1 /* $OpenBSD: packet.c,v 1.9 2004/05/04 18:58:50 deraadt Exp $ */ 2 3 /* Packet assembly code, originally contributed by Archie Cobbs. */ 4 5 /*- 6 * SPDX-License-Identifier: BSD-3-Clause 7 * 8 * Copyright (c) 1995, 1996, 1999 The Internet Software Consortium. 9 * All rights reserved. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of The Internet Software Consortium nor the names 21 * of its contributors may be used to endorse or promote products derived 22 * from this software without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND 25 * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, 26 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 27 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 28 * DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR 29 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 30 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 31 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 32 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 33 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 34 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 35 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * 38 * This software has been written for the Internet Software Consortium 39 * by Ted Lemon <mellon@fugue.com> in cooperation with Vixie 40 * Enterprises. To learn more about the Internet Software Consortium, 41 * see ``http://www.vix.com/isc''. To learn more about Vixie 42 * Enterprises, see ``http://www.vix.com''. 43 */ 44 45 #include <sys/cdefs.h> 46 __FBSDID("$FreeBSD$"); 47 48 #include "dhcpd.h" 49 50 #include <netinet/in_systm.h> 51 #include <netinet/ip.h> 52 #include <netinet/udp.h> 53 #include <netinet/if_ether.h> 54 55 #define ETHER_HEADER_SIZE (ETHER_ADDR_LEN * 2 + sizeof(u_int16_t)) 56 57 u_int32_t checksum(unsigned char *, unsigned, u_int32_t); 58 u_int32_t wrapsum(u_int32_t); 59 60 u_int32_t 61 checksum(unsigned char *buf, unsigned nbytes, u_int32_t sum) 62 { 63 unsigned i; 64 65 /* Checksum all the pairs of bytes first... */ 66 for (i = 0; i < (nbytes & ~1U); i += 2) { 67 sum += (u_int16_t)ntohs(*((u_int16_t *)(buf + i))); 68 if (sum > 0xFFFF) 69 sum -= 0xFFFF; 70 } 71 72 /* 73 * If there's a single byte left over, checksum it, too. 74 * Network byte order is big-endian, so the remaining byte is 75 * the high byte. 76 */ 77 if (i < nbytes) { 78 sum += buf[i] << 8; 79 if (sum > 0xFFFF) 80 sum -= 0xFFFF; 81 } 82 83 return (sum); 84 } 85 86 u_int32_t 87 wrapsum(u_int32_t sum) 88 { 89 sum = ~sum & 0xFFFF; 90 return (htons(sum)); 91 } 92 93 void 94 assemble_hw_header(struct interface_info *interface, unsigned char *buf, 95 int *bufix) 96 { 97 struct ether_header eh; 98 99 memset(eh.ether_dhost, 0xff, sizeof(eh.ether_dhost)); 100 if (interface->hw_address.hlen == sizeof(eh.ether_shost)) 101 memcpy(eh.ether_shost, interface->hw_address.haddr, 102 sizeof(eh.ether_shost)); 103 else 104 memset(eh.ether_shost, 0x00, sizeof(eh.ether_shost)); 105 106 eh.ether_type = htons(ETHERTYPE_IP); 107 108 memcpy(&buf[*bufix], &eh, ETHER_HEADER_SIZE); 109 *bufix += ETHER_HEADER_SIZE; 110 } 111 112 void 113 assemble_udp_ip_header(unsigned char *buf, int *bufix, u_int32_t from, 114 u_int32_t to, unsigned int port, unsigned char *data, int len) 115 { 116 struct ip ip; 117 struct udphdr udp; 118 119 ip.ip_v = 4; 120 ip.ip_hl = 5; 121 ip.ip_tos = IPTOS_LOWDELAY; 122 ip.ip_len = htons(sizeof(ip) + sizeof(udp) + len); 123 ip.ip_id = 0; 124 ip.ip_off = 0; 125 ip.ip_ttl = 128; 126 ip.ip_p = IPPROTO_UDP; 127 ip.ip_sum = 0; 128 ip.ip_src.s_addr = from; 129 ip.ip_dst.s_addr = to; 130 131 ip.ip_sum = wrapsum(checksum((unsigned char *)&ip, sizeof(ip), 0)); 132 memcpy(&buf[*bufix], &ip, sizeof(ip)); 133 *bufix += sizeof(ip); 134 135 udp.uh_sport = htons(LOCAL_PORT); /* XXX */ 136 udp.uh_dport = port; /* XXX */ 137 udp.uh_ulen = htons(sizeof(udp) + len); 138 memset(&udp.uh_sum, 0, sizeof(udp.uh_sum)); 139 140 udp.uh_sum = wrapsum(checksum((unsigned char *)&udp, sizeof(udp), 141 checksum(data, len, checksum((unsigned char *)&ip.ip_src, 142 2 * sizeof(ip.ip_src), 143 IPPROTO_UDP + (u_int32_t)ntohs(udp.uh_ulen))))); 144 145 memcpy(&buf[*bufix], &udp, sizeof(udp)); 146 *bufix += sizeof(udp); 147 } 148 149 ssize_t 150 decode_hw_header(unsigned char *buf, int bufix, struct hardware *from) 151 { 152 struct ether_header eh; 153 154 memcpy(&eh, buf + bufix, ETHER_HEADER_SIZE); 155 156 memcpy(from->haddr, eh.ether_shost, sizeof(eh.ether_shost)); 157 from->htype = ARPHRD_ETHER; 158 from->hlen = sizeof(eh.ether_shost); 159 160 return (sizeof(eh)); 161 } 162 163 ssize_t 164 decode_udp_ip_header(unsigned char *buf, int bufix, struct sockaddr_in *from, 165 unsigned char *data, int buflen) 166 { 167 struct ip *ip; 168 struct udphdr *udp; 169 u_int32_t ip_len = (buf[bufix] & 0xf) << 2; 170 u_int32_t sum, usum; 171 static int ip_packets_seen; 172 static int ip_packets_bad_checksum; 173 static int udp_packets_seen; 174 static int udp_packets_bad_checksum; 175 static int udp_packets_length_checked; 176 static int udp_packets_length_overflow; 177 int len = 0; 178 179 ip = (struct ip *)(buf + bufix); 180 udp = (struct udphdr *)(buf + bufix + ip_len); 181 182 /* Check the IP header checksum - it should be zero. */ 183 ip_packets_seen++; 184 if (wrapsum(checksum(buf + bufix, ip_len, 0)) != 0) { 185 ip_packets_bad_checksum++; 186 if (ip_packets_seen > 4 && 187 (ip_packets_seen / ip_packets_bad_checksum) < 2) { 188 note("%d bad IP checksums seen in %d packets", 189 ip_packets_bad_checksum, ip_packets_seen); 190 ip_packets_seen = ip_packets_bad_checksum = 0; 191 } 192 return (-1); 193 } 194 195 if (ntohs(ip->ip_len) != buflen) 196 debug("ip length %d disagrees with bytes received %d.", 197 ntohs(ip->ip_len), buflen); 198 199 memcpy(&from->sin_addr, &ip->ip_src, 4); 200 201 /* 202 * Compute UDP checksums, including the ``pseudo-header'', the 203 * UDP header and the data. If the UDP checksum field is zero, 204 * we're not supposed to do a checksum. 205 */ 206 if (!data) { 207 data = buf + bufix + ip_len + sizeof(*udp); 208 len = ntohs(udp->uh_ulen) - sizeof(*udp); 209 udp_packets_length_checked++; 210 if (len + data > buf + bufix + buflen) { 211 udp_packets_length_overflow++; 212 if (udp_packets_length_checked > 4 && 213 (udp_packets_length_checked / 214 udp_packets_length_overflow) < 2) { 215 note("%d udp packets in %d too long - dropped", 216 udp_packets_length_overflow, 217 udp_packets_length_checked); 218 udp_packets_length_overflow = 219 udp_packets_length_checked = 0; 220 } 221 return (-1); 222 } 223 if (len + data != buf + bufix + buflen) 224 debug("accepting packet with data after udp payload."); 225 } 226 227 usum = udp->uh_sum; 228 udp->uh_sum = 0; 229 230 sum = wrapsum(checksum((unsigned char *)udp, sizeof(*udp), 231 checksum(data, len, checksum((unsigned char *)&ip->ip_src, 232 2 * sizeof(ip->ip_src), 233 IPPROTO_UDP + (u_int32_t)ntohs(udp->uh_ulen))))); 234 235 udp_packets_seen++; 236 if (usum && usum != sum) { 237 udp_packets_bad_checksum++; 238 if (udp_packets_seen > 4 && 239 (udp_packets_seen / udp_packets_bad_checksum) < 2) { 240 note("%d bad udp checksums in %d packets", 241 udp_packets_bad_checksum, udp_packets_seen); 242 udp_packets_seen = udp_packets_bad_checksum = 0; 243 } 244 return (-1); 245 } 246 247 memcpy(&from->sin_port, &udp->uh_sport, sizeof(udp->uh_sport)); 248 249 return (ip_len + sizeof(*udp)); 250 } 251