1 /* 2 * Copyright (c) 1992 Regents of the University of California. 3 * All rights reserved. 4 * 5 * This software was developed by the Computer Systems Engineering group 6 * at Lawrence Berkeley Laboratory under DARPA contract BG 91-66 and 7 * contributed to Berkeley. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 /* 35 * The send and receive functions were originally implemented in udp.c and 36 * moved here. Also it is likely some more cleanup can be done, especially 37 * once we will implement the support for tcp. 38 */ 39 40 #include <sys/param.h> 41 #include <sys/socket.h> 42 #include <sys/queue.h> 43 44 #include <string.h> 45 #include <stdbool.h> 46 47 #include <net/if.h> 48 #include <netinet/in.h> 49 #include <netinet/if_ether.h> 50 #include <netinet/in_systm.h> 51 52 #include <netinet/ip.h> 53 #include <netinet/ip_var.h> 54 #include <netinet/udp.h> 55 #include <netinet/udp_var.h> 56 57 #include "stand.h" 58 #include "net.h" 59 60 typedef STAILQ_HEAD(ipqueue, ip_queue) ip_queue_t; 61 struct ip_queue { 62 void *ipq_pkt; 63 struct ip *ipq_hdr; 64 STAILQ_ENTRY(ip_queue) ipq_next; 65 }; 66 67 /* 68 * Fragment re-assembly queue. 69 */ 70 struct ip_reasm { 71 struct in_addr ip_src; 72 struct in_addr ip_dst; 73 uint16_t ip_id; 74 uint8_t ip_proto; 75 uint8_t ip_ttl; 76 size_t ip_total_size; 77 ip_queue_t ip_queue; 78 void *ip_pkt; 79 struct ip *ip_hdr; 80 STAILQ_ENTRY(ip_reasm) ip_next; 81 }; 82 83 STAILQ_HEAD(ire_list, ip_reasm) ire_list = STAILQ_HEAD_INITIALIZER(ire_list); 84 85 /* Caller must leave room for ethernet and ip headers in front!! */ 86 ssize_t 87 sendip(struct iodesc *d, void *pkt, size_t len, uint8_t proto) 88 { 89 ssize_t cc; 90 struct ip *ip; 91 u_char *ea; 92 93 DEBUG_PRINTF(1, ("sendip: proto: %x d=%p called.\n", proto, (void *)d)); 94 DEBUG_PRINTF(1, ("saddr: %s:%d daddr: %s:%d\n", 95 inet_ntoa(d->myip), ntohs(d->myport), 96 inet_ntoa(d->destip), ntohs(d->destport))); 97 98 ip = (struct ip *)pkt - 1; 99 len += sizeof(*ip); 100 101 bzero(ip, sizeof(*ip)); 102 103 ip->ip_v = IPVERSION; /* half-char */ 104 ip->ip_hl = sizeof(*ip) >> 2; /* half-char */ 105 ip->ip_len = htons(len); 106 ip->ip_p = proto; /* char */ 107 ip->ip_ttl = IPDEFTTL; /* char */ 108 ip->ip_src = d->myip; 109 ip->ip_dst = d->destip; 110 ip->ip_sum = in_cksum(ip, sizeof(*ip)); /* short, but special */ 111 112 if (ip->ip_dst.s_addr == INADDR_BROADCAST || ip->ip_src.s_addr == 0 || 113 netmask == 0 || SAMENET(ip->ip_src, ip->ip_dst, netmask)) 114 ea = arpwhohas(d, ip->ip_dst); 115 else 116 ea = arpwhohas(d, gateip); 117 118 cc = sendether(d, ip, len, ea, ETHERTYPE_IP); 119 if (cc == -1) 120 return (-1); 121 if (cc != len) 122 panic("sendip: bad write (%zd != %zd)", cc, len); 123 return (cc - sizeof(*ip)); 124 } 125 126 static void 127 ip_reasm_free(struct ip_reasm *ipr) 128 { 129 struct ip_queue *ipq; 130 131 while ((ipq = STAILQ_FIRST(&ipr->ip_queue)) != NULL) { 132 STAILQ_REMOVE_HEAD(&ipr->ip_queue, ipq_next); 133 free(ipq->ipq_pkt); 134 free(ipq); 135 } 136 free(ipr->ip_pkt); 137 free(ipr); 138 } 139 140 static bool 141 ip_reasm_add(struct ip_reasm *ipr, void *pkt, struct ip *ip) 142 { 143 struct ip_queue *ipq, *p; 144 uint16_t off_q, off_ip; 145 146 if ((ipq = calloc(1, sizeof(*ipq))) == NULL) 147 return (false); 148 149 ipq->ipq_pkt = pkt; 150 ipq->ipq_hdr = ip; 151 152 STAILQ_FOREACH(p, &ipr->ip_queue, ipq_next) { 153 off_q = ntohs(p->ipq_hdr->ip_off) & IP_OFFMASK; 154 off_ip = ntohs(ip->ip_off) & IP_OFFMASK; 155 156 if (off_q == off_ip) { /* duplicate */ 157 free(pkt); 158 free(ipq); 159 return (true); 160 } 161 162 if (off_ip < off_q) { 163 /* 164 * Everything in queue has larger offset, 165 * drop out of loop and insert to HEAD. 166 */ 167 break; 168 } 169 170 /* 171 * p in queue is smaller than ip, check if we need to put 172 * ip after p or after p->next. 173 */ 174 struct ip_queue *next = STAILQ_NEXT(p, ipq_next); 175 if (next == NULL) { 176 /* insert after p */ 177 STAILQ_INSERT_AFTER(&ipr->ip_queue, p, ipq, ipq_next); 178 return (true); 179 } 180 181 off_q = ntohs(next->ipq_hdr->ip_off) & IP_OFFMASK; 182 if (off_ip < off_q) { 183 /* next fragment offset is larger, insert after p. */ 184 STAILQ_INSERT_AFTER(&ipr->ip_queue, p, ipq, ipq_next); 185 return (true); 186 } 187 /* next fragment offset is smaller, loop */ 188 } 189 STAILQ_INSERT_HEAD(&ipr->ip_queue, ipq, ipq_next); 190 return (true); 191 } 192 193 /* 194 * Receive a IP packet and validate it is for us. 195 */ 196 static ssize_t 197 readipv4(struct iodesc *d, void **pkt, void **payload, ssize_t n) 198 { 199 struct ip *ip = *payload; 200 size_t hlen; 201 struct ether_header *eh; 202 struct udphdr *uh; 203 char *ptr = *pkt; 204 struct ip_reasm *ipr; 205 struct ip_queue *ipq, *last; 206 bool morefrag, isfrag; 207 uint16_t fragoffset; 208 209 if (n < sizeof(*ip)) { 210 free(ptr); 211 errno = EAGAIN; /* Call me again. */ 212 return (-1); 213 } 214 215 hlen = ip->ip_hl << 2; 216 if (hlen < sizeof(*ip) || 217 in_cksum(ip, hlen) != 0) { 218 DEBUG_PRINTF(1, ("%s: short hdr or bad cksum.\n", __func__)); 219 free(ptr); 220 errno = EAGAIN; /* Call me again. */ 221 return (-1); 222 } 223 224 if (n < ntohs(ip->ip_len)) { 225 DEBUG_PRINTF(1, ("readip: bad length %zd < %d.\n", 226 n, ntohs(ip->ip_len))); 227 free(ptr); 228 errno = EAGAIN; /* Call me again. */ 229 return (-1); 230 } 231 232 fragoffset = (ntohs(ip->ip_off) & IP_OFFMASK) * 8; 233 morefrag = (ntohs(ip->ip_off) & IP_MF) == 0 ? false : true; 234 isfrag = morefrag || fragoffset != 0; 235 236 uh = (struct udphdr *)((uintptr_t)ip + sizeof(*ip)); 237 238 if (d->myip.s_addr && ip->ip_dst.s_addr != d->myip.s_addr) { 239 DEBUG_PRINTF(1, ("%s: not for us: saddr %s (%d) != %s (%d)\n", 240 __func__, inet_ntoa(d->myip), ntohs(d->myport), 241 inet_ntoa(ip->ip_dst), ntohs(uh->uh_dport))); 242 free(ptr); 243 errno = EAGAIN; /* Call me again. */ 244 return (-1); 245 } 246 247 /* Unfragmented packet. */ 248 if (!isfrag) { 249 DEBUG_PRINTF(1, ("%s: unfragmented saddr %s:%d -> %s:%d\n", 250 __func__, 251 inet_ntoa(ip->ip_src), ntohs(uh->uh_sport), 252 inet_ntoa(ip->ip_dst), ntohs(uh->uh_dport))); 253 /* If there were ip options, make them go away */ 254 if (hlen != sizeof(*ip)) { 255 bcopy(((u_char *)ip) + hlen, uh, 256 ntohs(uh->uh_ulen) - hlen); 257 ip->ip_len = htons(sizeof(*ip)); 258 n -= hlen - sizeof(*ip); 259 } 260 261 n = (n > (ntohs(ip->ip_len) - sizeof(*ip))) ? 262 ntohs(ip->ip_len) - sizeof(*ip) : n; 263 *pkt = ptr; 264 *payload = (void *)((uintptr_t)ip + sizeof(*ip)); 265 return (n); 266 } 267 268 STAILQ_FOREACH(ipr, &ire_list, ip_next) { 269 if (ipr->ip_src.s_addr == ip->ip_src.s_addr && 270 ipr->ip_dst.s_addr == ip->ip_dst.s_addr && 271 ipr->ip_id == ip->ip_id && 272 ipr->ip_proto == ip->ip_p) 273 break; 274 } 275 276 /* Allocate new reassembly entry */ 277 if (ipr == NULL) { 278 if ((ipr = calloc(1, sizeof(*ipr))) == NULL) { 279 free(ptr); 280 return (-1); 281 } 282 283 ipr->ip_src = ip->ip_src; 284 ipr->ip_dst = ip->ip_dst; 285 ipr->ip_id = ip->ip_id; 286 ipr->ip_proto = ip->ip_p; 287 ipr->ip_ttl = MAXTTL; 288 STAILQ_INIT(&ipr->ip_queue); 289 STAILQ_INSERT_TAIL(&ire_list, ipr, ip_next); 290 DEBUG_PRINTF(1, ("%s: new reassembly ID=%d %s -> %s\n", 291 __func__, ntohs(ip->ip_id), inet_ntoa(ip->ip_src), 292 inet_ntoa(ip->ip_dst))); 293 } 294 295 /* 296 * NOTE: with ip_reasm_add() ptr will be stored in reassembly 297 * queue and we can not free it without destroying the queue. 298 */ 299 if (!ip_reasm_add(ipr, ptr, ip)) { 300 STAILQ_REMOVE(&ire_list, ipr, ip_reasm, ip_next); 301 free(ipr); 302 free(ptr); 303 return (-1); 304 } 305 306 /* 307 * Walk the packet list in reassembly queue, if we got all the 308 * fragments, build the packet. 309 */ 310 n = 0; 311 last = NULL; 312 STAILQ_FOREACH(ipq, &ipr->ip_queue, ipq_next) { 313 fragoffset = (ntohs(ipq->ipq_hdr->ip_off) & IP_OFFMASK) * 8; 314 if (fragoffset != n) { 315 DEBUG_PRINTF(1, ("%s: need more fragments %d %s -> ", 316 __func__, ntohs(ipq->ipq_hdr->ip_id), 317 inet_ntoa(ipq->ipq_hdr->ip_src))); 318 DEBUG_PRINTF(1, ("%s offset=%d MF=%d\n", 319 inet_ntoa(ipq->ipq_hdr->ip_dst), 320 fragoffset, 321 (ntohs(ipq->ipq_hdr->ip_off) & IP_MF) != 0)); 322 errno = EAGAIN; 323 return (-1); 324 } 325 326 n += ntohs(ipq->ipq_hdr->ip_len) - (ipq->ipq_hdr->ip_hl << 2); 327 last = ipq; 328 } 329 330 /* complete queue has last packet with MF 0 */ 331 if ((ntohs(last->ipq_hdr->ip_off) & IP_MF) != 0) { 332 DEBUG_PRINTF(1, ("%s: need more fragments %d %s -> ", 333 __func__, ntohs(last->ipq_hdr->ip_id), 334 inet_ntoa(last->ipq_hdr->ip_src))); 335 DEBUG_PRINTF(1, ("%s offset=%d MF=%d\n", 336 inet_ntoa(last->ipq_hdr->ip_dst), 337 (ntohs(last->ipq_hdr->ip_off) & IP_OFFMASK) * 8, 338 (ntohs(last->ipq_hdr->ip_off) & IP_MF) != 0)); 339 errno = EAGAIN; 340 return (-1); 341 } 342 343 ipr->ip_total_size = n + sizeof(*ip) + sizeof(struct ether_header); 344 ipr->ip_pkt = malloc(ipr->ip_total_size + 2); 345 if (ipr->ip_pkt == NULL) { 346 STAILQ_REMOVE(&ire_list, ipr, ip_reasm, ip_next); 347 ip_reasm_free(ipr); 348 return (-1); 349 } 350 351 ipq = STAILQ_FIRST(&ipr->ip_queue); 352 /* Fabricate ethernet header */ 353 eh = (struct ether_header *)((uintptr_t)ipr->ip_pkt + 2); 354 bcopy((void *)((uintptr_t)ipq->ipq_pkt + 2), eh, sizeof(*eh)); 355 356 /* Fabricate IP header */ 357 ipr->ip_hdr = (struct ip *)((uintptr_t)eh + sizeof(*eh)); 358 bcopy(ipq->ipq_hdr, ipr->ip_hdr, sizeof(*ipr->ip_hdr)); 359 ipr->ip_hdr->ip_hl = sizeof(*ipr->ip_hdr) >> 2; 360 ipr->ip_hdr->ip_len = htons(n); 361 ipr->ip_hdr->ip_sum = 0; 362 ipr->ip_hdr->ip_sum = in_cksum(ipr->ip_hdr, sizeof(*ipr->ip_hdr)); 363 364 n = 0; 365 ptr = (char *)((uintptr_t)ipr->ip_hdr + sizeof(*ipr->ip_hdr)); 366 STAILQ_FOREACH(ipq, &ipr->ip_queue, ipq_next) { 367 char *data; 368 size_t len; 369 370 hlen = ipq->ipq_hdr->ip_hl << 2; 371 len = ntohs(ipq->ipq_hdr->ip_len) - hlen; 372 data = (char *)((uintptr_t)ipq->ipq_hdr + hlen); 373 374 bcopy(data, ptr + n, len); 375 n += len; 376 } 377 378 *pkt = ipr->ip_pkt; 379 ipr->ip_pkt = NULL; /* Avoid free from ip_reasm_free() */ 380 *payload = ptr; 381 382 /* Clean up the reassembly list */ 383 while ((ipr = STAILQ_FIRST(&ire_list)) != NULL) { 384 STAILQ_REMOVE_HEAD(&ire_list, ip_next); 385 ip_reasm_free(ipr); 386 } 387 DEBUG_PRINTF(1, ("%s: completed fragments ID=%d %s -> %s\n", 388 __func__, ntohs(ip->ip_id), inet_ntoa(ip->ip_src), 389 inet_ntoa(ip->ip_dst))); 390 return (n); 391 } 392 393 /* 394 * Receive a IP packet. 395 */ 396 ssize_t 397 readip(struct iodesc *d, void **pkt, void **payload, time_t tleft, 398 uint8_t proto) 399 { 400 time_t t; 401 ssize_t ret = -1; 402 403 t = getsecs(); 404 while ((getsecs() - t) < tleft) { 405 ssize_t n; 406 uint16_t etype; /* host order */ 407 void *ptr = NULL; 408 void *data = NULL; 409 410 errno = 0; 411 n = readether(d, &ptr, &data, tleft, &etype); 412 if (n == -1) { 413 free(ptr); 414 continue; 415 } 416 /* Ethernet address checks are done in readether() */ 417 418 /* Need to respond to ARP requests. */ 419 if (etype == ETHERTYPE_ARP) { 420 struct arphdr *ah = data; 421 422 DEBUG_PRINTF(1, ("%s: ARP request\n", __func__)); 423 424 if (ah->ar_op == htons(ARPOP_REQUEST)) { 425 /* Send ARP reply */ 426 arp_reply(d, ah); 427 } 428 free(ptr); 429 continue; /* Get next packet */ 430 } 431 432 if (etype == ETHERTYPE_IP) { 433 struct ip *ip = data; 434 435 if (ip->ip_v == IPVERSION && /* half char */ 436 ip->ip_p == proto) { 437 errno = 0; 438 ret = readipv4(d, &ptr, &data, n); 439 if (ret >= 0) { 440 *pkt = ptr; 441 *payload = data; 442 return (ret); 443 } 444 445 /* 446 * Bubble up the error if it wasn't successful 447 */ 448 if (errno != EAGAIN) 449 return (-1); 450 continue; 451 } 452 DEBUG_PRINTF(1, ("%s: IP version or proto. " 453 "ip_v=%d ip_p=%d\n", 454 __func__, ip->ip_v, ip->ip_p)); 455 free(ptr); 456 continue; 457 } 458 free(ptr); 459 } 460 /* We've exhausted tleft; timeout */ 461 errno = ETIMEDOUT; 462 DEBUG_PRINTF(1, ("%s: timeout\n", __func__)); 463 return (-1); 464 } 465