT_ETH_ALEN);
! 1223: memcpy(&answer.ethh.src, &pack->ethh.dst, PKT_ETH_ALEN);
! 1224: answer.ethh.prot = htons(PKT_ETH_PROTO_IP);
! 1225:
! 1226: /* Work out checksums */
! 1227: chksum(&answer.iph);
! 1228:
! 1229: /* Calculate total length */
! 1230: length = udp_len + PKT_IP_HLEN + PKT_ETH_HLEN;
! 1231:
! 1232: return dhcp_send(this, &this->ipif, conn->hismac, &answer, length);
! 1233: }
! 1234: }
! 1235: return -1; /* Something else */
! 1236: }
! 1237:
! 1238: /**
! 1239: * dhcp_getdefault()
! 1240: * Fill in a DHCP packet with most essential values
! 1241: **/
! 1242: int
! 1243: dhcp_getdefault(struct dhcp_fullpacket_t *pack) {
! 1244:
! 1245: /* Initialise reply packet with request */
! 1246: memset(pack, 0, sizeof(struct dhcp_fullpacket_t));
! 1247:
! 1248: /* DHCP Payload */
! 1249: pack->dhcp.op = DHCP_BOOTREPLY;
! 1250: pack->dhcp.htype = DHCP_HTYPE_ETH;
! 1251: pack->dhcp.hlen = PKT_ETH_ALEN;
! 1252:
! 1253: /* IP header */
! 1254: pack->iph.version_ihl = PKT_IP_VER_HLEN;
! 1255: pack->iph.tos = 0;
! 1256: pack->iph.tot_len = 0; /* Calculate at end of packet */
! 1257: pack->iph.id = 0;
! 1258: pack->iph.frag_off = 0;
! 1259: pack->iph.ttl = 0x10;
! 1260: pack->iph.protocol = 0x11;
! 1261: pack->iph.check = 0; /* Calculate at end of packet */
! 1262:
! 1263: /* Ethernet header */
! 1264: pack->ethh.prot = htons(PKT_ETH_PROTO_IP);
! 1265:
! 1266: return 0;
! 1267: }
! 1268:
! 1269: /**
! 1270: * dhcp_create_pkt()
! 1271: * Create a new typed DHCP packet
! 1272: */
! 1273: int
! 1274: dhcp_create_pkt(uint8_t type, struct dhcp_fullpacket_t *pack,
! 1275: struct dhcp_fullpacket_t *req, struct dhcp_conn_t *conn) {
! 1276: struct dhcp_t *this = conn->parent;
! 1277: int pos = 0;
! 1278:
! 1279: dhcp_getdefault(pack);
! 1280:
! 1281: pack->dhcp.xid = req->dhcp.xid;
! 1282: pack->dhcp.flags[0] = req->dhcp.flags[0];
! 1283: pack->dhcp.flags[1] = req->dhcp.flags[1];
! 1284: pack->dhcp.giaddr = req->dhcp.giaddr;
! 1285:
! 1286: memcpy(&pack->dhcp.chaddr, &req->dhcp.chaddr, DHCP_CHADDR_LEN);
! 1287: memcpy(&pack->dhcp.sname, conn->dhcp_opts.sname, DHCP_SNAME_LEN);
! 1288: memcpy(&pack->dhcp.file, conn->dhcp_opts.file, DHCP_FILE_LEN);
! 1289:
! 1290: log_dbg("!!! dhcp server : %s !!!", pack->dhcp.sname);
! 1291:
! 1292: switch(type) {
! 1293: case DHCPOFFER:
! 1294: pack->dhcp.yiaddr = conn->hisip.s_addr;
! 1295: break;
! 1296: case DHCPACK:
! 1297: pack->dhcp.xid = req->dhcp.xid;
! 1298: pack->dhcp.ciaddr = req->dhcp.ciaddr;
! 1299: pack->dhcp.yiaddr = conn->hisip.s_addr;
! 1300: break;
! 1301: case DHCPNAK:
! 1302: break;
! 1303: }
! 1304:
! 1305: /* Ethernet Header */
! 1306: memcpy(pack->ethh.dst, conn->hismac, PKT_ETH_ALEN);
! 1307: memcpy(pack->ethh.src, this->ipif.hwaddr, PKT_ETH_ALEN);
! 1308:
! 1309: /* UDP and IP Headers */
! 1310: pack->udph.src = htons(DHCP_BOOTPS);
! 1311: pack->iph.saddr = conn->ourip.s_addr;
! 1312:
! 1313: /** http://www.faqs.org/rfcs/rfc1542.html
! 1314: BOOTREQUEST fields BOOTREPLY values for UDP, IP, link-layer
! 1315: +-----------------------+-----------------------------------------+
! 1316: | 'ciaddr' 'giaddr' B | UDP dest IP destination link dest |
! 1317: +-----------------------+-----------------------------------------+
! 1318: | non-zero X X | BOOTPC (68) 'ciaddr' normal |
! 1319: | 0.0.0.0 non-zero X | BOOTPS (67) 'giaddr' normal |
! 1320: | 0.0.0.0 0.0.0.0 0 | BOOTPC (68) 'yiaddr' 'chaddr' |
! 1321: | 0.0.0.0 0.0.0.0 1 | BOOTPC (68) 255.255.255.255 broadcast |
! 1322: +-----------------------+-----------------------------------------+
! 1323:
! 1324: B = BROADCAST flag
! 1325:
! 1326: X = Don't care
! 1327:
! 1328: normal = determine from the given IP destination using normal
! 1329: IP routing mechanisms and/or ARP as for any other
! 1330: normal datagram
! 1331:
! 1332: If the 'giaddr' field in a DHCP message from a client is non-zero,
! 1333: the server sends any return messages to the 'DHCP server' port on the
! 1334: BOOTP relay agent whose address appears in 'giaddr'.
! 1335:
! 1336: If the 'giaddr' field is zero and the 'ciaddr' field is nonzero, then the
! 1337: server unicasts DHCPOFFER and DHCPACK messages to the address in
! 1338: 'ciaddr'.
! 1339:
! 1340: If 'giaddr' is zero and 'ciaddr' is zero, and the broadcast bit is set,
! 1341: then the server broadcasts DHCPOFFER and DHCPACK messages to
! 1342: 0xffffffff.
! 1343:
! 1344: If the broadcast bit is not set and 'giaddr' is zero and 'ciaddr' is
! 1345: zero, then the server unicasts DHCPOFFER and DHCPACK messages to the
! 1346: client's hardware address and 'yiaddr' address.
! 1347:
! 1348: In all cases, when 'giaddr' is zero, the server broadcasts any DHCPNAK
! 1349: messages to 0xffffffff.
! 1350:
! 1351: **/
! 1352:
! 1353: if (req->dhcp.ciaddr) {
! 1354: pack->iph.daddr = req->dhcp.ciaddr;
! 1355: pack->udph.dst = htons(DHCP_BOOTPC);
! 1356: } else if (req->dhcp.giaddr) {
! 1357: pack->iph.daddr = req->dhcp.giaddr;
! 1358: pack->udph.dst = htons(DHCP_BOOTPS);
! 1359: } else if (type == DHCPNAK || req->dhcp.flags[0] & 0x80) {
! 1360: pack->iph.daddr = ~0;
! 1361: pack->udph.dst = htons(DHCP_BOOTPC);
! 1362: pack->dhcp.flags[0] = 0x80;
! 1363: } else {
! 1364: pack->iph.daddr = pack->dhcp.yiaddr;
! 1365: pack->udph.dst = htons(DHCP_BOOTPC);
! 1366: }
! 1367:
! 1368: /* Magic cookie */
! 1369: pack->dhcp.options[pos++] = 0x63;
! 1370: pack->dhcp.options[pos++] = 0x82;
! 1371: pack->dhcp.options[pos++] = 0x53;
! 1372: pack->dhcp.options[pos++] = 0x63;
! 1373:
! 1374: pack->dhcp.options[pos++] = DHCP_OPTION_MESSAGE_TYPE;
! 1375: pack->dhcp.options[pos++] = 1;
! 1376: pack->dhcp.options[pos++] = type;
! 1377:
! 1378: memcpy(&pack->dhcp.options[pos], conn->dhcp_opts.options, DHCP_OPTIONS_LEN-pos);
! 1379: pos += conn->dhcp_opts.option_length;
! 1380:
! 1381: return pos;
! 1382: }
! 1383:
! 1384:
! 1385: /**
! 1386: * dhcp_gettag()
! 1387: * Search a DHCP packet for a particular tag.
! 1388: * Returns -1 if not found.
! 1389: **/
! 1390: int dhcp_gettag(struct dhcp_packet_t *pack, size_t length,
! 1391: struct dhcp_tag_t **tag, uint8_t tagtype) {
! 1392: struct dhcp_tag_t *t;
! 1393: size_t offset = DHCP_MIN_LEN + DHCP_OPTION_MAGIC_LEN;
! 1394:
! 1395: /* if (length > DHCP_LEN) {
! 1396: log_warn(0,"Length of dhcp packet larger then %d: %d", DHCP_LEN, length);
! 1397: length = DHCP_LEN;
! 1398: } */
! 1399:
! 1400: while ((offset + 2) < length) {
! 1401: t = (struct dhcp_tag_t *)(((void *)pack) + offset);
! 1402: if (t->t == tagtype) {
! 1403: if ((offset + 2 + (size_t)(t->l)) > length)
! 1404: return -1; /* Tag length too long */
! 1405: *tag = t;
! 1406: return 0;
! 1407: }
! 1408: offset += 2 + t->l;
! 1409: }
! 1410:
! 1411: return -1; /* Not found */
! 1412: }
! 1413:
! 1414:
! 1415: /**
! 1416: * dhcp_sendOFFER()
! 1417: * Send of a DHCP offer message to a peer.
! 1418: **/
! 1419: int dhcp_sendOFFER(struct dhcp_conn_t *conn,
! 1420: struct dhcp_fullpacket_t *pack, size_t len) {
! 1421:
! 1422: struct dhcp_t *this = conn->parent;
! 1423: struct dhcp_fullpacket_t packet;
! 1424: uint16_t length = 576 + 4; /* Maximum length */
! 1425: uint16_t udp_len = 576 - 20; /* Maximum length */
! 1426: size_t pos = 0;
! 1427:
! 1428: /* Get packet default values */
! 1429: pos = dhcp_create_pkt(DHCPOFFER, &packet, pack, conn);
! 1430:
! 1431: /* DHCP Payload */
! 1432:
! 1433: packet.dhcp.options[pos++] = DHCP_OPTION_SUBNET_MASK;
! 1434: packet.dhcp.options[pos++] = 4;
! 1435: memcpy(&packet.dhcp.options[pos], &conn->hismask.s_addr, 4);
! 1436: pos += 4;
! 1437:
! 1438: packet.dhcp.options[pos++] = DHCP_OPTION_ROUTER_OPTION;
! 1439: packet.dhcp.options[pos++] = 4;
! 1440: memcpy(&packet.dhcp.options[pos], &conn->ourip.s_addr, 4);
! 1441: pos += 4;
! 1442:
! 1443: /* Insert DNS Servers if given */
! 1444: if (conn->dns1.s_addr && conn->dns2.s_addr) {
! 1445: packet.dhcp.options[pos++] = DHCP_OPTION_DNS;
! 1446: packet.dhcp.options[pos++] = 8;
! 1447: memcpy(&packet.dhcp.options[pos], &conn->dns1.s_addr, 4);
! 1448: pos += 4;
! 1449: memcpy(&packet.dhcp.options[pos], &conn->dns2.s_addr, 4);
! 1450: pos += 4;
! 1451: }
! 1452: else if (conn->dns1.s_addr) {
! 1453: packet.dhcp.options[pos++] = DHCP_OPTION_DNS;
! 1454: packet.dhcp.options[pos++] = 4;
! 1455: memcpy(&packet.dhcp.options[pos], &conn->dns1.s_addr, 4);
! 1456: pos += 4;
! 1457: }
! 1458: else if (conn->dns2.s_addr) {
! 1459: packet.dhcp.options[pos++] = DHCP_OPTION_DNS;
! 1460: packet.dhcp.options[pos++] = 4;
! 1461: memcpy(&packet.dhcp.options[pos], &conn->dns2.s_addr, 4);
! 1462: pos += 4;
! 1463: }
! 1464:
! 1465: /* Insert Domain Name if present */
! 1466: if (strlen(conn->domain)) {
! 1467: packet.dhcp.options[pos++] = DHCP_OPTION_DOMAIN_NAME;
! 1468: packet.dhcp.options[pos++] = strlen(conn->domain);
! 1469: memcpy(&packet.dhcp.options[pos], &conn->domain, strlen(conn->domain));
! 1470: pos += strlen(conn->domain);
! 1471: }
! 1472:
! 1473: packet.dhcp.options[pos++] = DHCP_OPTION_LEASE_TIME;
! 1474: packet.dhcp.options[pos++] = 4;
! 1475: packet.dhcp.options[pos++] = (this->lease >> 24) & 0xFF;
! 1476: packet.dhcp.options[pos++] = (this->lease >> 16) & 0xFF;
! 1477: packet.dhcp.options[pos++] = (this->lease >> 8) & 0xFF;
! 1478: packet.dhcp.options[pos++] = (this->lease >> 0) & 0xFF;
! 1479:
! 1480: /* Must be listening address */
! 1481: packet.dhcp.options[pos++] = DHCP_OPTION_SERVER_ID;
! 1482: packet.dhcp.options[pos++] = 4;
! 1483: memcpy(&packet.dhcp.options[pos], &conn->ourip.s_addr, 4);
! 1484: pos += 4;
! 1485:
! 1486: packet.dhcp.options[pos++] = DHCP_OPTION_END;
! 1487:
! 1488: /* UDP header */
! 1489: udp_len = pos + DHCP_MIN_LEN + PKT_UDP_HLEN;
! 1490: packet.udph.len = htons(udp_len);
! 1491:
! 1492: /* IP header */
! 1493: packet.iph.tot_len = htons(udp_len + PKT_IP_HLEN);
! 1494:
! 1495: /* Work out checksums */
! 1496: chksum(&packet.iph);
! 1497:
! 1498: /* Calculate total length */
! 1499: length = udp_len + PKT_IP_HLEN + PKT_ETH_HLEN;
! 1500:
! 1501: return dhcp_send(this, &this->ipif, conn->hismac, &packet, length);
! 1502: }
! 1503:
! 1504: /**
! 1505: * dhcp_sendACK()
! 1506: * Send of a DHCP acknowledge message to a peer.
! 1507: **/
! 1508: int dhcp_sendACK(struct dhcp_conn_t *conn,
! 1509: struct dhcp_fullpacket_t *pack, size_t len) {
! 1510:
! 1511: struct dhcp_t *this = conn->parent;
! 1512: struct dhcp_fullpacket_t packet;
! 1513: uint16_t length = 576 + 4; /* Maximum length */
! 1514: uint16_t udp_len = 576 - 20; /* Maximum length */
! 1515: size_t pos = 0;
! 1516:
! 1517: /* Get packet default values */
! 1518: pos = dhcp_create_pkt(DHCPACK, &packet, pack, conn);
! 1519:
! 1520: /* DHCP Payload */
! 1521: packet.dhcp.options[pos++] = DHCP_OPTION_SUBNET_MASK;
! 1522: packet.dhcp.options[pos++] = 4;
! 1523: memcpy(&packet.dhcp.options[pos], &conn->hismask.s_addr, 4);
! 1524: pos += 4;
! 1525:
! 1526: packet.dhcp.options[pos++] = DHCP_OPTION_ROUTER_OPTION;
! 1527: packet.dhcp.options[pos++] = 4;
! 1528: memcpy(&packet.dhcp.options[pos], &conn->ourip.s_addr, 4);
! 1529: pos += 4;
! 1530:
! 1531: /* Insert DNS Servers if given */
! 1532: if (conn->dns1.s_addr && conn->dns2.s_addr) {
! 1533: packet.dhcp.options[pos++] = DHCP_OPTION_DNS;
! 1534: packet.dhcp.options[pos++] = 8;
! 1535: memcpy(&packet.dhcp.options[pos], &conn->dns1.s_addr, 4);
! 1536: pos += 4;
! 1537: memcpy(&packet.dhcp.options[pos], &conn->dns2.s_addr, 4);
! 1538: pos += 4;
! 1539: }
! 1540: else if (conn->dns1.s_addr) {
! 1541: packet.dhcp.options[pos++] = DHCP_OPTION_DNS;
! 1542: packet.dhcp.options[pos++] = 4;
! 1543: memcpy(&packet.dhcp.options[pos], &conn->dns1.s_addr, 4);
! 1544: pos += 4;
! 1545: }
! 1546: else if (conn->dns2.s_addr) {
! 1547: packet.dhcp.options[pos++] = DHCP_OPTION_DNS;
! 1548: packet.dhcp.options[pos++] = 4;
! 1549: memcpy(&packet.dhcp.options[pos], &conn->dns2.s_addr, 4);
! 1550: pos += 4;
! 1551: }
! 1552:
! 1553: /* Insert Domain Name if present */
! 1554: if (strlen(conn->domain)) {
! 1555: packet.dhcp.options[pos++] = DHCP_OPTION_DOMAIN_NAME;
! 1556: packet.dhcp.options[pos++] = strlen(conn->domain);
! 1557: memcpy(&packet.dhcp.options[pos], &conn->domain, strlen(conn->domain));
! 1558: pos += strlen(conn->domain);
! 1559: }
! 1560:
! 1561: packet.dhcp.options[pos++] = DHCP_OPTION_LEASE_TIME;
! 1562: packet.dhcp.options[pos++] = 4;
! 1563: packet.dhcp.options[pos++] = (this->lease >> 24) & 0xFF;
! 1564: packet.dhcp.options[pos++] = (this->lease >> 16) & 0xFF;
! 1565: packet.dhcp.options[pos++] = (this->lease >> 8) & 0xFF;
! 1566: packet.dhcp.options[pos++] = (this->lease >> 0) & 0xFF;
! 1567:
! 1568: /*
! 1569: packet.dhcp.options[pos++] = DHCP_OPTION_INTERFACE_MTU;
! 1570: packet.dhcp.options[pos++] = 2;
! 1571: packet.dhcp.options[pos++] = (conn->mtu >> 8) & 0xFF;
! 1572: packet.dhcp.options[pos++] = (conn->mtu >> 0) & 0xFF;
! 1573: */
! 1574:
! 1575: /* Must be listening address */
! 1576: packet.dhcp.options[pos++] = DHCP_OPTION_SERVER_ID;
! 1577: packet.dhcp.options[pos++] = 4;
! 1578: memcpy(&packet.dhcp.options[pos], &conn->ourip.s_addr, 4);
! 1579: pos += 4;
! 1580:
! 1581: packet.dhcp.options[pos++] = DHCP_OPTION_END;
! 1582:
! 1583: /* UDP header */
! 1584: udp_len = pos + DHCP_MIN_LEN + PKT_UDP_HLEN;
! 1585: packet.udph.len = htons(udp_len);
! 1586:
! 1587: /* IP header */
! 1588: packet.iph.tot_len = htons(udp_len + PKT_IP_HLEN);
! 1589:
! 1590: /* Work out checksums */
! 1591: chksum(&packet.iph);
! 1592:
! 1593: /* Calculate total length */
! 1594: length = udp_len + PKT_IP_HLEN + PKT_ETH_HLEN;
! 1595:
! 1596: return dhcp_send(this, &this->ipif, conn->hismac, &packet, length);
! 1597: }
! 1598:
! 1599: /**
! 1600: * dhcp_sendNAK()
! 1601: * Send of a DHCP negative acknowledge message to a peer.
! 1602: * NAK messages are always sent to broadcast IP address (
! 1603: * except when using a DHCP relay server)
! 1604: **/
! 1605: int dhcp_sendNAK(struct dhcp_conn_t *conn,
! 1606: struct dhcp_fullpacket_t *pack, size_t len) {
! 1607:
! 1608: struct dhcp_t *this = conn->parent;
! 1609: struct dhcp_fullpacket_t packet;
! 1610: uint16_t length = 576 + 4; /* Maximum length */
! 1611: uint16_t udp_len = 576 - 20; /* Maximum length */
! 1612: size_t pos = 0;
! 1613:
! 1614: /* Get packet default values */
! 1615: pos = dhcp_create_pkt(DHCPNAK, &packet, pack, conn);
! 1616:
! 1617: /* DHCP Payload */
! 1618:
! 1619: /* Must be listening address */
! 1620: packet.dhcp.options[pos++] = DHCP_OPTION_SERVER_ID;
! 1621: packet.dhcp.options[pos++] = 4;
! 1622: memcpy(&packet.dhcp.options[pos], &conn->ourip.s_addr, 4);
! 1623: pos += 4;
! 1624:
! 1625: packet.dhcp.options[pos++] = DHCP_OPTION_END;
! 1626:
! 1627: /* UDP header */
! 1628: udp_len = pos + DHCP_MIN_LEN + PKT_UDP_HLEN;
! 1629: packet.udph.len = htons(udp_len);
! 1630:
! 1631: /* IP header */
! 1632: packet.iph.tot_len = htons(udp_len + PKT_IP_HLEN);
! 1633:
! 1634: /* Work out checksums */
! 1635: chksum(&packet.iph);
! 1636:
! 1637: /* Calculate total length */
! 1638: length = udp_len + PKT_IP_HLEN + PKT_ETH_HLEN;
! 1639:
! 1640: return dhcp_send(this, &this->ipif, conn->hismac, &packet, length);
! 1641: }
! 1642:
! 1643:
! 1644: /**
! 1645: * dhcp_getreq()
! 1646: * Process a received DHCP request and sends a response.
! 1647: **/
! 1648: int dhcp_getreq(struct dhcp_t *this, struct dhcp_fullpacket_t *pack, size_t len) {
! 1649: uint8_t mac[PKT_ETH_ALEN];
! 1650: struct dhcp_tag_t *message_type = 0;
! 1651: struct dhcp_tag_t *requested_ip = 0;
! 1652: struct dhcp_conn_t *conn;
! 1653: struct in_addr addr;
! 1654:
! 1655: if (pack->udph.dst != htons(DHCP_BOOTPS))
! 1656: return 0; /* Not a DHCP packet */
! 1657:
! 1658: if (dhcp_gettag(&pack->dhcp, ntohs(pack->udph.len)-PKT_UDP_HLEN,
! 1659: &message_type, DHCP_OPTION_MESSAGE_TYPE)) {
! 1660: return -1;
! 1661: }
! 1662:
! 1663: if (message_type->l != 1)
! 1664: return -1; /* Wrong length of message type */
! 1665:
! 1666: if (pack->dhcp.giaddr)
! 1667: memcpy(mac, pack->dhcp.chaddr, PKT_ETH_ALEN);
! 1668: else
! 1669: memcpy(mac, pack->ethh.src, PKT_ETH_ALEN);
! 1670:
! 1671: switch(message_type->v[0]) {
! 1672:
! 1673: case DHCPRELEASE:
! 1674: dhcp_release_mac(this, mac, RADIUS_TERMINATE_CAUSE_LOST_CARRIER);
! 1675:
! 1676: case DHCPDISCOVER:
! 1677: case DHCPREQUEST:
! 1678: case DHCPINFORM:
! 1679: break;
! 1680:
! 1681: default:
! 1682: return 0; /* Unsupported message type */
! 1683: }
! 1684:
! 1685: if (this->relayfd > 0) {
! 1686: /** Relay the DHCP request **/
! 1687: struct sockaddr_in addr;
! 1688:
! 1689: memset(&addr, 0, sizeof(addr));
! 1690: addr.sin_family = AF_INET;
! 1691: addr.sin_addr.s_addr = options.dhcpgwip.s_addr;
! 1692: addr.sin_port = htons(options.dhcpgwport);
! 1693:
! 1694: if (options.dhcprelayip.s_addr)
! 1695: pack->dhcp.giaddr = options.dhcprelayip.s_addr;
! 1696: else
! 1697: pack->dhcp.giaddr = options.uamlisten.s_addr;
! 1698:
! 1699: /* if we can't send, lets do dhcp ourselves */
! 1700: if (sendto(this->relayfd, &pack->dhcp, ntohs(pack->udph.len) - PKT_UDP_HLEN, 0,
! 1701: (struct sockaddr *)&addr, sizeof(addr)) < 0) {
! 1702: log_err(errno, "could not relay DHCP request!");
! 1703: }
! 1704: else {
! 1705: return 0;
! 1706: }
! 1707: }
! 1708:
! 1709: if (message_type->v[0] == DHCPRELEASE) {
! 1710: /* No Reply to client is sent */
! 1711: return 0;
! 1712: }
! 1713:
! 1714: /* Check to see if we know MAC address. If not allocate new conn */
! 1715: if (dhcp_hashget(this, &conn, mac)) {
! 1716:
! 1717: /* Do we allow dynamic allocation of IP addresses? */
! 1718: if (!this->allowdyn) /* TODO: Should be deleted! */
! 1719: return 0;
! 1720:
! 1721: /* Allocate new connection */
! 1722: if (dhcp_newconn(this, &conn, mac)) /* TODO: Delete! */
! 1723: return 0; /* Out of connections */
! 1724: }
! 1725:
! 1726: /* Request an IP address */
! 1727: if (conn->authstate == DHCP_AUTH_NONE) {
! 1728: addr.s_addr = pack->dhcp.ciaddr;
! 1729: if (this->cb_request)
! 1730: if (this->cb_request(conn, &addr, pack, len)) {
! 1731: return 0; /* Ignore request if IP address was not allocated */
! 1732: }
! 1733: }
! 1734:
! 1735: conn->lasttime = mainclock;
! 1736:
! 1737: /* Discover message */
! 1738: /* If an IP address was assigned offer it to the client */
! 1739: /* Otherwise ignore the request */
! 1740: if (message_type->v[0] == DHCPDISCOVER) {
! 1741: if (conn->hisip.s_addr)
! 1742: dhcp_sendOFFER(conn, pack, len);
! 1743: return 0;
! 1744: }
! 1745:
! 1746: /* Request message */
! 1747: if (message_type->v[0] == DHCPREQUEST) {
! 1748:
! 1749: if (!conn->hisip.s_addr) {
! 1750: if (this->debug) log_dbg("hisip not set");
! 1751: return dhcp_sendNAK(conn, pack, len);
! 1752: }
! 1753:
! 1754: if (!memcmp(&conn->hisip.s_addr, &pack->dhcp.ciaddr, 4)) {
! 1755: if (this->debug) log_dbg("hisip match ciaddr");
! 1756: return dhcp_sendACK(conn, pack, len);
! 1757: }
! 1758:
! 1759: if (!dhcp_gettag(&pack->dhcp, ntohs(pack->udph.len)-PKT_UDP_HLEN,
! 1760: &requested_ip, DHCP_OPTION_REQUESTED_IP)) {
! 1761: if (!memcmp(&conn->hisip.s_addr, requested_ip->v, 4))
! 1762: return dhcp_sendACK(conn, pack, len);
! 1763: }
! 1764:
! 1765: if (this->debug) log_dbg("Sending NAK to client");
! 1766: return dhcp_sendNAK(conn, pack, len);
! 1767: }
! 1768:
! 1769: /*
! 1770: * Unsupported DHCP message: Ignore
! 1771: */
! 1772: if (this->debug) log_dbg("Unsupported DHCP message ignored");
! 1773: return 0;
! 1774: }
! 1775:
! 1776:
! 1777: /**
! 1778: * dhcp_set_addrs()
! 1779: * Set various IP addresses of a connection.
! 1780: **/
! 1781: int dhcp_set_addrs(struct dhcp_conn_t *conn, struct in_addr *hisip,
! 1782: struct in_addr *hismask, struct in_addr *ourip,
! 1783: struct in_addr *ourmask, struct in_addr *dns1,
! 1784: struct in_addr *dns2, char *domain) {
! 1785:
! 1786: conn->hisip.s_addr = hisip->s_addr;
! 1787: conn->hismask.s_addr = hismask->s_addr;
! 1788: conn->ourip.s_addr = ourip->s_addr;
! 1789: conn->dns1.s_addr = dns1->s_addr;
! 1790: conn->dns2.s_addr = dns2->s_addr;
! 1791:
! 1792: if (domain) {
! 1793: strncpy(conn->domain, domain, DHCP_DOMAIN_LEN);
! 1794: conn->domain[DHCP_DOMAIN_LEN-1] = 0;
! 1795: }
! 1796: else {
! 1797: conn->domain[0] = 0;
! 1798: }
! 1799:
! 1800: if (options.uamanyip &&
! 1801: (hisip->s_addr & ourmask->s_addr) != (ourip->s_addr & ourmask->s_addr)) {
! 1802: /**
! 1803: * We have enabled ''uamanyip'' and the address we are setting does
! 1804: * not fit in ourip's network. In this case, add a route entry.
! 1805: */
! 1806: struct app_conn_t *appconn = (struct app_conn_t *)conn->peer;
! 1807: if (appconn) {
! 1808: struct ippoolm_t *ipm = (struct ippoolm_t*)appconn->uplink;
! 1809: if (ipm && ipm->inuse == 2) {
! 1810: struct in_addr mask;
! 1811: mask.s_addr = 0xffffffff;
! 1812: log_dbg("Adding route for %s %d", inet_ntoa(*hisip),
! 1813: net_add_route(hisip, ourip, &mask));
! 1814: }
! 1815: }
! 1816: }
! 1817:
! 1818: return 0;
! 1819: }
! 1820:
! 1821: static unsigned char const bmac[PKT_ETH_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
! 1822:
! 1823: int dhcp_receive_ip(struct dhcp_t *this, struct pkt_ippacket_t *pack, size_t len) {
! 1824: struct pkt_tcphdr_t *tcph = (struct pkt_tcphdr_t*) pack->payload;
! 1825: /*struct pkt_udphdr_t *udph = (struct pkt_udphdr_t*) pack->payload;*/
! 1826: struct dhcp_conn_t *conn;
! 1827: struct in_addr ourip;
! 1828: struct in_addr addr;
! 1829:
! 1830: /*
! 1831: * Received a packet from the dhcpif
! 1832: */
! 1833:
! 1834: if (this->debug)
! 1835: log_dbg("DHCP packet received");
! 1836:
! 1837: /*
! 1838: * Check that the destination MAC address is our MAC or Broadcast
! 1839: */
! 1840: if ((memcmp(pack->ethh.dst, this->ipif.hwaddr, PKT_ETH_ALEN)) &&
! 1841: (memcmp(pack->ethh.dst, bmac, PKT_ETH_ALEN))) {
! 1842: log_dbg("dropping packet; not for our MAC or broadcast");
! 1843: return 0;
! 1844: }
! 1845:
! 1846: ourip.s_addr = this->ourip.s_addr;
! 1847:
! 1848: /*
! 1849: * DHCP (BOOTPS) packets for broadcast or us specifically
! 1850: */
! 1851: if (((pack->iph.daddr == 0) ||
! 1852: (pack->iph.daddr == 0xffffffff) ||
! 1853: (pack->iph.daddr == ourip.s_addr)) &&
! 1854: ((pack->iph.version_ihl == PKT_IP_VER_HLEN) &&
! 1855: (pack->iph.protocol == PKT_IP_PROTO_UDP) &&
! 1856: (((struct dhcp_fullpacket_t*)pack)->udph.dst == htons(DHCP_BOOTPS)))) {
! 1857: log_dbg("dhcp/bootps request being processed");
! 1858: return dhcp_getreq(this, (struct dhcp_fullpacket_t*) pack, len);
! 1859: }
! 1860:
! 1861: /*
! 1862: * Check to see if we know MAC address
! 1863: */
! 1864: if (!dhcp_hashget(this, &conn, pack->ethh.src)) {
! 1865: if (this->debug) log_dbg("Address found");
! 1866: ourip.s_addr = conn->ourip.s_addr;
! 1867: }
! 1868: else {
! 1869: /* ALPAPAD */
! 1870: struct in_addr reqaddr;
! 1871: /* Get local copy */
! 1872: memcpy(&reqaddr.s_addr, &pack->iph.saddr, PKT_IP_ALEN);
! 1873:
! 1874: if (options.debug)
! 1875: log_dbg("Address not found (%s)", inet_ntoa(reqaddr));
! 1876:
! 1877: /* Do we allow dynamic allocation of IP addresses? */
! 1878: if (!this->allowdyn && !options.uamanyip)
! 1879: return 0;
! 1880:
! 1881: /* Allocate new connection */
! 1882: if (dhcp_newconn(this, &conn, pack->ethh.src)) {
! 1883: if (this->debug)
! 1884: log_dbg("dropping packet; out of connections");
! 1885: return 0; /* Out of connections */
! 1886: }
! 1887: }
! 1888:
! 1889: /* Request an IP address
! 1890: if (options.uamanyip &&
! 1891: conn->authstate == DHCP_AUTH_NONE) {
! 1892: this->cb_request(conn, &pack->iph.saddr);
! 1893: } */
! 1894:
! 1895: /* Return if we do not know peer */
! 1896: if (!conn) {
! 1897: if (this->debug)
! 1898: log_dbg("dropping packet; no peer");
! 1899: return 0;
! 1900: }
! 1901:
! 1902: /*
! 1903: * Request an IP address
! 1904: */
! 1905: if ((conn->authstate == DHCP_AUTH_NONE) &&
! 1906: (options.uamanyip ||
! 1907: ((pack->iph.daddr != 0) &&
! 1908: (pack->iph.daddr != 0xffffffff)))) {
! 1909: addr.s_addr = pack->iph.saddr;
! 1910: if (this->cb_request)
! 1911: if (this->cb_request(conn, &addr, 0, 0)) {
! 1912: if (this->debug)
! 1913: log_dbg("dropping packet; ip not known");
! 1914: return 0; /* Ignore request if IP address was not allocated */
! 1915: }
! 1916: }
! 1917:
! 1918:
! 1919: conn->lasttime = mainclock;
! 1920:
! 1921: /*
! 1922: if (((pack->iph.daddr == conn->dns1.s_addr) ||
! 1923: (pack->iph.daddr == conn->dns2.s_addr)) &&
! 1924: (pack->iph.protocol == PKT_IP_PROTO_UDP) &&
! 1925: (udph->dst == htons(DHCP_DNS))) {
! 1926: if (dhcp_checkDNS(conn, pack, len)) return 0;
! 1927: }*/
! 1928:
! 1929: /* Was it a request for the auto-logout service? */
! 1930: if ((pack->iph.daddr == options.uamlogout.s_addr) &&
! 1931: (pack->iph.protocol == PKT_IP_PROTO_TCP) &&
! 1932: (tcph->dst == htons(DHCP_HTTP))) {
! 1933: if (conn->peer) {
! 1934: struct app_conn_t *appconn = (struct app_conn_t *)conn->peer;
! 1935: if (appconn->s_state.authenticated) {
! 1936: terminate_appconn(appconn, RADIUS_TERMINATE_CAUSE_USER_REQUEST);
! 1937: if (options.debug)
! 1938: log_dbg("Dropping session due to request for auto-logout ip");
! 1939: appconn->uamexit=1;
! 1940: }
! 1941: }
! 1942: }
! 1943:
! 1944: switch (conn->authstate) {
! 1945: case DHCP_AUTH_PASS:
! 1946: /* Check for post-auth proxy, otherwise pass packets unmodified */
! 1947: dhcp_postauthDNAT(conn, pack, len, 0);
! 1948: break;
! 1949:
! 1950: case DHCP_AUTH_UNAUTH_TOS:
! 1951: /* Set TOS to specified value (unauthenticated) */
! 1952: pack->iph.tos = conn->unauth_cp;
! 1953: chksum(&pack->iph);
! 1954: break;
! 1955:
! 1956: case DHCP_AUTH_AUTH_TOS:
! 1957: /* Set TOS to specified value (authenticated) */
! 1958: pack->iph.tos = conn->auth_cp;
! 1959: chksum(&pack->iph);
! 1960: break;
! 1961:
! 1962: case DHCP_AUTH_SPLASH:
! 1963: dhcp_doDNAT(conn, pack, len);
! 1964: break;
! 1965:
! 1966: case DHCP_AUTH_DNAT:
! 1967: /* Destination NAT if request to unknown web server */
! 1968: if (dhcp_doDNAT(conn, pack, len)) {
! 1969: if (this->debug) log_dbg("dropping packet; not nat'ed");
! 1970: return 0; /* Drop is not http or dns */
! 1971: }
! 1972: break;
! 1973:
! 1974: case DHCP_AUTH_DROP:
! 1975: default:
! 1976: if (this->debug)
! 1977: log_dbg("dropping packet; auth-drop");
! 1978: return 0;
! 1979: }
! 1980:
! 1981: /*done:*/
! 1982:
! 1983: if (options.usetap) {
! 1984: struct pkt_ethhdr_t *ethh = (struct pkt_ethhdr_t *)pack;
! 1985: memcpy(ethh->dst,tuntap(tun).hwaddr,PKT_ETH_ALEN);
! 1986: }
! 1987:
! 1988: if ((conn->hisip.s_addr) && (this->cb_data_ind)) {
! 1989: this->cb_data_ind(conn, pack, len);
! 1990: } else {
! 1991: if (this->debug)
! 1992: log_dbg("no hisip; packet-drop");
! 1993: }
! 1994:
! 1995: return 0;
! 1996: }
! 1997:
! 1998: /**
! 1999: * Call this function when a new IP packet has arrived. This function
! 2000: * should be part of a select() loop in the application.
! 2001: **/
! 2002: int dhcp_decaps(struct dhcp_t *this) {
! 2003: struct pkt_ippacket_t packet;
! 2004: ssize_t length;
! 2005:
! 2006: if ((length = net_read(&this->ipif, &packet, sizeof(packet))) < 0)
! 2007: return -1;
! 2008:
! 2009: if (this->debug) {
! 2010: struct pkt_ethhdr_t *ethh = &packet.ethh;
! 2011: log_dbg("dhcp_decaps: dst=%.2x:%.2x:%.2x:%.2x:%.2x:%.2x src=%.2x:%.2x:%.2x:%.2x:%.2x:%.2x prot=%.4x",
! 2012: ethh->dst[0],ethh->dst[1],ethh->dst[2],ethh->dst[3],ethh->dst[4],ethh->dst[5],
! 2013: ethh->src[0],ethh->src[1],ethh->src[2],ethh->src[3],ethh->src[4],ethh->src[5],
! 2014: ntohs(ethh->prot));
! 2015: }
! 2016:
! 2017: return dhcp_receive_ip(this, &packet, length);
! 2018: }
! 2019:
! 2020: int dhcp_relay_decaps(struct dhcp_t *this) {
! 2021: struct dhcp_tag_t *message_type = 0;
! 2022: struct dhcp_fullpacket_t fullpack;
! 2023: struct dhcp_conn_t *conn;
! 2024: struct dhcp_packet_t packet;
! 2025: struct sockaddr_in addr;
! 2026: socklen_t fromlen = sizeof(addr);
! 2027: ssize_t length;
! 2028:
! 2029:
! 2030: if ((length = recvfrom(this->relayfd, &packet, sizeof(packet), 0,
! 2031: (struct sockaddr *) &addr, &fromlen)) <= 0) {
! 2032: log_err(errno, "recvfrom() failed");
! 2033: return -1;
! 2034: }
! 2035:
! 2036: log_dbg("DHCP relay response of length %d received", length);
! 2037:
! 2038: if (addr.sin_addr.s_addr != options.dhcpgwip.s_addr) {
! 2039: log_err(0, "received DHCP response from host other than our gateway");
! 2040: return -1;
! 2041: }
! 2042:
! 2043: if (addr.sin_port != htons(options.dhcpgwport)) {
! 2044: log_err(0, "received DHCP response from port other than our gateway");
! 2045: return -1;
! 2046: }
! 2047:
! 2048: if (dhcp_gettag(&packet, length, &message_type, DHCP_OPTION_MESSAGE_TYPE)) {
! 2049: log_err(0, "no message type");
! 2050: return -1;
! 2051: }
! 2052:
! 2053: if (message_type->l != 1) {
! 2054: log_err(0, "wrong message type length");
! 2055: return -1; /* Wrong length of message type */
! 2056: }
! 2057:
! 2058: if (dhcp_hashget(this, &conn, packet.chaddr)) {
! 2059:
! 2060: /* Allocate new connection */
! 2061: if (dhcp_newconn(this, &conn, packet.chaddr)) {
! 2062: log_err(0, "out of connections");
! 2063: return 0; /* Out of connections */
! 2064: }
! 2065:
! 2066: this->cb_request(conn, (struct in_addr *)&packet.yiaddr, 0, 0);
! 2067: }
! 2068:
! 2069: packet.giaddr = 0;
! 2070:
! 2071: memset(&fullpack, 0, sizeof(fullpack));
! 2072:
! 2073: memcpy(fullpack.ethh.dst, conn->hismac, PKT_ETH_ALEN);
! 2074: memcpy(fullpack.ethh.src, this->ipif.hwaddr, PKT_ETH_ALEN);
! 2075: fullpack.ethh.prot = htons(PKT_ETH_PROTO_IP);
! 2076:
! 2077: fullpack.iph.version_ihl = PKT_IP_VER_HLEN;
! 2078: fullpack.iph.tot_len = htons(length + PKT_UDP_HLEN + PKT_IP_HLEN);
! 2079: fullpack.iph.ttl = 0x10;
! 2080: fullpack.iph.protocol = 0x11;
! 2081:
! 2082: fullpack.iph.saddr = conn->ourip.s_addr;
! 2083: fullpack.udph.src = htons(DHCP_BOOTPS);
! 2084: fullpack.udph.len = htons(length + PKT_UDP_HLEN);
! 2085:
! 2086: /*if (fullpack.dhcp.ciaddr) {
! 2087: fullpack.udph.daddr = req->dhcp.ciaddr;
! 2088: fullpack.udph.dst = htons(DHCP_BOOTPC);
! 2089: } else if (req->dhcp.giaddr) {
! 2090: fullpack.iph.daddr = req->dhcp.giaddr;
! 2091: fullpack.udph.dst = htons(DHCP_BOOTPS);
! 2092: } else */
! 2093:
! 2094: if (message_type->v[0] == DHCPNAK || packet.flags[0] & 0x80) {
! 2095: fullpack.iph.daddr = ~0;
! 2096: fullpack.udph.dst = htons(DHCP_BOOTPC);
! 2097: fullpack.dhcp.flags[0] = 0x80;
! 2098: } if (packet.ciaddr) {
! 2099: fullpack.iph.daddr = packet.ciaddr;
! 2100: fullpack.udph.dst = htons(DHCP_BOOTPC);
! 2101: } else {
! 2102: fullpack.iph.daddr = packet.yiaddr;
! 2103: fullpack.udph.dst = htons(DHCP_BOOTPC);
! 2104: }
! 2105:
! 2106: memcpy(&fullpack.dhcp, &packet, sizeof(packet));
! 2107:
! 2108: { /* rewrite the server-id, otherwise will not get subsequent requests */
! 2109: struct dhcp_tag_t *tag = 0;
! 2110: if (!dhcp_gettag(&fullpack.dhcp, length, &tag, DHCP_OPTION_SERVER_ID)) {
! 2111: memcpy(tag->v, &conn->ourip.s_addr, 4);
! 2112: }
! 2113: }
! 2114:
! 2115: chksum(&fullpack.iph);
! 2116:
! 2117: return dhcp_send(this, &this->ipif, conn->hismac, &fullpack,
! 2118: length + PKT_UDP_HLEN + PKT_IP_HLEN + PKT_ETH_HLEN);
! 2119: }
! 2120:
! 2121: /**
! 2122: * dhcp_data_req()
! 2123: * Call this function to send an IP packet to the peer.
! 2124: * Called from the tun_ind function. This method is passed either
! 2125: * an Ethernet frame or an IP packet.
! 2126: **/
! 2127: int dhcp_data_req(struct dhcp_conn_t *conn, void *pack, size_t len, int ethhdr) {
! 2128: struct dhcp_t *this = conn->parent;
! 2129: struct pkt_ippacket_t packet;
! 2130: size_t length = len;
! 2131:
! 2132: if (ethhdr) { /* Ethernet frame */
! 2133: memcpy(&packet, pack, len);
! 2134: } else { /* IP packet */
! 2135: memcpy(&packet.iph, pack, len);
! 2136: length += PKT_ETH_HLEN;
! 2137: }
! 2138:
! 2139: /* Ethernet header */
! 2140: memcpy(packet.ethh.dst, conn->hismac, PKT_ETH_ALEN);
! 2141: memcpy(packet.ethh.src, this->ipif.hwaddr, PKT_ETH_ALEN);
! 2142: packet.ethh.prot = htons(PKT_ETH_PROTO_IP);
! 2143:
! 2144: switch (conn->authstate) {
! 2145:
! 2146: case DHCP_AUTH_PASS:
! 2147: case DHCP_AUTH_AUTH_TOS:
! 2148: dhcp_postauthDNAT(conn, &packet, length, 1);
! 2149: break;
! 2150:
! 2151: case DHCP_AUTH_SPLASH:
! 2152: case DHCP_AUTH_UNAUTH_TOS:
! 2153: dhcp_undoDNAT(conn, &packet, &length);
! 2154: break;
! 2155:
! 2156: case DHCP_AUTH_DNAT:
! 2157: /* undo destination NAT */
! 2158: if (dhcp_undoDNAT(conn, &packet, &length)) {
! 2159: if (this->debug) log_dbg("dhcp_undoDNAT() returns true");
! 2160: return 0;
! 2161: }
! 2162: break;
! 2163:
! 2164: case DHCP_AUTH_DROP:
! 2165: default: return 0;
! 2166: }
! 2167:
! 2168: return dhcp_send(this, &this->ipif, conn->hismac, &packet, length);
! 2169: }
! 2170:
! 2171:
! 2172: /**
! 2173: * dhcp_sendARP()
! 2174: * Send ARP message to peer
! 2175: **/
! 2176: static int
! 2177: dhcp_sendARP(struct dhcp_conn_t *conn, struct arp_fullpacket_t *pack, size_t len) {
! 2178:
! 2179: struct dhcp_t *this = conn->parent;
! 2180: struct arp_fullpacket_t packet;
! 2181: struct in_addr reqaddr;
! 2182: size_t length = sizeof(packet);
! 2183:
! 2184: /* Get local copy */
! 2185: memcpy(&reqaddr.s_addr, pack->arp.tpa, PKT_IP_ALEN);
! 2186:
! 2187: /* Check that request is within limits */
! 2188:
! 2189: /* Get packet default values */
! 2190: memset(&packet, 0, sizeof(packet));
! 2191:
! 2192: /* ARP Payload */
! 2193: packet.arp.hrd = htons(DHCP_HTYPE_ETH);
! 2194: packet.arp.pro = htons(PKT_ETH_PROTO_IP);
! 2195: packet.arp.hln = PKT_ETH_ALEN;
! 2196: packet.arp.pln = PKT_IP_ALEN;
! 2197: packet.arp.op = htons(DHCP_ARP_REPLY);
! 2198:
! 2199: /* Source address */
! 2200: memcpy(packet.arp.sha, this->arpif.hwaddr, PKT_ETH_ALEN);
! 2201: memcpy(packet.arp.spa, &reqaddr.s_addr, PKT_IP_ALEN);
! 2202:
! 2203: /* Target address */
! 2204: memcpy(packet.arp.tha, &conn->hismac, PKT_ETH_ALEN);
! 2205: memcpy(packet.arp.tpa, &conn->hisip.s_addr, PKT_IP_ALEN);
! 2206:
! 2207: /* Ethernet header */
! 2208: memcpy(packet.ethh.dst, conn->hismac, PKT_ETH_ALEN);
! 2209: memcpy(packet.ethh.src, this->ipif.hwaddr, PKT_ETH_ALEN);
! 2210: packet.ethh.prot = htons(PKT_ETH_PROTO_ARP);
! 2211:
! 2212: return dhcp_send(this, &this->arpif, conn->hismac, &packet, length);
! 2213: }
! 2214:
! 2215:
! 2216: int dhcp_receive_arp(struct dhcp_t *this,
! 2217: struct arp_fullpacket_t *pack, size_t len) {
! 2218:
! 2219: unsigned char const bmac[PKT_ETH_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
! 2220: struct dhcp_conn_t *conn;
! 2221: struct in_addr reqaddr;
! 2222: struct in_addr taraddr;
! 2223:
! 2224: /* Check that this is ARP request */
! 2225: if (pack->arp.op != htons(DHCP_ARP_REQUEST)) {
! 2226: if (this->debug)
! 2227: log_dbg("Received other ARP than request!");
! 2228: return 0;
! 2229: }
! 2230:
! 2231: /* Check that MAC address is our MAC or Broadcast */
! 2232: if ((memcmp(pack->ethh.dst, this->ipif.hwaddr, PKT_ETH_ALEN)) &&
! 2233: (memcmp(pack->ethh.dst, bmac, PKT_ETH_ALEN))) {
! 2234: if (this->debug)
! 2235: log_dbg("Received ARP request for other destination!");
! 2236: return 0;
! 2237: }
! 2238:
! 2239: /* get sender IP address */
! 2240: memcpy(&reqaddr.s_addr, &pack->arp.spa, PKT_IP_ALEN);
! 2241:
! 2242: /* get target IP address */
! 2243: memcpy(&taraddr.s_addr, &pack->arp.tpa, PKT_IP_ALEN);
! 2244:
! 2245:
! 2246: /* Check to see if we know MAC address. */
! 2247: if (dhcp_hashget(this, &conn, pack->ethh.src)) {
! 2248:
! 2249: if (options.debug)
! 2250: log_dbg("Address not found: %s", inet_ntoa(reqaddr));
! 2251:
! 2252: /* Do we allow dynamic allocation of IP addresses? */
! 2253: if (!this->allowdyn && !options.uamanyip) {
! 2254: if (this->debug)
! 2255: log_dbg("ARP: Unknown client and no dynip: %s", inet_ntoa(taraddr));
! 2256: return 0;
! 2257: }
! 2258:
! 2259: /* Allocate new connection */
! 2260: if (dhcp_newconn(this, &conn, pack->ethh.src)) {
! 2261: log_warn(0, "ARP: out of connections");
! 2262: return 0; /* Out of connections */
! 2263: }
! 2264: }
! 2265:
! 2266: /* if no sender ip, then client is checking their own ip */
! 2267: if (!reqaddr.s_addr) {
! 2268: /* XXX: lookup in ippool to see if we really do know who has this */
! 2269: /* XXX: it should also ack if *we* are that ip */
! 2270: if (this->debug)
! 2271: log_dbg("ARP: Ignoring self-discovery: %s", inet_ntoa(taraddr));
! 2272:
! 2273: /* If a static ip address... */
! 2274: this->cb_request(conn, &taraddr, 0, 0);
! 2275:
! 2276: return 0;
! 2277: }
! 2278:
! 2279: if (!memcmp(&reqaddr.s_addr, &taraddr.s_addr, 4)) {
! 2280:
! 2281: /* Request an IP address */
! 2282: if (options.uamanyip /*or static ip*/ &&
! 2283: conn->authstate == DHCP_AUTH_NONE) {
! 2284: this->cb_request(conn, &reqaddr, 0, 0);
! 2285: }
! 2286:
! 2287: if (this->debug)
! 2288: log_dbg("ARP: gratuitous arp %s!", inet_ntoa(taraddr));
! 2289:
! 2290: return 0;
! 2291: }
! 2292:
! 2293: if (!conn->hisip.s_addr && !options.uamanyip) {
! 2294: if (this->debug)
! 2295: log_dbg("ARP: request did not come from known client!");
! 2296: return 0; /* Only reply if he was allocated an address */
! 2297: }
! 2298:
! 2299: /* Is ARP request for clients own address: Ignore */
! 2300: if (conn->hisip.s_addr == taraddr.s_addr) {
! 2301: if (this->debug)
! 2302: log_dbg("ARP: hisip equals target ip: %s!",
! 2303: inet_ntoa(conn->hisip));
! 2304: return 0;
! 2305: }
! 2306:
! 2307: if (!options.uamanyip) {
! 2308: /* If ARP request outside of mask: Ignore */
! 2309: if (reqaddr.s_addr &&
! 2310: (conn->hisip.s_addr & conn->hismask.s_addr) !=
! 2311: (reqaddr.s_addr & conn->hismask.s_addr)) {
! 2312: if (this->debug)
! 2313: log_dbg("ARP: request not in our subnet");
! 2314: return 0;
! 2315: }
! 2316:
! 2317: if (memcmp(&conn->ourip.s_addr, &taraddr.s_addr, 4)) { /* if ourip differs from target ip */
! 2318: if (options.debug) {
! 2319: log_dbg("ARP: Did not ask for router address: %s", inet_ntoa(conn->ourip));
! 2320: log_dbg("ARP: Asked for target: %s", inet_ntoa(taraddr));
! 2321: }
! 2322: return 0; /* Only reply if he asked for his router address */
! 2323: }
! 2324: }
! 2325: else if ((taraddr.s_addr != options.dhcplisten.s_addr) &&
! 2326: ((taraddr.s_addr & options.mask.s_addr) == options.net.s_addr)) {
! 2327: /* when uamanyip is on we should ignore arp requests that ARE within our subnet except of course the ones for ourselves */
! 2328: if (options.debug)
! 2329: log_dbg("ARP: request for IP=%s other than us within our subnet(uamanyip on), ignoring", inet_ntoa(taraddr));
! 2330: return 0;
! 2331: }
! 2332:
! 2333: conn->lasttime = mainclock;
! 2334:
! 2335: dhcp_sendARP(conn, pack, len);
! 2336:
! 2337: return 0;
! 2338: }
! 2339:
! 2340:
! 2341: /**
! 2342: * dhcp_arp_ind()
! 2343: * Call this function when a new ARP packet has arrived. This function
! 2344: * should be part of a select() loop in the application.
! 2345: **/
! 2346: int dhcp_arp_ind(struct dhcp_t *this) /* ARP Indication */
! 2347: {
! 2348: struct arp_fullpacket_t packet;
! 2349: ssize_t length;
! 2350:
! 2351: if ((length = net_read(&this->arpif, &packet, sizeof(packet))) < 0)
! 2352: return -1;
! 2353:
! 2354: if (options.debug) {
! 2355: struct pkt_ethhdr_t *ethh = &packet.ethh;
! 2356: log_dbg("arp_decaps: dst=%.2x:%.2x:%.2x:%.2x:%.2x:%.2x src=%.2x:%.2x:%.2x:%.2x:%.2x:%.2x prot=%.4x",
! 2357: ethh->dst[0],ethh->dst[1],ethh->dst[2],ethh->dst[3],ethh->dst[4],ethh->dst[5],
! 2358: ethh->src[0],ethh->src[1],ethh->src[2],ethh->src[3],ethh->src[4],ethh->src[5],
! 2359: ntohs(ethh->prot));
! 2360: }
! 2361:
! 2362: dhcp_receive_arp(this, &packet, length);
! 2363:
! 2364: return 0;
! 2365: }
! 2366:
! 2367:
! 2368: /**
! 2369: * eapol_sendNAK()
! 2370: * Send of a EAPOL negative acknowledge message to a peer.
! 2371: * NAK messages are always sent to broadcast IP address (
! 2372: * except when using a EAPOL relay server)
! 2373: **/
! 2374: int dhcp_senddot1x(struct dhcp_conn_t *conn,
! 2375: struct dot1xpacket_t *pack, size_t len) {
! 2376: struct dhcp_t *this = conn->parent;
! 2377: return dhcp_send(this, &this->eapif, conn->hismac, pack, len);
! 2378: }
! 2379:
! 2380: /**
! 2381: * eapol_sendNAK()
! 2382: * Send of a EAPOL negative acknowledge message to a peer.
! 2383: * NAK messages are always sent to broadcast IP address (
! 2384: * except when using a EAPOL relay server)
! 2385: **/
! 2386: int dhcp_sendEAP(struct dhcp_conn_t *conn, void *pack, size_t len) {
! 2387:
! 2388: struct dhcp_t *this = conn->parent;
! 2389: struct dot1xpacket_t packet;
! 2390:
! 2391: /* Ethernet header */
! 2392: memcpy(packet.ethh.dst, conn->hismac, PKT_ETH_ALEN);
! 2393: memcpy(packet.ethh.src, this->ipif.hwaddr, PKT_ETH_ALEN);
! 2394: packet.ethh.prot = htons(PKT_ETH_PROTO_EAPOL);
! 2395:
! 2396: /* 802.1x header */
! 2397: packet.dot1x.ver = 1;
! 2398: packet.dot1x.type = 0; /* EAP */
! 2399: packet.dot1x.len = htons((uint16_t)len);
! 2400:
! 2401: memcpy(&packet.eap, pack, len);
! 2402:
! 2403: return dhcp_send(this, &this->eapif, conn->hismac, &packet, (PKT_ETH_HLEN + 4 + len));
! 2404: }
! 2405:
! 2406: int dhcp_sendEAPreject(struct dhcp_conn_t *conn, void *pack, size_t len) {
! 2407:
! 2408: /*struct dhcp_t *this = conn->parent;*/
! 2409:
! 2410: struct eap_packet_t packet;
! 2411:
! 2412: if (pack) {
! 2413: dhcp_sendEAP(conn, pack, len);
! 2414: }
! 2415: else {
! 2416: memset(&packet, 0, sizeof(packet));
! 2417: packet.code = 4;
! 2418: packet.id = 1; /* TODO ??? */
! 2419: packet.length = htons(4);
! 2420:
! 2421: dhcp_sendEAP(conn, &packet, 4);
! 2422: }
! 2423:
! 2424: return 0;
! 2425:
! 2426: }
! 2427:
! 2428: int dhcp_receive_eapol(struct dhcp_t *this, struct dot1xpacket_t *pack) {
! 2429: struct dhcp_conn_t *conn = NULL;
! 2430: unsigned char const bmac[PKT_ETH_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
! 2431: unsigned char const amac[PKT_ETH_ALEN] = {0x01, 0x80, 0xc2, 0x00, 0x00, 0x03};
! 2432:
! 2433: /* Check to see if we know MAC address. */
! 2434: if (!dhcp_hashget(this, &conn, pack->ethh.src)) {
! 2435: if (this->debug) log_dbg("Address found");
! 2436: }
! 2437: else {
! 2438: if (this->debug) log_dbg("Address not found");
! 2439: }
! 2440:
! 2441: if (this->debug)
! 2442: log_dbg("IEEE 802.1x Packet: %.2x, %.2x %d",
! 2443: pack->dot1x.ver, pack->dot1x.type,
! 2444: ntohs(pack->dot1x.len));
! 2445:
! 2446: /* Check that MAC address is our MAC, Broadcast or authentication MAC */
! 2447: if ((memcmp(pack->ethh.dst, this->ipif.hwaddr, PKT_ETH_ALEN)) &&
! 2448: (memcmp(pack->ethh.dst, bmac, PKT_ETH_ALEN)) &&
! 2449: (memcmp(pack->ethh.dst, amac, PKT_ETH_ALEN)))
! 2450: return 0;
! 2451:
! 2452: if (pack->dot1x.type == 1) { /* Start */
! 2453: struct dot1xpacket_t p;
! 2454: memset(&p, 0, sizeof(p));
! 2455:
! 2456: /* Allocate new connection */
! 2457: if (conn == NULL) {
! 2458: if (dhcp_newconn(this, &conn, pack->ethh.src))
! 2459: return 0; /* Out of connections */
! 2460: }
! 2461:
! 2462: /* Ethernet header */
! 2463: memcpy(p.ethh.dst, pack->ethh.src, PKT_ETH_ALEN);
! 2464: memcpy(p.ethh.src, this->ipif.hwaddr, PKT_ETH_ALEN);
! 2465: p.ethh.prot = htons(PKT_ETH_PROTO_EAPOL);
! 2466:
! 2467: /* 802.1x header */
! 2468: p.dot1x.ver = 1;
! 2469: p.dot1x.type = 0; /* EAP */
! 2470: p.dot1x.len = htons(5);
! 2471:
! 2472: /* EAP Packet */
! 2473: p.eap.code = 1;
! 2474: p.eap.id = 1;
! 2475: p.eap.length = htons(5);
! 2476: p.eap.type = 1; /* Identity */
! 2477:
! 2478: dhcp_senddot1x(conn, &p, PKT_ETH_HLEN + 4 + 5);
! 2479: return 0;
! 2480: }
! 2481: else if (pack->dot1x.type == 0) { /* EAP */
! 2482:
! 2483: /* TODO: Currently we only support authentications starting with a
! 2484: client sending a EAPOL start message. Need to also support
! 2485: authenticator initiated communications. */
! 2486: if (!conn)
! 2487: return 0;
! 2488:
! 2489: conn->lasttime = mainclock;
! 2490:
! 2491: if (this->cb_eap_ind)
! 2492: this->cb_eap_ind(conn, &pack->eap, ntohs(pack->eap.length));
! 2493:
! 2494: return 0;
! 2495: }
! 2496: else { /* Check for logoff */
! 2497: return 0;
! 2498: }
! 2499: }
! 2500:
! 2501: /**
! 2502: * dhcp_eapol_ind()
! 2503: * Call this function when a new EAPOL packet has arrived. This function
! 2504: * should be part of a select() loop in the application.
! 2505: **/
! 2506: int dhcp_eapol_ind(struct dhcp_t *this) {
! 2507: struct dot1xpacket_t packet;
! 2508: ssize_t length;
! 2509:
! 2510: if ((length = net_read(&this->eapif, &packet, sizeof(packet))) < 0)
! 2511: return -1;
! 2512:
! 2513: if (options.debug) {
! 2514: struct pkt_ethhdr_t *ethh = &packet.ethh;
! 2515: log_dbg("eapol_decaps: dst=%.2x:%.2x:%.2x:%.2x:%.2x:%.2x src=%.2x:%.2x:%.2x:%.2x:%.2x:%.2x prot=%.4x",
! 2516: ethh->dst[0],ethh->dst[1],ethh->dst[2],ethh->dst[3],ethh->dst[4],ethh->dst[5],
! 2517: ethh->src[0],ethh->src[1],ethh->src[2],ethh->src[3],ethh->src[4],ethh->src[5],
! 2518: ntohs(ethh->prot));
! 2519: }
! 2520:
! 2521: return dhcp_receive_eapol(this, &packet);
! 2522: }
! 2523:
! 2524:
! 2525: /**
! 2526: * dhcp_set_cb_eap_ind()
! 2527: * Set callback function which is called when packet has arrived
! 2528: * Used for eap packets
! 2529: **/
! 2530: int dhcp_set_cb_eap_ind(struct dhcp_t *this,
! 2531: int (*cb_eap_ind) (struct dhcp_conn_t *conn, void *pack, size_t len)) {
! 2532: this->cb_eap_ind = cb_eap_ind;
! 2533: return 0;
! 2534: }
! 2535:
! 2536:
! 2537: /**
! 2538: * dhcp_set_cb_data_ind()
! 2539: * Set callback function which is called when packet has arrived
! 2540: **/
! 2541: int dhcp_set_cb_data_ind(struct dhcp_t *this,
! 2542: int (*cb_data_ind) (struct dhcp_conn_t *conn, void *pack, size_t len)) {
! 2543: this->cb_data_ind = cb_data_ind;
! 2544: return 0;
! 2545: }
! 2546:
! 2547:
! 2548: /**
! 2549: * dhcp_set_cb_data_ind()
! 2550: * Set callback function which is called when a dhcp request is received
! 2551: **/
! 2552: int dhcp_set_cb_request(struct dhcp_t *this,
! 2553: int (*cb_request) (struct dhcp_conn_t *conn, struct in_addr *addr, struct dhcp_fullpacket_t *pack, size_t len)) {
! 2554: this->cb_request = cb_request;
! 2555: return 0;
! 2556: }
! 2557:
! 2558:
! 2559: /**
! 2560: * dhcp_set_cb_connect()
! 2561: * Set callback function which is called when a connection is created
! 2562: **/
! 2563: int dhcp_set_cb_connect(struct dhcp_t *this,
! 2564: int (*cb_connect) (struct dhcp_conn_t *conn)) {
! 2565: this->cb_connect = cb_connect;
! 2566: return 0;
! 2567: }
! 2568:
! 2569: /**
! 2570: * dhcp_set_cb_disconnect()
! 2571: * Set callback function which is called when a connection is deleted
! 2572: **/
! 2573: int dhcp_set_cb_disconnect(struct dhcp_t *this,
! 2574: int (*cb_disconnect) (struct dhcp_conn_t *conn, int term_cause)) {
! 2575: this->cb_disconnect = cb_disconnect;
! 2576: return 0;
! 2577: }
! 2578:
! 2579: int dhcp_set_cb_getinfo(struct dhcp_t *this,
! 2580: int (*cb_getinfo) (struct dhcp_conn_t *conn, bstring b, int fmt)) {
! 2581: this->cb_getinfo = cb_getinfo;
! 2582: return 0;
! 2583: }
! 2584:
! 2585:
! 2586: #if defined (__FreeBSD__) || defined (__APPLE__) || defined (__OpenBSD__)
! 2587:
! 2588: int dhcp_receive(struct dhcp_t *this) {
! 2589: ssize_t length = 0;
! 2590: size_t offset = 0;
! 2591: struct bpf_hdr *hdrp;
! 2592: struct pkt_ethhdr_t *ethhdr;
! 2593:
! 2594: if (this->rbuf_offset == this->rbuf_len) {
! 2595: length = read(this->ipif.fd, this->rbuf, this->rbuf_max);
! 2596:
! 2597: if (length <= 0)
! 2598: return length;
! 2599:
! 2600: this->rbuf_offset = 0;
! 2601: this->rbuf_len = length;
! 2602: }
! 2603:
! 2604: while (this->rbuf_offset != this->rbuf_len) {
! 2605:
! 2606: if (this->rbuf_len - this->rbuf_offset < sizeof(struct bpf_hdr)) {
! 2607: this->rbuf_offset = this->rbuf_len;
! 2608: continue;
! 2609: }
! 2610:
! 2611: hdrp = (struct bpf_hdr *) &this->rbuf[this->rbuf_offset];
! 2612:
! 2613: if (this->rbuf_offset + hdrp->bh_hdrlen + hdrp->bh_caplen >
! 2614: this->rbuf_len) {
! 2615: this->rbuf_offset = this->rbuf_len;
! 2616: continue;
! 2617: }
! 2618:
! 2619: if (hdrp->bh_caplen != hdrp->bh_datalen) {
! 2620: this->rbuf_offset += hdrp->bh_hdrlen + hdrp->bh_caplen;
! 2621: continue;
! 2622: }
! 2623:
! 2624: ethhdr = (struct pkt_ethhdr_t *)
! 2625: (this->rbuf + this->rbuf_offset + hdrp->bh_hdrlen);
! 2626:
! 2627: switch (ntohs(ethhdr->prot)) {
! 2628: case PKT_ETH_PROTO_IP:
! 2629: dhcp_receive_ip(this, (struct pkt_ippacket_t*) ethhdr, hdrp->bh_caplen);
! 2630: break;
! 2631: case PKT_ETH_PROTO_ARP:
! 2632: dhcp_receive_arp(this, (struct arp_fullpacket_t*) ethhdr, hdrp->bh_caplen);
! 2633: break;
! 2634: case PKT_ETH_PROTO_EAPOL:
! 2635: dhcp_receive_eapol(this, (struct dot1xpacket_t*) ethhdr);
! 2636: break;
! 2637:
! 2638: default:
! 2639: break;
! 2640: }
! 2641: this->rbuf_offset += hdrp->bh_hdrlen + hdrp->bh_caplen;
! 2642: };
! 2643: return (0);
! 2644: }
! 2645: #endif
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to dhcp.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / coova-chilli / src