1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2019 Isilon Systems, LLC. 5 * Copyright (c) 2005-2014 Sandvine Incorporated. All rights reserved. 6 * Copyright (c) 2000 Darrell Anderson 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 */ 30 31 #include <sys/cdefs.h> 32 __FBSDID("$FreeBSD$"); 33 34 #include "opt_inet.h" 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/errno.h> 39 #include <sys/socket.h> 40 #include <sys/sysctl.h> 41 42 #include <net/ethernet.h> 43 #include <net/if.h> 44 #include <net/if_arp.h> 45 #include <net/if_dl.h> 46 #include <net/if_types.h> 47 #include <net/if_var.h> 48 49 #include <netinet/in.h> 50 #include <netinet/in_systm.h> 51 #include <netinet/in_var.h> 52 #include <netinet/ip.h> 53 #include <netinet/ip_var.h> 54 #include <netinet/ip_options.h> 55 #include <netinet/udp.h> 56 #include <netinet/udp_var.h> 57 58 #include <machine/in_cksum.h> 59 #include <machine/pcb.h> 60 61 #include <net/debugnet.h> 62 #define DEBUGNET_INTERNAL 63 #include <net/debugnet_int.h> 64 65 int debugnet_arp_nretries = 3; 66 SYSCTL_INT(_net_debugnet, OID_AUTO, arp_nretries, CTLFLAG_RWTUN, 67 &debugnet_arp_nretries, 0, 68 "Number of ARP attempts before giving up"); 69 70 /* 71 * Handler for IP packets: checks their sanity and then processes any debugnet 72 * ACK packets it finds. 73 * 74 * It needs to partially replicate the behaviour of ip_input() and udp_input(). 75 * 76 * Parameters: 77 * pcb a pointer to the live debugnet PCB 78 * mb a pointer to an mbuf * containing the packet received 79 * Updates *mb if m_pullup et al change the pointer 80 * Assumes the calling function will take care of freeing the mbuf 81 */ 82 void 83 debugnet_handle_ip(struct debugnet_pcb *pcb, struct mbuf **mb) 84 { 85 struct ip *ip; 86 struct mbuf *m; 87 unsigned short hlen; 88 89 if (pcb->dp_state < DN_STATE_HAVE_GW_MAC) 90 return; 91 92 /* IP processing. */ 93 m = *mb; 94 if (m->m_pkthdr.len < sizeof(struct ip)) { 95 DNETDEBUG("dropping packet too small for IP header\n"); 96 return; 97 } 98 if (m->m_len < sizeof(struct ip)) { 99 m = m_pullup(m, sizeof(struct ip)); 100 *mb = m; 101 if (m == NULL) { 102 DNETDEBUG("m_pullup failed\n"); 103 return; 104 } 105 } 106 ip = mtod(m, struct ip *); 107 108 /* IP version. */ 109 if (ip->ip_v != IPVERSION) { 110 DNETDEBUG("bad IP version %d\n", ip->ip_v); 111 return; 112 } 113 114 /* Header length. */ 115 hlen = ip->ip_hl << 2; 116 if (hlen < sizeof(struct ip)) { 117 DNETDEBUG("bad IP header length (%hu)\n", hlen); 118 return; 119 } 120 if (hlen > m->m_len) { 121 m = m_pullup(m, hlen); 122 *mb = m; 123 if (m == NULL) { 124 DNETDEBUG("m_pullup failed\n"); 125 return; 126 } 127 ip = mtod(m, struct ip *); 128 } 129 /* Ignore packets with IP options. */ 130 if (hlen > sizeof(struct ip)) { 131 DNETDEBUG("drop packet with IP options\n"); 132 return; 133 } 134 135 #ifdef INVARIANTS 136 if ((IN_LOOPBACK(ntohl(ip->ip_dst.s_addr)) || 137 IN_LOOPBACK(ntohl(ip->ip_src.s_addr))) && 138 (m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0) { 139 DNETDEBUG("Bad IP header (RFC1122)\n"); 140 return; 141 } 142 #endif 143 144 /* Checksum. */ 145 if ((m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) != 0) { 146 if ((m->m_pkthdr.csum_flags & CSUM_IP_VALID) == 0) { 147 DNETDEBUG("bad IP checksum\n"); 148 return; 149 } 150 } else { 151 /* XXX */ ; 152 } 153 154 /* Convert fields to host byte order. */ 155 ip->ip_len = ntohs(ip->ip_len); 156 if (ip->ip_len < hlen) { 157 DNETDEBUG("IP packet smaller (%hu) than header (%hu)\n", 158 ip->ip_len, hlen); 159 return; 160 } 161 if (m->m_pkthdr.len < ip->ip_len) { 162 DNETDEBUG("IP packet bigger (%hu) than ethernet packet (%d)\n", 163 ip->ip_len, m->m_pkthdr.len); 164 return; 165 } 166 if (m->m_pkthdr.len > ip->ip_len) { 167 /* Truncate the packet to the IP length. */ 168 if (m->m_len == m->m_pkthdr.len) { 169 m->m_len = ip->ip_len; 170 m->m_pkthdr.len = ip->ip_len; 171 } else 172 m_adj(m, ip->ip_len - m->m_pkthdr.len); 173 } 174 175 ip->ip_off = ntohs(ip->ip_off); 176 177 /* Check that the source is the server's IP. */ 178 if (ip->ip_src.s_addr != pcb->dp_server) { 179 DNETDEBUG("drop packet not from server (from 0x%x)\n", 180 ip->ip_src.s_addr); 181 return; 182 } 183 184 /* Check if the destination IP is ours. */ 185 if (ip->ip_dst.s_addr != pcb->dp_client) { 186 DNETDEBUGV("drop packet not to our IP\n"); 187 return; 188 } 189 190 if (ip->ip_p != IPPROTO_UDP) { 191 DNETDEBUG("drop non-UDP packet\n"); 192 return; 193 } 194 195 /* Do not deal with fragments. */ 196 if ((ip->ip_off & (IP_MF | IP_OFFMASK)) != 0) { 197 DNETDEBUG("drop fragmented packet\n"); 198 return; 199 } 200 201 if ((m->m_pkthdr.csum_flags & CSUM_PSEUDO_HDR) != 0) { 202 if ((m->m_pkthdr.csum_flags & CSUM_DATA_VALID) == 0) { 203 DNETDEBUG("bad UDP checksum\n"); 204 return; 205 } 206 } else { 207 /* XXX */ ; 208 } 209 210 /* UDP custom is to have packet length not include IP header. */ 211 ip->ip_len -= hlen; 212 213 /* Checked above before decoding IP header. */ 214 MPASS(m->m_pkthdr.len >= sizeof(struct ipovly)); 215 216 /* Put the UDP header at start of chain. */ 217 m_adj(m, sizeof(struct ipovly)); 218 debugnet_handle_udp(pcb, mb); 219 } 220 221 /* 222 * Builds and sends a single ARP request to locate the L2 address for a given 223 * INET address. 224 * 225 * Return value: 226 * 0 on success 227 * errno on error 228 */ 229 static int 230 debugnet_send_arp(struct debugnet_pcb *pcb, in_addr_t dst) 231 { 232 struct ether_addr bcast; 233 struct arphdr *ah; 234 struct ifnet *ifp; 235 struct mbuf *m; 236 int pktlen; 237 238 ifp = pcb->dp_ifp; 239 240 /* Fill-up a broadcast address. */ 241 memset(&bcast, 0xFF, ETHER_ADDR_LEN); 242 m = m_gethdr(M_NOWAIT, MT_DATA); 243 if (m == NULL) { 244 printf("%s: Out of mbufs\n", __func__); 245 return (ENOBUFS); 246 } 247 pktlen = arphdr_len2(ETHER_ADDR_LEN, sizeof(struct in_addr)); 248 m->m_len = pktlen; 249 m->m_pkthdr.len = pktlen; 250 MH_ALIGN(m, pktlen); 251 ah = mtod(m, struct arphdr *); 252 ah->ar_hrd = htons(ARPHRD_ETHER); 253 ah->ar_pro = htons(ETHERTYPE_IP); 254 ah->ar_hln = ETHER_ADDR_LEN; 255 ah->ar_pln = sizeof(struct in_addr); 256 ah->ar_op = htons(ARPOP_REQUEST); 257 memcpy(ar_sha(ah), IF_LLADDR(ifp), ETHER_ADDR_LEN); 258 ((struct in_addr *)ar_spa(ah))->s_addr = pcb->dp_client; 259 bzero(ar_tha(ah), ETHER_ADDR_LEN); 260 ((struct in_addr *)ar_tpa(ah))->s_addr = dst; 261 return (debugnet_ether_output(m, ifp, bcast, ETHERTYPE_ARP)); 262 } 263 264 /* 265 * Handler for ARP packets: checks their sanity and then 266 * 1. If the ARP is a request for our IP, respond with our MAC address 267 * 2. If the ARP is a response from our server, record its MAC address 268 * 269 * It needs to replicate partially the behaviour of arpintr() and 270 * in_arpinput(). 271 * 272 * Parameters: 273 * pcb a pointer to the live debugnet PCB 274 * mb a pointer to an mbuf * containing the packet received 275 * Updates *mb if m_pullup et al change the pointer 276 * Assumes the calling function will take care of freeing the mbuf 277 */ 278 void 279 debugnet_handle_arp(struct debugnet_pcb *pcb, struct mbuf **mb) 280 { 281 char buf[INET_ADDRSTRLEN]; 282 struct in_addr isaddr, itaddr; 283 struct ether_addr dst; 284 struct mbuf *m; 285 struct arphdr *ah; 286 struct ifnet *ifp; 287 uint8_t *enaddr; 288 int req_len, op; 289 290 m = *mb; 291 ifp = m->m_pkthdr.rcvif; 292 if (m->m_len < sizeof(struct arphdr)) { 293 m = m_pullup(m, sizeof(struct arphdr)); 294 *mb = m; 295 if (m == NULL) { 296 DNETDEBUG("runt packet: m_pullup failed\n"); 297 return; 298 } 299 } 300 301 ah = mtod(m, struct arphdr *); 302 if (ntohs(ah->ar_hrd) != ARPHRD_ETHER) { 303 DNETDEBUG("unknown hardware address 0x%2D)\n", 304 (unsigned char *)&ah->ar_hrd, ""); 305 return; 306 } 307 if (ntohs(ah->ar_pro) != ETHERTYPE_IP) { 308 DNETDEBUG("drop ARP for unknown protocol %d\n", 309 ntohs(ah->ar_pro)); 310 return; 311 } 312 req_len = arphdr_len2(ifp->if_addrlen, sizeof(struct in_addr)); 313 if (m->m_len < req_len) { 314 m = m_pullup(m, req_len); 315 *mb = m; 316 if (m == NULL) { 317 DNETDEBUG("runt packet: m_pullup failed\n"); 318 return; 319 } 320 } 321 ah = mtod(m, struct arphdr *); 322 323 op = ntohs(ah->ar_op); 324 memcpy(&isaddr, ar_spa(ah), sizeof(isaddr)); 325 memcpy(&itaddr, ar_tpa(ah), sizeof(itaddr)); 326 enaddr = (uint8_t *)IF_LLADDR(ifp); 327 328 if (memcmp(ar_sha(ah), enaddr, ifp->if_addrlen) == 0) { 329 DNETDEBUG("ignoring ARP from myself\n"); 330 return; 331 } 332 333 if (isaddr.s_addr == pcb->dp_client) { 334 printf("%s: %*D is using my IP address %s!\n", __func__, 335 ifp->if_addrlen, (u_char *)ar_sha(ah), ":", 336 inet_ntoa_r(isaddr, buf)); 337 return; 338 } 339 340 if (memcmp(ar_sha(ah), ifp->if_broadcastaddr, ifp->if_addrlen) == 0) { 341 DNETDEBUG("ignoring ARP from broadcast address\n"); 342 return; 343 } 344 345 if (op == ARPOP_REPLY) { 346 if (isaddr.s_addr != pcb->dp_gateway && 347 isaddr.s_addr != pcb->dp_server) { 348 inet_ntoa_r(isaddr, buf); 349 DNETDEBUG("ignoring ARP reply from %s (not configured" 350 " server or gateway)\n", buf); 351 return; 352 } 353 if (pcb->dp_state >= DN_STATE_HAVE_GW_MAC) { 354 inet_ntoa_r(isaddr, buf); 355 DNETDEBUG("ignoring server ARP reply from %s (already" 356 " have gateway address)\n", buf); 357 return; 358 } 359 MPASS(pcb->dp_state == DN_STATE_INIT); 360 memcpy(pcb->dp_gw_mac.octet, ar_sha(ah), 361 min(ah->ar_hln, ETHER_ADDR_LEN)); 362 363 DNETDEBUG("got server MAC address %6D\n", 364 pcb->dp_gw_mac.octet, ":"); 365 366 pcb->dp_state = DN_STATE_HAVE_GW_MAC; 367 return; 368 } 369 370 if (op != ARPOP_REQUEST) { 371 DNETDEBUG("ignoring ARP non-request/reply\n"); 372 return; 373 } 374 375 if (itaddr.s_addr != pcb->dp_client) { 376 DNETDEBUG("ignoring ARP not to our IP\n"); 377 return; 378 } 379 380 memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln); 381 memcpy(ar_sha(ah), enaddr, ah->ar_hln); 382 memcpy(ar_tpa(ah), ar_spa(ah), ah->ar_pln); 383 memcpy(ar_spa(ah), &itaddr, ah->ar_pln); 384 ah->ar_op = htons(ARPOP_REPLY); 385 ah->ar_pro = htons(ETHERTYPE_IP); 386 m->m_flags &= ~(M_BCAST|M_MCAST); 387 m->m_len = arphdr_len(ah); 388 m->m_pkthdr.len = m->m_len; 389 390 memcpy(dst.octet, ar_tha(ah), ETHER_ADDR_LEN); 391 debugnet_ether_output(m, ifp, dst, ETHERTYPE_ARP); 392 *mb = NULL; 393 } 394 395 /* 396 * Sends ARP requests to locate the server and waits for a response. 397 * We first try to ARP the server itself, and fall back to the provided 398 * gateway if the server appears to be off-link. 399 * 400 * Return value: 401 * 0 on success 402 * errno on error 403 */ 404 int 405 debugnet_arp_gw(struct debugnet_pcb *pcb) 406 { 407 in_addr_t dst; 408 int error, polls, retries; 409 410 dst = pcb->dp_server; 411 restart: 412 for (retries = 0; retries < debugnet_arp_nretries; retries++) { 413 error = debugnet_send_arp(pcb, dst); 414 if (error != 0) 415 return (error); 416 for (polls = 0; polls < debugnet_npolls && 417 pcb->dp_state < DN_STATE_HAVE_GW_MAC; polls++) { 418 debugnet_network_poll(pcb); 419 DELAY(500); 420 } 421 if (pcb->dp_state >= DN_STATE_HAVE_GW_MAC) 422 break; 423 printf("(ARP retry)"); 424 } 425 if (pcb->dp_state >= DN_STATE_HAVE_GW_MAC) 426 return (0); 427 if (dst == pcb->dp_server) { 428 printf("\nFailed to ARP server"); 429 if (pcb->dp_gateway != INADDR_ANY) { 430 printf(", trying to reach gateway...\n"); 431 dst = pcb->dp_gateway; 432 goto restart; 433 } else 434 printf(".\n"); 435 } else 436 printf("\nFailed to ARP gateway.\n"); 437 438 return (ETIMEDOUT); 439 } 440 441 /* 442 * Unreliable IPv4 transmission of an mbuf chain to the debugnet server 443 * Note: can't handle fragmentation; fails if the packet is larger than 444 * ifp->if_mtu after adding the UDP/IP headers 445 * 446 * Parameters: 447 * pcb The debugnet context block 448 * m mbuf chain 449 * 450 * Returns: 451 * int see errno.h, 0 for success 452 */ 453 int 454 debugnet_ip_output(struct debugnet_pcb *pcb, struct mbuf *m) 455 { 456 struct udphdr *udp; 457 struct ifnet *ifp; 458 struct ip *ip; 459 460 MPASS(pcb->dp_state >= DN_STATE_HAVE_GW_MAC); 461 462 ifp = pcb->dp_ifp; 463 464 M_PREPEND(m, sizeof(*ip), M_NOWAIT); 465 if (m == NULL) { 466 printf("%s: out of mbufs\n", __func__); 467 return (ENOBUFS); 468 } 469 470 if (m->m_pkthdr.len > ifp->if_mtu) { 471 printf("%s: Packet is too big: %d > MTU %u\n", __func__, 472 m->m_pkthdr.len, ifp->if_mtu); 473 m_freem(m); 474 return (ENOBUFS); 475 } 476 477 ip = mtod(m, void *); 478 udp = (void *)(ip + 1); 479 480 memset(ip, 0, offsetof(struct ip, ip_p)); 481 ip->ip_p = IPPROTO_UDP; 482 ip->ip_sum = udp->uh_ulen; 483 ip->ip_src = (struct in_addr) { pcb->dp_client }; 484 ip->ip_dst = (struct in_addr) { pcb->dp_server }; 485 486 /* Compute UDP-IPv4 checksum. */ 487 udp->uh_sum = in_cksum(m, m->m_pkthdr.len); 488 if (udp->uh_sum == 0) 489 udp->uh_sum = 0xffff; 490 491 ip->ip_v = IPVERSION; 492 ip->ip_hl = sizeof(*ip) >> 2; 493 ip->ip_tos = 0; 494 ip->ip_len = htons(m->m_pkthdr.len); 495 ip->ip_id = 0; 496 ip->ip_off = htons(IP_DF); 497 ip->ip_ttl = 255; 498 ip->ip_sum = 0; 499 ip->ip_sum = in_cksum(m, sizeof(struct ip)); 500 501 return (debugnet_ether_output(m, ifp, pcb->dp_gw_mac, ETHERTYPE_IP)); 502 } 503