1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2019 Isilon Systems, LLC. 5 * Copyright (c) 2005-2014 Sandvine Incorporated. All rights reserved. 6 * Copyright (c) 2000 Darrell Anderson 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 */ 30 31 #include <sys/cdefs.h> 32 #include "opt_inet.h" 33 34 #include <sys/param.h> 35 #include <sys/systm.h> 36 #include <sys/errno.h> 37 #include <sys/socket.h> 38 #include <sys/sysctl.h> 39 40 #include <net/ethernet.h> 41 #include <net/if.h> 42 #include <net/if_arp.h> 43 #include <net/if_dl.h> 44 #include <net/if_types.h> 45 #include <net/if_var.h> 46 #include <net/if_private.h> 47 48 #include <netinet/in.h> 49 #include <netinet/in_systm.h> 50 #include <netinet/in_var.h> 51 #include <netinet/ip.h> 52 #include <netinet/ip_var.h> 53 #include <netinet/ip_options.h> 54 #include <netinet/udp.h> 55 #include <netinet/udp_var.h> 56 57 #include <machine/in_cksum.h> 58 #include <machine/pcb.h> 59 60 #include <net/debugnet.h> 61 #define DEBUGNET_INTERNAL 62 #include <net/debugnet_int.h> 63 64 int debugnet_arp_nretries = 3; 65 SYSCTL_INT(_net_debugnet, OID_AUTO, arp_nretries, CTLFLAG_RWTUN, 66 &debugnet_arp_nretries, 0, 67 "Number of ARP attempts before giving up"); 68 69 /* 70 * Handler for IP packets: checks their sanity and then processes any debugnet 71 * ACK packets it finds. 72 * 73 * It needs to partially replicate the behaviour of ip_input() and udp_input(). 74 * 75 * Parameters: 76 * pcb a pointer to the live debugnet PCB 77 * mb a pointer to an mbuf * containing the packet received 78 * Updates *mb if m_pullup et al change the pointer 79 * Assumes the calling function will take care of freeing the mbuf 80 */ 81 void 82 debugnet_handle_ip(struct debugnet_pcb *pcb, struct mbuf **mb) 83 { 84 struct ip *ip; 85 struct mbuf *m; 86 unsigned short hlen; 87 88 if (pcb->dp_state < DN_STATE_HAVE_GW_MAC) 89 return; 90 91 /* IP processing. */ 92 m = *mb; 93 if (m->m_pkthdr.len < sizeof(struct ip)) { 94 DNETDEBUG("dropping packet too small for IP header\n"); 95 return; 96 } 97 if (m->m_len < sizeof(struct ip)) { 98 m = m_pullup(m, sizeof(struct ip)); 99 *mb = m; 100 if (m == NULL) { 101 DNETDEBUG("m_pullup failed\n"); 102 return; 103 } 104 } 105 ip = mtod(m, struct ip *); 106 107 /* IP version. */ 108 if (ip->ip_v != IPVERSION) { 109 DNETDEBUG("bad IP version %d\n", ip->ip_v); 110 return; 111 } 112 113 /* Header length. */ 114 hlen = ip->ip_hl << 2; 115 if (hlen < sizeof(struct ip)) { 116 DNETDEBUG("bad IP header length (%hu)\n", hlen); 117 return; 118 } 119 if (hlen > m->m_len) { 120 m = m_pullup(m, hlen); 121 *mb = m; 122 if (m == NULL) { 123 DNETDEBUG("m_pullup failed\n"); 124 return; 125 } 126 ip = mtod(m, struct ip *); 127 } 128 /* Ignore packets with IP options. */ 129 if (hlen > sizeof(struct ip)) { 130 DNETDEBUG("drop packet with IP options\n"); 131 return; 132 } 133 134 #ifdef INVARIANTS 135 if ((IN_LOOPBACK(ntohl(ip->ip_dst.s_addr)) || 136 IN_LOOPBACK(ntohl(ip->ip_src.s_addr))) && 137 (m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0) { 138 DNETDEBUG("Bad IP header (RFC1122)\n"); 139 return; 140 } 141 #endif 142 143 /* Checksum. */ 144 if ((m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) != 0) { 145 if ((m->m_pkthdr.csum_flags & CSUM_IP_VALID) == 0) { 146 DNETDEBUG("bad IP checksum\n"); 147 return; 148 } 149 } else { 150 /* XXX */ ; 151 } 152 153 /* Convert fields to host byte order. */ 154 ip->ip_len = ntohs(ip->ip_len); 155 if (ip->ip_len < hlen) { 156 DNETDEBUG("IP packet smaller (%hu) than header (%hu)\n", 157 ip->ip_len, hlen); 158 return; 159 } 160 if (m->m_pkthdr.len < ip->ip_len) { 161 DNETDEBUG("IP packet bigger (%hu) than ethernet packet (%d)\n", 162 ip->ip_len, m->m_pkthdr.len); 163 return; 164 } 165 if (m->m_pkthdr.len > ip->ip_len) { 166 /* Truncate the packet to the IP length. */ 167 if (m->m_len == m->m_pkthdr.len) { 168 m->m_len = ip->ip_len; 169 m->m_pkthdr.len = ip->ip_len; 170 } else 171 m_adj(m, ip->ip_len - m->m_pkthdr.len); 172 } 173 174 ip->ip_off = ntohs(ip->ip_off); 175 176 /* Check that the source is the server's IP. */ 177 if (ip->ip_src.s_addr != pcb->dp_server) { 178 DNETDEBUG("drop packet not from server (from 0x%x)\n", 179 ip->ip_src.s_addr); 180 return; 181 } 182 183 /* Check if the destination IP is ours. */ 184 if (ip->ip_dst.s_addr != pcb->dp_client) { 185 DNETDEBUGV("drop packet not to our IP\n"); 186 return; 187 } 188 189 if (ip->ip_p != IPPROTO_UDP) { 190 DNETDEBUG("drop non-UDP packet\n"); 191 return; 192 } 193 194 /* Do not deal with fragments. */ 195 if ((ip->ip_off & (IP_MF | IP_OFFMASK)) != 0) { 196 DNETDEBUG("drop fragmented packet\n"); 197 return; 198 } 199 200 if ((m->m_pkthdr.csum_flags & CSUM_PSEUDO_HDR) != 0) { 201 if ((m->m_pkthdr.csum_flags & CSUM_DATA_VALID) == 0) { 202 DNETDEBUG("bad UDP checksum\n"); 203 return; 204 } 205 } else { 206 /* XXX */ ; 207 } 208 209 /* UDP custom is to have packet length not include IP header. */ 210 ip->ip_len -= hlen; 211 212 /* Checked above before decoding IP header. */ 213 MPASS(m->m_pkthdr.len >= sizeof(struct ipovly)); 214 215 /* Put the UDP header at start of chain. */ 216 m_adj(m, sizeof(struct ipovly)); 217 debugnet_handle_udp(pcb, mb); 218 } 219 220 /* 221 * Builds and sends a single ARP request to locate the L2 address for a given 222 * INET address. 223 * 224 * Return value: 225 * 0 on success 226 * errno on error 227 */ 228 static int 229 debugnet_send_arp(struct debugnet_pcb *pcb, in_addr_t dst) 230 { 231 struct ether_addr bcast; 232 struct arphdr *ah; 233 struct ifnet *ifp; 234 struct mbuf *m; 235 int pktlen; 236 237 ifp = pcb->dp_ifp; 238 239 /* Fill-up a broadcast address. */ 240 memset(&bcast, 0xFF, ETHER_ADDR_LEN); 241 m = m_gethdr(M_NOWAIT, MT_DATA); 242 if (m == NULL) { 243 printf("%s: Out of mbufs\n", __func__); 244 return (ENOBUFS); 245 } 246 pktlen = arphdr_len2(ETHER_ADDR_LEN, sizeof(struct in_addr)); 247 m->m_len = pktlen; 248 m->m_pkthdr.len = pktlen; 249 MH_ALIGN(m, pktlen); 250 ah = mtod(m, struct arphdr *); 251 ah->ar_hrd = htons(ARPHRD_ETHER); 252 ah->ar_pro = htons(ETHERTYPE_IP); 253 ah->ar_hln = ETHER_ADDR_LEN; 254 ah->ar_pln = sizeof(struct in_addr); 255 ah->ar_op = htons(ARPOP_REQUEST); 256 memcpy(ar_sha(ah), IF_LLADDR(ifp), ETHER_ADDR_LEN); 257 ((struct in_addr *)ar_spa(ah))->s_addr = pcb->dp_client; 258 bzero(ar_tha(ah), ETHER_ADDR_LEN); 259 ((struct in_addr *)ar_tpa(ah))->s_addr = dst; 260 return (debugnet_ether_output(m, ifp, bcast, ETHERTYPE_ARP)); 261 } 262 263 /* 264 * Handler for ARP packets: checks their sanity and then 265 * 1. If the ARP is a request for our IP, respond with our MAC address 266 * 2. If the ARP is a response from our server, record its MAC address 267 * 268 * It needs to replicate partially the behaviour of arpintr() and 269 * in_arpinput(). 270 * 271 * Parameters: 272 * pcb a pointer to the live debugnet PCB 273 * mb a pointer to an mbuf * containing the packet received 274 * Updates *mb if m_pullup et al change the pointer 275 * Assumes the calling function will take care of freeing the mbuf 276 */ 277 void 278 debugnet_handle_arp(struct debugnet_pcb *pcb, struct mbuf **mb) 279 { 280 char buf[INET_ADDRSTRLEN]; 281 struct in_addr isaddr, itaddr; 282 struct ether_addr dst; 283 struct mbuf *m; 284 struct arphdr *ah; 285 struct ifnet *ifp; 286 uint8_t *enaddr; 287 int req_len, op; 288 289 m = *mb; 290 ifp = m->m_pkthdr.rcvif; 291 if (m->m_len < sizeof(struct arphdr)) { 292 m = m_pullup(m, sizeof(struct arphdr)); 293 *mb = m; 294 if (m == NULL) { 295 DNETDEBUG("runt packet: m_pullup failed\n"); 296 return; 297 } 298 } 299 300 ah = mtod(m, struct arphdr *); 301 if (ntohs(ah->ar_hrd) != ARPHRD_ETHER) { 302 DNETDEBUG("unknown hardware address 0x%2D)\n", 303 (unsigned char *)&ah->ar_hrd, ""); 304 return; 305 } 306 if (ntohs(ah->ar_pro) != ETHERTYPE_IP) { 307 DNETDEBUG("drop ARP for unknown protocol %d\n", 308 ntohs(ah->ar_pro)); 309 return; 310 } 311 req_len = arphdr_len2(ifp->if_addrlen, sizeof(struct in_addr)); 312 if (m->m_len < req_len) { 313 m = m_pullup(m, req_len); 314 *mb = m; 315 if (m == NULL) { 316 DNETDEBUG("runt packet: m_pullup failed\n"); 317 return; 318 } 319 } 320 ah = mtod(m, struct arphdr *); 321 322 op = ntohs(ah->ar_op); 323 memcpy(&isaddr, ar_spa(ah), sizeof(isaddr)); 324 memcpy(&itaddr, ar_tpa(ah), sizeof(itaddr)); 325 enaddr = (uint8_t *)IF_LLADDR(ifp); 326 327 if (memcmp(ar_sha(ah), enaddr, ifp->if_addrlen) == 0) { 328 DNETDEBUG("ignoring ARP from myself\n"); 329 return; 330 } 331 332 if (isaddr.s_addr == pcb->dp_client) { 333 printf("%s: %*D is using my IP address %s!\n", __func__, 334 ifp->if_addrlen, (u_char *)ar_sha(ah), ":", 335 inet_ntoa_r(isaddr, buf)); 336 return; 337 } 338 339 if (memcmp(ar_sha(ah), ifp->if_broadcastaddr, ifp->if_addrlen) == 0) { 340 DNETDEBUG("ignoring ARP from broadcast address\n"); 341 return; 342 } 343 344 if (op == ARPOP_REPLY) { 345 if (isaddr.s_addr != pcb->dp_gateway && 346 isaddr.s_addr != pcb->dp_server) { 347 inet_ntoa_r(isaddr, buf); 348 DNETDEBUG("ignoring ARP reply from %s (not configured" 349 " server or gateway)\n", buf); 350 return; 351 } 352 if (pcb->dp_state >= DN_STATE_HAVE_GW_MAC) { 353 inet_ntoa_r(isaddr, buf); 354 DNETDEBUG("ignoring server ARP reply from %s (already" 355 " have gateway address)\n", buf); 356 return; 357 } 358 MPASS(pcb->dp_state == DN_STATE_INIT); 359 memcpy(pcb->dp_gw_mac.octet, ar_sha(ah), 360 min(ah->ar_hln, ETHER_ADDR_LEN)); 361 362 DNETDEBUG("got server MAC address %6D\n", 363 pcb->dp_gw_mac.octet, ":"); 364 365 pcb->dp_state = DN_STATE_HAVE_GW_MAC; 366 return; 367 } 368 369 if (op != ARPOP_REQUEST) { 370 DNETDEBUG("ignoring ARP non-request/reply\n"); 371 return; 372 } 373 374 if (itaddr.s_addr != pcb->dp_client) { 375 DNETDEBUG("ignoring ARP not to our IP\n"); 376 return; 377 } 378 379 memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln); 380 memcpy(ar_sha(ah), enaddr, ah->ar_hln); 381 memcpy(ar_tpa(ah), ar_spa(ah), ah->ar_pln); 382 memcpy(ar_spa(ah), &itaddr, ah->ar_pln); 383 ah->ar_op = htons(ARPOP_REPLY); 384 ah->ar_pro = htons(ETHERTYPE_IP); 385 m->m_flags &= ~(M_BCAST|M_MCAST); 386 m->m_len = arphdr_len(ah); 387 m->m_pkthdr.len = m->m_len; 388 389 memcpy(dst.octet, ar_tha(ah), ETHER_ADDR_LEN); 390 debugnet_ether_output(m, ifp, dst, ETHERTYPE_ARP); 391 *mb = NULL; 392 } 393 394 /* 395 * Sends ARP requests to locate the server and waits for a response. 396 * We first try to ARP the server itself, and fall back to the provided 397 * gateway if the server appears to be off-link. 398 * 399 * Return value: 400 * 0 on success 401 * errno on error 402 */ 403 int 404 debugnet_arp_gw(struct debugnet_pcb *pcb) 405 { 406 in_addr_t dst; 407 int error, polls, retries; 408 409 dst = pcb->dp_server; 410 restart: 411 for (retries = 0; retries < debugnet_arp_nretries; retries++) { 412 error = debugnet_send_arp(pcb, dst); 413 if (error != 0) 414 return (error); 415 for (polls = 0; polls < debugnet_npolls && 416 pcb->dp_state < DN_STATE_HAVE_GW_MAC; polls++) { 417 debugnet_network_poll(pcb); 418 DELAY(500); 419 } 420 if (pcb->dp_state >= DN_STATE_HAVE_GW_MAC) 421 break; 422 printf("(ARP retry)"); 423 } 424 if (pcb->dp_state >= DN_STATE_HAVE_GW_MAC) 425 return (0); 426 if (dst == pcb->dp_server) { 427 printf("\nFailed to ARP server"); 428 if (pcb->dp_gateway != INADDR_ANY) { 429 printf(", trying to reach gateway...\n"); 430 dst = pcb->dp_gateway; 431 goto restart; 432 } else 433 printf(".\n"); 434 } else 435 printf("\nFailed to ARP gateway.\n"); 436 437 return (ETIMEDOUT); 438 } 439 440 /* 441 * Unreliable IPv4 transmission of an mbuf chain to the debugnet server 442 * Note: can't handle fragmentation; fails if the packet is larger than 443 * ifp->if_mtu after adding the UDP/IP headers 444 * 445 * Parameters: 446 * pcb The debugnet context block 447 * m mbuf chain 448 * 449 * Returns: 450 * int see errno.h, 0 for success 451 */ 452 int 453 debugnet_ip_output(struct debugnet_pcb *pcb, struct mbuf *m) 454 { 455 struct udphdr *udp; 456 struct ifnet *ifp; 457 struct ip *ip; 458 459 MPASS(pcb->dp_state >= DN_STATE_HAVE_GW_MAC); 460 461 ifp = pcb->dp_ifp; 462 463 M_PREPEND(m, sizeof(*ip), M_NOWAIT); 464 if (m == NULL) { 465 printf("%s: out of mbufs\n", __func__); 466 return (ENOBUFS); 467 } 468 469 if (m->m_pkthdr.len > ifp->if_mtu) { 470 printf("%s: Packet is too big: %d > MTU %u\n", __func__, 471 m->m_pkthdr.len, ifp->if_mtu); 472 m_freem(m); 473 return (ENOBUFS); 474 } 475 476 ip = mtod(m, void *); 477 udp = (void *)(ip + 1); 478 479 memset(ip, 0, offsetof(struct ip, ip_p)); 480 ip->ip_p = IPPROTO_UDP; 481 ip->ip_sum = udp->uh_ulen; 482 ip->ip_src = (struct in_addr) { pcb->dp_client }; 483 ip->ip_dst = (struct in_addr) { pcb->dp_server }; 484 485 /* Compute UDP-IPv4 checksum. */ 486 udp->uh_sum = in_cksum(m, m->m_pkthdr.len); 487 if (udp->uh_sum == 0) 488 udp->uh_sum = 0xffff; 489 490 ip->ip_v = IPVERSION; 491 ip->ip_hl = sizeof(*ip) >> 2; 492 ip->ip_tos = 0; 493 ip->ip_len = htons(m->m_pkthdr.len); 494 ip->ip_id = 0; 495 ip->ip_off = htons(IP_DF); 496 ip->ip_ttl = 255; 497 ip->ip_sum = 0; 498 ip->ip_sum = in_cksum(m, sizeof(struct ip)); 499 500 return (debugnet_ether_output(m, ifp, pcb->dp_gw_mac, ETHERTYPE_IP)); 501 } 502