1 /* $OpenBSD: packet.c,v 1.9 2004/05/04 18:58:50 deraadt Exp $ */
2
3 /* Packet assembly code, originally contributed by Archie Cobbs. */
4
5 /*-
6 * SPDX-License-Identifier: BSD-3-Clause
7 *
8 * Copyright (c) 1995, 1996, 1999 The Internet Software Consortium.
9 * All rights reserved.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 *
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of The Internet Software Consortium nor the names
21 * of its contributors may be used to endorse or promote products derived
22 * from this software without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
25 * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
26 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
27 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
28 * DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
29 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
31 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
32 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
33 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
34 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
35 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * SUCH DAMAGE.
37 *
38 * This software has been written for the Internet Software Consortium
39 * by Ted Lemon <mellon@fugue.com> in cooperation with Vixie
40 * Enterprises. To learn more about the Internet Software Consortium,
41 * see ``http://www.vix.com/isc''. To learn more about Vixie
42 * Enterprises, see ``http://www.vix.com''.
43 */
44
45 #include <sys/cdefs.h>
46 #include "dhcpd.h"
47
48 #include <netinet/in_systm.h>
49 #include <netinet/ip.h>
50 #include <netinet/udp.h>
51 #include <netinet/if_ether.h>
52
53 #define ETHER_HEADER_SIZE (ETHER_ADDR_LEN * 2 + sizeof(u_int16_t))
54
55 u_int32_t checksum(unsigned char *, unsigned, u_int32_t);
56 u_int32_t wrapsum(u_int32_t);
57
58 u_int32_t
checksum(unsigned char * buf,unsigned nbytes,u_int32_t sum)59 checksum(unsigned char *buf, unsigned nbytes, u_int32_t sum)
60 {
61 unsigned i;
62
63 /* Checksum all the pairs of bytes first... */
64 for (i = 0; i < (nbytes & ~1U); i += 2) {
65 sum += (u_int16_t)ntohs(*((u_int16_t *)(buf + i)));
66 if (sum > 0xFFFF)
67 sum -= 0xFFFF;
68 }
69
70 /*
71 * If there's a single byte left over, checksum it, too.
72 * Network byte order is big-endian, so the remaining byte is
73 * the high byte.
74 */
75 if (i < nbytes) {
76 sum += buf[i] << 8;
77 if (sum > 0xFFFF)
78 sum -= 0xFFFF;
79 }
80
81 return (sum);
82 }
83
84 u_int32_t
wrapsum(u_int32_t sum)85 wrapsum(u_int32_t sum)
86 {
87 sum = ~sum & 0xFFFF;
88 return (htons(sum));
89 }
90
91 void
assemble_hw_header(struct interface_info * interface,unsigned char * buf,int * bufix)92 assemble_hw_header(struct interface_info *interface, unsigned char *buf,
93 int *bufix)
94 {
95 struct ether_header eh;
96
97 memset(eh.ether_dhost, 0xff, sizeof(eh.ether_dhost));
98 if (interface->hw_address.hlen == sizeof(eh.ether_shost))
99 memcpy(eh.ether_shost, interface->hw_address.haddr,
100 sizeof(eh.ether_shost));
101 else
102 memset(eh.ether_shost, 0x00, sizeof(eh.ether_shost));
103
104 eh.ether_type = htons(ETHERTYPE_IP);
105
106 memcpy(&buf[*bufix], &eh, ETHER_HEADER_SIZE);
107 *bufix += ETHER_HEADER_SIZE;
108 }
109
110 void
assemble_udp_ip_header(unsigned char * buf,int * bufix,u_int32_t from,u_int32_t to,unsigned int port,unsigned char * data,int len)111 assemble_udp_ip_header(unsigned char *buf, int *bufix, u_int32_t from,
112 u_int32_t to, unsigned int port, unsigned char *data, int len)
113 {
114 struct ip ip;
115 struct udphdr udp;
116
117 ip.ip_v = 4;
118 ip.ip_hl = 5;
119 ip.ip_tos = IPTOS_LOWDELAY;
120 ip.ip_len = htons(sizeof(ip) + sizeof(udp) + len);
121 ip.ip_id = 0;
122 ip.ip_off = 0;
123 ip.ip_ttl = 128;
124 ip.ip_p = IPPROTO_UDP;
125 ip.ip_sum = 0;
126 ip.ip_src.s_addr = from;
127 ip.ip_dst.s_addr = to;
128
129 ip.ip_sum = wrapsum(checksum((unsigned char *)&ip, sizeof(ip), 0));
130 memcpy(&buf[*bufix], &ip, sizeof(ip));
131 *bufix += sizeof(ip);
132
133 udp.uh_sport = htons(LOCAL_PORT); /* XXX */
134 udp.uh_dport = port; /* XXX */
135 udp.uh_ulen = htons(sizeof(udp) + len);
136 memset(&udp.uh_sum, 0, sizeof(udp.uh_sum));
137
138 udp.uh_sum = wrapsum(checksum((unsigned char *)&udp, sizeof(udp),
139 checksum(data, len, checksum((unsigned char *)&ip.ip_src,
140 2 * sizeof(ip.ip_src),
141 IPPROTO_UDP + (u_int32_t)ntohs(udp.uh_ulen)))));
142
143 memcpy(&buf[*bufix], &udp, sizeof(udp));
144 *bufix += sizeof(udp);
145 }
146
147 ssize_t
decode_hw_header(unsigned char * buf,int bufix,struct hardware * from)148 decode_hw_header(unsigned char *buf, int bufix, struct hardware *from)
149 {
150 struct ether_header eh;
151
152 memcpy(&eh, buf + bufix, ETHER_HEADER_SIZE);
153
154 memcpy(from->haddr, eh.ether_shost, sizeof(eh.ether_shost));
155 from->htype = ARPHRD_ETHER;
156 from->hlen = sizeof(eh.ether_shost);
157
158 return (sizeof(eh) + (ntohs(eh.ether_type) == ETHERTYPE_VLAN ?
159 ETHER_VLAN_ENCAP_LEN : 0));
160 }
161
162 ssize_t
decode_udp_ip_header(unsigned char * buf,int bufix,struct sockaddr_in * from,unsigned char * data,int buflen)163 decode_udp_ip_header(unsigned char *buf, int bufix, struct sockaddr_in *from,
164 unsigned char *data, int buflen)
165 {
166 struct ip *ip;
167 struct udphdr *udp;
168 u_int32_t ip_len = (buf[bufix] & 0xf) << 2;
169 u_int32_t sum, usum;
170 static int ip_packets_seen;
171 static int ip_packets_bad_checksum;
172 static int udp_packets_seen;
173 static int udp_packets_bad_checksum;
174 static int udp_packets_length_checked;
175 static int udp_packets_length_overflow;
176 int len = 0;
177
178 ip = (struct ip *)(buf + bufix);
179 udp = (struct udphdr *)(buf + bufix + ip_len);
180
181 /* Check the IP header checksum - it should be zero. */
182 ip_packets_seen++;
183 if (wrapsum(checksum(buf + bufix, ip_len, 0)) != 0) {
184 ip_packets_bad_checksum++;
185 if (ip_packets_seen > 4 && ip_packets_bad_checksum != 0 &&
186 (ip_packets_seen / ip_packets_bad_checksum) < 2) {
187 note("%d bad IP checksums seen in %d packets",
188 ip_packets_bad_checksum, ip_packets_seen);
189 ip_packets_seen = ip_packets_bad_checksum = 0;
190 }
191 return (-1);
192 }
193
194 if (ntohs(ip->ip_len) != buflen)
195 debug("ip length %d disagrees with bytes received %d.",
196 ntohs(ip->ip_len), buflen);
197
198 memcpy(&from->sin_addr, &ip->ip_src, 4);
199
200 /*
201 * Compute UDP checksums, including the ``pseudo-header'', the
202 * UDP header and the data. If the UDP checksum field is zero,
203 * we're not supposed to do a checksum.
204 */
205 if (!data) {
206 data = buf + bufix + ip_len + sizeof(*udp);
207 len = ntohs(udp->uh_ulen) - sizeof(*udp);
208 udp_packets_length_checked++;
209 if (len + data > buf + bufix + buflen) {
210 udp_packets_length_overflow++;
211 if (udp_packets_length_checked > 4 &&
212 (udp_packets_length_checked /
213 udp_packets_length_overflow) < 2) {
214 note("%d udp packets in %d too long - dropped",
215 udp_packets_length_overflow,
216 udp_packets_length_checked);
217 udp_packets_length_overflow =
218 udp_packets_length_checked = 0;
219 }
220 return (-1);
221 }
222 if (len + data != buf + bufix + buflen)
223 debug("accepting packet with data after udp payload.");
224 }
225
226 usum = udp->uh_sum;
227 udp->uh_sum = 0;
228
229 sum = wrapsum(checksum((unsigned char *)udp, sizeof(*udp),
230 checksum(data, len, checksum((unsigned char *)&ip->ip_src,
231 2 * sizeof(ip->ip_src),
232 IPPROTO_UDP + (u_int32_t)ntohs(udp->uh_ulen)))));
233
234 udp_packets_seen++;
235 if (usum && usum != sum) {
236 udp_packets_bad_checksum++;
237 if (udp_packets_seen > 4 && udp_packets_bad_checksum != 0 &&
238 (udp_packets_seen / udp_packets_bad_checksum) < 2) {
239 note("%d bad udp checksums in %d packets",
240 udp_packets_bad_checksum, udp_packets_seen);
241 udp_packets_seen = udp_packets_bad_checksum = 0;
242 }
243 return (-1);
244 }
245
246 memcpy(&from->sin_port, &udp->uh_sport, sizeof(udp->uh_sport));
247
248 return (ip_len + sizeof(*udp));
249 }
250