xref: /freebsd/sbin/dhclient/packet.c (revision 6be3386466ab79a84b48429ae66244f21526d3df)
1 /*	$OpenBSD: packet.c,v 1.9 2004/05/04 18:58:50 deraadt Exp $	*/
2 
3 /* Packet assembly code, originally contributed by Archie Cobbs. */
4 
5 /*-
6  * SPDX-License-Identifier: BSD-3-Clause
7  *
8  * Copyright (c) 1995, 1996, 1999 The Internet Software Consortium.
9  * All rights reserved.
10  *
11  * Redistribution and use in source and binary forms, with or without
12  * modification, are permitted provided that the following conditions
13  * are met:
14  *
15  * 1. Redistributions of source code must retain the above copyright
16  *    notice, this list of conditions and the following disclaimer.
17  * 2. Redistributions in binary form must reproduce the above copyright
18  *    notice, this list of conditions and the following disclaimer in the
19  *    documentation and/or other materials provided with the distribution.
20  * 3. Neither the name of The Internet Software Consortium nor the names
21  *    of its contributors may be used to endorse or promote products derived
22  *    from this software without specific prior written permission.
23  *
24  * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
25  * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
26  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
27  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
28  * DISCLAIMED.  IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
29  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
31  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
32  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
33  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
34  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
35  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36  * SUCH DAMAGE.
37  *
38  * This software has been written for the Internet Software Consortium
39  * by Ted Lemon <mellon@fugue.com> in cooperation with Vixie
40  * Enterprises.  To learn more about the Internet Software Consortium,
41  * see ``http://www.vix.com/isc''.  To learn more about Vixie
42  * Enterprises, see ``http://www.vix.com''.
43  */
44 
45 #include <sys/cdefs.h>
46 __FBSDID("$FreeBSD$");
47 
48 #include "dhcpd.h"
49 
50 #include <netinet/in_systm.h>
51 #include <netinet/ip.h>
52 #include <netinet/udp.h>
53 #include <netinet/if_ether.h>
54 
55 #define ETHER_HEADER_SIZE (ETHER_ADDR_LEN * 2 + sizeof(u_int16_t))
56 
57 u_int32_t	checksum(unsigned char *, unsigned, u_int32_t);
58 u_int32_t	wrapsum(u_int32_t);
59 
60 u_int32_t
61 checksum(unsigned char *buf, unsigned nbytes, u_int32_t sum)
62 {
63 	unsigned i;
64 
65 	/* Checksum all the pairs of bytes first... */
66 	for (i = 0; i < (nbytes & ~1U); i += 2) {
67 		sum += (u_int16_t)ntohs(*((u_int16_t *)(buf + i)));
68 		if (sum > 0xFFFF)
69 			sum -= 0xFFFF;
70 	}
71 
72 	/*
73 	 * If there's a single byte left over, checksum it, too.
74 	 * Network byte order is big-endian, so the remaining byte is
75 	 * the high byte.
76 	 */
77 	if (i < nbytes) {
78 		sum += buf[i] << 8;
79 		if (sum > 0xFFFF)
80 			sum -= 0xFFFF;
81 	}
82 
83 	return (sum);
84 }
85 
86 u_int32_t
87 wrapsum(u_int32_t sum)
88 {
89 	sum = ~sum & 0xFFFF;
90 	return (htons(sum));
91 }
92 
93 void
94 assemble_hw_header(struct interface_info *interface, unsigned char *buf,
95     int *bufix)
96 {
97 	struct ether_header eh;
98 
99 	memset(eh.ether_dhost, 0xff, sizeof(eh.ether_dhost));
100 	if (interface->hw_address.hlen == sizeof(eh.ether_shost))
101 		memcpy(eh.ether_shost, interface->hw_address.haddr,
102 		    sizeof(eh.ether_shost));
103 	else
104 		memset(eh.ether_shost, 0x00, sizeof(eh.ether_shost));
105 
106 	eh.ether_type = htons(ETHERTYPE_IP);
107 
108 	memcpy(&buf[*bufix], &eh, ETHER_HEADER_SIZE);
109 	*bufix += ETHER_HEADER_SIZE;
110 }
111 
112 void
113 assemble_udp_ip_header(unsigned char *buf, int *bufix, u_int32_t from,
114     u_int32_t to, unsigned int port, unsigned char *data, int len)
115 {
116 	struct ip ip;
117 	struct udphdr udp;
118 
119 	ip.ip_v = 4;
120 	ip.ip_hl = 5;
121 	ip.ip_tos = IPTOS_LOWDELAY;
122 	ip.ip_len = htons(sizeof(ip) + sizeof(udp) + len);
123 	ip.ip_id = 0;
124 	ip.ip_off = 0;
125 	ip.ip_ttl = 128;
126 	ip.ip_p = IPPROTO_UDP;
127 	ip.ip_sum = 0;
128 	ip.ip_src.s_addr = from;
129 	ip.ip_dst.s_addr = to;
130 
131 	ip.ip_sum = wrapsum(checksum((unsigned char *)&ip, sizeof(ip), 0));
132 	memcpy(&buf[*bufix], &ip, sizeof(ip));
133 	*bufix += sizeof(ip);
134 
135 	udp.uh_sport = htons(LOCAL_PORT);	/* XXX */
136 	udp.uh_dport = port;			/* XXX */
137 	udp.uh_ulen = htons(sizeof(udp) + len);
138 	memset(&udp.uh_sum, 0, sizeof(udp.uh_sum));
139 
140 	udp.uh_sum = wrapsum(checksum((unsigned char *)&udp, sizeof(udp),
141 	    checksum(data, len, checksum((unsigned char *)&ip.ip_src,
142 	    2 * sizeof(ip.ip_src),
143 	    IPPROTO_UDP + (u_int32_t)ntohs(udp.uh_ulen)))));
144 
145 	memcpy(&buf[*bufix], &udp, sizeof(udp));
146 	*bufix += sizeof(udp);
147 }
148 
149 ssize_t
150 decode_hw_header(unsigned char *buf, int bufix, struct hardware *from)
151 {
152 	struct ether_header eh;
153 
154 	memcpy(&eh, buf + bufix, ETHER_HEADER_SIZE);
155 
156 	memcpy(from->haddr, eh.ether_shost, sizeof(eh.ether_shost));
157 	from->htype = ARPHRD_ETHER;
158 	from->hlen = sizeof(eh.ether_shost);
159 
160 	return (sizeof(eh));
161 }
162 
163 ssize_t
164 decode_udp_ip_header(unsigned char *buf, int bufix, struct sockaddr_in *from,
165     unsigned char *data, int buflen)
166 {
167 	struct ip *ip;
168 	struct udphdr *udp;
169 	u_int32_t ip_len = (buf[bufix] & 0xf) << 2;
170 	u_int32_t sum, usum;
171 	static int ip_packets_seen;
172 	static int ip_packets_bad_checksum;
173 	static int udp_packets_seen;
174 	static int udp_packets_bad_checksum;
175 	static int udp_packets_length_checked;
176 	static int udp_packets_length_overflow;
177 	int len = 0;
178 
179 	ip = (struct ip *)(buf + bufix);
180 	udp = (struct udphdr *)(buf + bufix + ip_len);
181 
182 	/* Check the IP header checksum - it should be zero. */
183 	ip_packets_seen++;
184 	if (wrapsum(checksum(buf + bufix, ip_len, 0)) != 0) {
185 		ip_packets_bad_checksum++;
186 		if (ip_packets_seen > 4 && ip_packets_bad_checksum != 0 &&
187 		    (ip_packets_seen / ip_packets_bad_checksum) < 2) {
188 			note("%d bad IP checksums seen in %d packets",
189 			    ip_packets_bad_checksum, ip_packets_seen);
190 			ip_packets_seen = ip_packets_bad_checksum = 0;
191 		}
192 		return (-1);
193 	}
194 
195 	if (ntohs(ip->ip_len) != buflen)
196 		debug("ip length %d disagrees with bytes received %d.",
197 		    ntohs(ip->ip_len), buflen);
198 
199 	memcpy(&from->sin_addr, &ip->ip_src, 4);
200 
201 	/*
202 	 * Compute UDP checksums, including the ``pseudo-header'', the
203 	 * UDP header and the data.   If the UDP checksum field is zero,
204 	 * we're not supposed to do a checksum.
205 	 */
206 	if (!data) {
207 		data = buf + bufix + ip_len + sizeof(*udp);
208 		len = ntohs(udp->uh_ulen) - sizeof(*udp);
209 		udp_packets_length_checked++;
210 		if (len + data > buf + bufix + buflen) {
211 			udp_packets_length_overflow++;
212 			if (udp_packets_length_checked > 4 &&
213 			    (udp_packets_length_checked /
214 			    udp_packets_length_overflow) < 2) {
215 				note("%d udp packets in %d too long - dropped",
216 				    udp_packets_length_overflow,
217 				    udp_packets_length_checked);
218 				udp_packets_length_overflow =
219 				    udp_packets_length_checked = 0;
220 			}
221 			return (-1);
222 		}
223 		if (len + data != buf + bufix + buflen)
224 			debug("accepting packet with data after udp payload.");
225 	}
226 
227 	usum = udp->uh_sum;
228 	udp->uh_sum = 0;
229 
230 	sum = wrapsum(checksum((unsigned char *)udp, sizeof(*udp),
231 	    checksum(data, len, checksum((unsigned char *)&ip->ip_src,
232 	    2 * sizeof(ip->ip_src),
233 	    IPPROTO_UDP + (u_int32_t)ntohs(udp->uh_ulen)))));
234 
235 	udp_packets_seen++;
236 	if (usum && usum != sum) {
237 		udp_packets_bad_checksum++;
238 		if (udp_packets_seen > 4 && udp_packets_bad_checksum != 0 &&
239 		    (udp_packets_seen / udp_packets_bad_checksum) < 2) {
240 			note("%d bad udp checksums in %d packets",
241 			    udp_packets_bad_checksum, udp_packets_seen);
242 			udp_packets_seen = udp_packets_bad_checksum = 0;
243 		}
244 		return (-1);
245 	}
246 
247 	memcpy(&from->sin_port, &udp->uh_sport, sizeof(udp->uh_sport));
248 
249 	return (ip_len + sizeof(*udp));
250 }
251