1 /* 2 * Copyright (c) 1990, 1991, 1992, 1993, 1996 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution 11 * 12 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 13 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 14 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 15 */ 16 17 #if 0 18 #ifndef lint 19 static const char copyright[] = 20 "@(#) Copyright (c) 1990, 1991, 1992, 1993, 1996\n\ 21 The Regents of the University of California. All rights reserved.\n"; 22 #endif /* not lint */ 23 #endif 24 #include <sys/cdefs.h> 25 __FBSDID("$FreeBSD$"); 26 27 /* 28 * rarpd - Reverse ARP Daemon 29 * 30 * Usage: rarpd -a [-dfsv] [-t directory] [hostname] 31 * rarpd [-dfsv] [-t directory] interface [hostname] 32 * 33 * 'hostname' is optional solely for backwards compatibility with Sun's rarpd. 34 * Currently, the argument is ignored. 35 */ 36 #include <sys/param.h> 37 #include <sys/file.h> 38 #include <sys/ioctl.h> 39 #include <sys/socket.h> 40 #include <sys/time.h> 41 42 #include <net/bpf.h> 43 #include <net/ethernet.h> 44 #include <net/if.h> 45 #include <net/if_types.h> 46 #include <net/if_dl.h> 47 #include <net/route.h> 48 49 #include <netinet/in.h> 50 #include <netinet/if_ether.h> 51 52 #include <arpa/inet.h> 53 54 #include <dirent.h> 55 #include <errno.h> 56 #include <ifaddrs.h> 57 #include <netdb.h> 58 #include <stdarg.h> 59 #include <stdio.h> 60 #include <string.h> 61 #include <syslog.h> 62 #include <stdlib.h> 63 #include <unistd.h> 64 65 /* Cast a struct sockaddr to a struct sockaddr_in */ 66 #define SATOSIN(sa) ((struct sockaddr_in *)(sa)) 67 68 #ifndef TFTP_DIR 69 #define TFTP_DIR "/tftpboot" 70 #endif 71 72 #define ARPSECS (20 * 60) /* as per code in netinet/if_ether.c */ 73 #define REVARP_REQUEST ARPOP_REVREQUEST 74 #define REVARP_REPLY ARPOP_REVREPLY 75 76 /* 77 * The structure for each interface. 78 */ 79 struct if_info { 80 struct if_info *ii_next; 81 int ii_fd; /* BPF file descriptor */ 82 in_addr_t ii_ipaddr; /* IP address */ 83 in_addr_t ii_netmask; /* subnet or net mask */ 84 u_char ii_eaddr[ETHER_ADDR_LEN]; /* ethernet address */ 85 char ii_ifname[IF_NAMESIZE]; 86 }; 87 88 /* 89 * The list of all interfaces that are being listened to. rarp_loop() 90 * "selects" on the descriptors in this list. 91 */ 92 struct if_info *iflist; 93 94 int verbose; /* verbose messages */ 95 const char *tftp_dir = TFTP_DIR; /* tftp directory */ 96 97 int dflag; /* messages to stdout/stderr, not syslog(3) */ 98 int sflag; /* ignore /tftpboot */ 99 100 static u_char zero[6]; 101 102 static int bpf_open(void); 103 static in_addr_t choose_ipaddr(in_addr_t **, in_addr_t, in_addr_t); 104 static char *eatoa(u_char *); 105 static int expand_syslog_m(const char *fmt, char **newfmt); 106 static void init(char *); 107 static void init_one(struct ifaddrs *, char *, int); 108 static char *intoa(in_addr_t); 109 static in_addr_t ipaddrtonetmask(in_addr_t); 110 static void logmsg(int, const char *, ...) __printflike(2, 3); 111 static int rarp_bootable(in_addr_t); 112 static int rarp_check(u_char *, u_int); 113 static void rarp_loop(void); 114 static int rarp_open(char *); 115 static void rarp_process(struct if_info *, u_char *, u_int); 116 static void rarp_reply(struct if_info *, struct ether_header *, 117 in_addr_t, u_int); 118 static void update_arptab(u_char *, in_addr_t); 119 static void usage(void); 120 121 int 122 main(int argc, char *argv[]) 123 { 124 int op; 125 char *ifname, *name; 126 127 int aflag = 0; /* listen on "all" interfaces */ 128 int fflag = 0; /* don't fork */ 129 130 if ((name = strrchr(argv[0], '/')) != NULL) 131 ++name; 132 else 133 name = argv[0]; 134 if (*name == '-') 135 ++name; 136 137 /* 138 * All error reporting is done through syslog, unless -d is specified 139 */ 140 openlog(name, LOG_PID | LOG_CONS, LOG_DAEMON); 141 142 opterr = 0; 143 while ((op = getopt(argc, argv, "adfst:v")) != -1) 144 switch (op) { 145 case 'a': 146 ++aflag; 147 break; 148 149 case 'd': 150 ++dflag; 151 break; 152 153 case 'f': 154 ++fflag; 155 break; 156 157 case 's': 158 ++sflag; 159 break; 160 161 case 't': 162 tftp_dir = optarg; 163 break; 164 165 case 'v': 166 ++verbose; 167 break; 168 169 default: 170 usage(); 171 /* NOTREACHED */ 172 } 173 argc -= optind; 174 argv += optind; 175 176 ifname = (aflag == 0) ? argv[0] : NULL; 177 178 if ((aflag && ifname) || (!aflag && ifname == NULL)) 179 usage(); 180 181 init(ifname); 182 183 if (!fflag) { 184 if (daemon(0,0)) { 185 logmsg(LOG_ERR, "cannot fork"); 186 exit(1); 187 } 188 } 189 rarp_loop(); 190 return(0); 191 } 192 193 /* 194 * Add to the interface list. 195 */ 196 static void 197 init_one(struct ifaddrs *ifa, char *target, int pass1) 198 { 199 struct if_info *ii, *ii2; 200 struct sockaddr_dl *ll; 201 int family; 202 203 family = ifa->ifa_addr->sa_family; 204 switch (family) { 205 case AF_INET: 206 if (pass1) 207 /* Consider only AF_LINK during pass1. */ 208 return; 209 /* FALLTHROUGH */ 210 case AF_LINK: 211 if (!(ifa->ifa_flags & IFF_UP) || 212 (ifa->ifa_flags & (IFF_LOOPBACK | IFF_POINTOPOINT))) 213 return; 214 break; 215 default: 216 return; 217 } 218 219 /* Don't bother going any further if not the target interface */ 220 if (target != NULL && strcmp(ifa->ifa_name, target) != 0) 221 return; 222 223 /* Look for interface in list */ 224 for (ii = iflist; ii != NULL; ii = ii->ii_next) 225 if (strcmp(ifa->ifa_name, ii->ii_ifname) == 0) 226 break; 227 228 if (pass1 && ii != NULL) 229 /* We've already seen that interface once. */ 230 return; 231 232 /* Allocate a new one if not found */ 233 if (ii == NULL) { 234 ii = (struct if_info *)malloc(sizeof(*ii)); 235 if (ii == NULL) { 236 logmsg(LOG_ERR, "malloc: %m"); 237 exit(1); 238 } 239 bzero(ii, sizeof(*ii)); 240 ii->ii_fd = -1; 241 strlcpy(ii->ii_ifname, ifa->ifa_name, sizeof(ii->ii_ifname)); 242 ii->ii_next = iflist; 243 iflist = ii; 244 } else if (!pass1 && ii->ii_ipaddr != 0) { 245 /* 246 * Second AF_INET definition for that interface: clone 247 * the existing one, and work on that cloned one. 248 * This must be another IP address for this interface, 249 * so avoid killing the previous configuration. 250 */ 251 ii2 = (struct if_info *)malloc(sizeof(*ii2)); 252 if (ii2 == NULL) { 253 logmsg(LOG_ERR, "malloc: %m"); 254 exit(1); 255 } 256 memcpy(ii2, ii, sizeof(*ii2)); 257 ii2->ii_fd = -1; 258 ii2->ii_next = iflist; 259 iflist = ii2; 260 261 ii = ii2; 262 } 263 264 switch (family) { 265 case AF_INET: 266 ii->ii_ipaddr = SATOSIN(ifa->ifa_addr)->sin_addr.s_addr; 267 ii->ii_netmask = SATOSIN(ifa->ifa_netmask)->sin_addr.s_addr; 268 if (ii->ii_netmask == 0) 269 ii->ii_netmask = ipaddrtonetmask(ii->ii_ipaddr); 270 if (ii->ii_fd < 0) 271 ii->ii_fd = rarp_open(ii->ii_ifname); 272 break; 273 274 case AF_LINK: 275 ll = (struct sockaddr_dl *)ifa->ifa_addr; 276 if (ll->sdl_type == IFT_ETHER) 277 bcopy(LLADDR(ll), ii->ii_eaddr, 6); 278 break; 279 } 280 } 281 /* 282 * Initialize all "candidate" interfaces that are in the system 283 * configuration list. A "candidate" is up, not loopback and not 284 * point to point. 285 */ 286 static void 287 init(char *target) 288 { 289 struct if_info *ii, *nii, *lii; 290 struct ifaddrs *ifhead, *ifa; 291 int error; 292 293 error = getifaddrs(&ifhead); 294 if (error) { 295 logmsg(LOG_ERR, "getifaddrs: %m"); 296 exit(1); 297 } 298 /* 299 * We make two passes over the list we have got. In the first 300 * one, we only collect AF_LINK interfaces, and initialize our 301 * list of interfaces from them. In the second pass, we 302 * collect the actual IP addresses from the AF_INET 303 * interfaces, and allow for the same interface name to appear 304 * multiple times (in case of more than one IP address). 305 */ 306 for (ifa = ifhead; ifa != NULL; ifa = ifa->ifa_next) 307 init_one(ifa, target, 1); 308 for (ifa = ifhead; ifa != NULL; ifa = ifa->ifa_next) 309 init_one(ifa, target, 0); 310 freeifaddrs(ifhead); 311 312 /* Throw away incomplete interfaces */ 313 lii = NULL; 314 for (ii = iflist; ii != NULL; ii = nii) { 315 nii = ii->ii_next; 316 if (ii->ii_ipaddr == 0 || 317 bcmp(ii->ii_eaddr, zero, 6) == 0) { 318 if (lii == NULL) 319 iflist = nii; 320 else 321 lii->ii_next = nii; 322 if (ii->ii_fd >= 0) 323 close(ii->ii_fd); 324 free(ii); 325 continue; 326 } 327 lii = ii; 328 } 329 330 /* Verbose stuff */ 331 if (verbose) 332 for (ii = iflist; ii != NULL; ii = ii->ii_next) 333 logmsg(LOG_DEBUG, "%s %s 0x%08x %s", 334 ii->ii_ifname, intoa(ntohl(ii->ii_ipaddr)), 335 (in_addr_t)ntohl(ii->ii_netmask), eatoa(ii->ii_eaddr)); 336 } 337 338 static void 339 usage(void) 340 { 341 (void)fprintf(stderr, "%s\n%s\n", 342 "usage: rarpd -a [-dfsv] [-t directory]", 343 " rarpd [-dfsv] [-t directory] interface"); 344 exit(1); 345 } 346 347 static int 348 bpf_open(void) 349 { 350 int fd; 351 int n = 0; 352 char device[sizeof "/dev/bpf000"]; 353 354 /* 355 * Go through all the minors and find one that isn't in use. 356 */ 357 do { 358 (void)sprintf(device, "/dev/bpf%d", n++); 359 fd = open(device, O_RDWR); 360 } while ((fd == -1) && (errno == EBUSY)); 361 362 if (fd == -1) { 363 logmsg(LOG_ERR, "%s: %m", device); 364 exit(1); 365 } 366 return fd; 367 } 368 369 /* 370 * Open a BPF file and attach it to the interface named 'device'. 371 * Set immediate mode, and set a filter that accepts only RARP requests. 372 */ 373 static int 374 rarp_open(char *device) 375 { 376 int fd; 377 struct ifreq ifr; 378 u_int dlt; 379 int immediate; 380 381 static struct bpf_insn insns[] = { 382 BPF_STMT(BPF_LD|BPF_H|BPF_ABS, 12), 383 BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, ETHERTYPE_REVARP, 0, 3), 384 BPF_STMT(BPF_LD|BPF_H|BPF_ABS, 20), 385 BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, REVARP_REQUEST, 0, 1), 386 BPF_STMT(BPF_RET|BPF_K, sizeof(struct ether_arp) + 387 sizeof(struct ether_header)), 388 BPF_STMT(BPF_RET|BPF_K, 0), 389 }; 390 static struct bpf_program filter = { 391 sizeof insns / sizeof(insns[0]), 392 insns 393 }; 394 395 fd = bpf_open(); 396 /* 397 * Set immediate mode so packets are processed as they arrive. 398 */ 399 immediate = 1; 400 if (ioctl(fd, BIOCIMMEDIATE, &immediate) == -1) { 401 logmsg(LOG_ERR, "BIOCIMMEDIATE: %m"); 402 exit(1); 403 } 404 strlcpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); 405 if (ioctl(fd, BIOCSETIF, (caddr_t)&ifr) == -1) { 406 logmsg(LOG_ERR, "BIOCSETIF: %m"); 407 exit(1); 408 } 409 /* 410 * Check that the data link layer is an Ethernet; this code won't 411 * work with anything else. 412 */ 413 if (ioctl(fd, BIOCGDLT, (caddr_t)&dlt) == -1) { 414 logmsg(LOG_ERR, "BIOCGDLT: %m"); 415 exit(1); 416 } 417 if (dlt != DLT_EN10MB) { 418 logmsg(LOG_ERR, "%s is not an ethernet", device); 419 exit(1); 420 } 421 /* 422 * Set filter program. 423 */ 424 if (ioctl(fd, BIOCSETF, (caddr_t)&filter) == -1) { 425 logmsg(LOG_ERR, "BIOCSETF: %m"); 426 exit(1); 427 } 428 return fd; 429 } 430 431 /* 432 * Perform various sanity checks on the RARP request packet. Return 433 * false on failure and log the reason. 434 */ 435 static int 436 rarp_check(u_char *p, u_int len) 437 { 438 struct ether_header *ep = (struct ether_header *)p; 439 struct ether_arp *ap = (struct ether_arp *)(p + sizeof(*ep)); 440 441 if (len < sizeof(*ep) + sizeof(*ap)) { 442 logmsg(LOG_ERR, "truncated request, got %u, expected %lu", 443 len, (u_long)(sizeof(*ep) + sizeof(*ap))); 444 return 0; 445 } 446 /* 447 * XXX This test might be better off broken out... 448 */ 449 if (ntohs(ep->ether_type) != ETHERTYPE_REVARP || 450 ntohs(ap->arp_hrd) != ARPHRD_ETHER || 451 ntohs(ap->arp_op) != REVARP_REQUEST || 452 ntohs(ap->arp_pro) != ETHERTYPE_IP || 453 ap->arp_hln != 6 || ap->arp_pln != 4) { 454 logmsg(LOG_DEBUG, "request fails sanity check"); 455 return 0; 456 } 457 if (bcmp((char *)&ep->ether_shost, (char *)&ap->arp_sha, 6) != 0) { 458 logmsg(LOG_DEBUG, "ether/arp sender address mismatch"); 459 return 0; 460 } 461 if (bcmp((char *)&ap->arp_sha, (char *)&ap->arp_tha, 6) != 0) { 462 logmsg(LOG_DEBUG, "ether/arp target address mismatch"); 463 return 0; 464 } 465 return 1; 466 } 467 468 /* 469 * Loop indefinitely listening for RARP requests on the 470 * interfaces in 'iflist'. 471 */ 472 static void 473 rarp_loop(void) 474 { 475 u_char *buf, *bp, *ep; 476 int cc, fd; 477 fd_set fds, listeners; 478 int bufsize, maxfd = 0; 479 struct if_info *ii; 480 481 if (iflist == NULL) { 482 logmsg(LOG_ERR, "no interfaces"); 483 exit(1); 484 } 485 if (ioctl(iflist->ii_fd, BIOCGBLEN, (caddr_t)&bufsize) == -1) { 486 logmsg(LOG_ERR, "BIOCGBLEN: %m"); 487 exit(1); 488 } 489 buf = malloc(bufsize); 490 if (buf == NULL) { 491 logmsg(LOG_ERR, "malloc: %m"); 492 exit(1); 493 } 494 495 while (1) { 496 /* 497 * Find the highest numbered file descriptor for select(). 498 * Initialize the set of descriptors to listen to. 499 */ 500 FD_ZERO(&fds); 501 for (ii = iflist; ii != NULL; ii = ii->ii_next) { 502 FD_SET(ii->ii_fd, &fds); 503 if (ii->ii_fd > maxfd) 504 maxfd = ii->ii_fd; 505 } 506 listeners = fds; 507 if (select(maxfd + 1, &listeners, NULL, NULL, NULL) == -1) { 508 /* Don't choke when we get ptraced */ 509 if (errno == EINTR) 510 continue; 511 logmsg(LOG_ERR, "select: %m"); 512 exit(1); 513 } 514 for (ii = iflist; ii != NULL; ii = ii->ii_next) { 515 fd = ii->ii_fd; 516 if (!FD_ISSET(fd, &listeners)) 517 continue; 518 again: 519 cc = read(fd, (char *)buf, bufsize); 520 /* Don't choke when we get ptraced */ 521 if ((cc == -1) && (errno == EINTR)) 522 goto again; 523 524 /* Loop through the packet(s) */ 525 #define bhp ((struct bpf_hdr *)bp) 526 bp = buf; 527 ep = bp + cc; 528 while (bp < ep) { 529 u_int caplen, hdrlen; 530 531 caplen = bhp->bh_caplen; 532 hdrlen = bhp->bh_hdrlen; 533 if (rarp_check(bp + hdrlen, caplen)) 534 rarp_process(ii, bp + hdrlen, caplen); 535 bp += BPF_WORDALIGN(hdrlen + caplen); 536 } 537 } 538 } 539 #undef bhp 540 } 541 542 /* 543 * True if this server can boot the host whose IP address is 'addr'. 544 * This check is made by looking in the tftp directory for the 545 * configuration file. 546 */ 547 static int 548 rarp_bootable(in_addr_t addr) 549 { 550 struct dirent *dent; 551 DIR *d; 552 char ipname[9]; 553 static DIR *dd = NULL; 554 555 (void)sprintf(ipname, "%08X", (in_addr_t)ntohl(addr)); 556 557 /* 558 * If directory is already open, rewind it. Otherwise, open it. 559 */ 560 if ((d = dd) != NULL) 561 rewinddir(d); 562 else { 563 if (chdir(tftp_dir) == -1) { 564 logmsg(LOG_ERR, "chdir: %s: %m", tftp_dir); 565 exit(1); 566 } 567 d = opendir("."); 568 if (d == NULL) { 569 logmsg(LOG_ERR, "opendir: %m"); 570 exit(1); 571 } 572 dd = d; 573 } 574 while ((dent = readdir(d)) != NULL) 575 if (strncmp(dent->d_name, ipname, 8) == 0) 576 return 1; 577 return 0; 578 } 579 580 /* 581 * Given a list of IP addresses, 'alist', return the first address that 582 * is on network 'net'; 'netmask' is a mask indicating the network portion 583 * of the address. 584 */ 585 static in_addr_t 586 choose_ipaddr(in_addr_t **alist, in_addr_t net, in_addr_t netmask) 587 { 588 for (; *alist; ++alist) 589 if ((**alist & netmask) == net) 590 return **alist; 591 return 0; 592 } 593 594 /* 595 * Answer the RARP request in 'pkt', on the interface 'ii'. 'pkt' has 596 * already been checked for validity. The reply is overlaid on the request. 597 */ 598 static void 599 rarp_process(struct if_info *ii, u_char *pkt, u_int len) 600 { 601 struct ether_header *ep; 602 struct hostent *hp; 603 in_addr_t target_ipaddr; 604 char ename[256]; 605 606 ep = (struct ether_header *)pkt; 607 /* should this be arp_tha? */ 608 if (ether_ntohost(ename, (struct ether_addr *)&ep->ether_shost) != 0) { 609 logmsg(LOG_ERR, "cannot map %s to name", 610 eatoa(ep->ether_shost)); 611 return; 612 } 613 614 if ((hp = gethostbyname(ename)) == NULL) { 615 logmsg(LOG_ERR, "cannot map %s to IP address", ename); 616 return; 617 } 618 619 /* 620 * Choose correct address from list. 621 */ 622 if (hp->h_addrtype != AF_INET) { 623 logmsg(LOG_ERR, "cannot handle non IP addresses for %s", 624 ename); 625 return; 626 } 627 target_ipaddr = choose_ipaddr((in_addr_t **)hp->h_addr_list, 628 ii->ii_ipaddr & ii->ii_netmask, 629 ii->ii_netmask); 630 if (target_ipaddr == 0) { 631 logmsg(LOG_ERR, "cannot find %s on net %s", 632 ename, intoa(ntohl(ii->ii_ipaddr & ii->ii_netmask))); 633 return; 634 } 635 if (sflag || rarp_bootable(target_ipaddr)) 636 rarp_reply(ii, ep, target_ipaddr, len); 637 else if (verbose > 1) 638 logmsg(LOG_INFO, "%s %s at %s DENIED (not bootable)", 639 ii->ii_ifname, 640 eatoa(ep->ether_shost), 641 intoa(ntohl(target_ipaddr))); 642 } 643 644 /* 645 * Poke the kernel arp tables with the ethernet/ip address combinataion 646 * given. When processing a reply, we must do this so that the booting 647 * host (i.e. the guy running rarpd), won't try to ARP for the hardware 648 * address of the guy being booted (he cannot answer the ARP). 649 */ 650 struct sockaddr_inarp sin_inarp = { 651 sizeof(struct sockaddr_inarp), AF_INET, 0, 652 {0}, 653 {0}, 654 0, 0 655 }; 656 struct sockaddr_dl sin_dl = { 657 sizeof(struct sockaddr_dl), AF_LINK, 0, IFT_ETHER, 0, 6, 658 0, "" 659 }; 660 struct { 661 struct rt_msghdr rthdr; 662 char rtspace[512]; 663 } rtmsg; 664 665 static void 666 update_arptab(u_char *ep, in_addr_t ipaddr) 667 { 668 struct timespec tp; 669 int cc; 670 struct sockaddr_inarp *ar, *ar2; 671 struct sockaddr_dl *ll, *ll2; 672 struct rt_msghdr *rt; 673 int xtype, xindex; 674 static pid_t pid; 675 int r; 676 static int seq; 677 678 r = socket(PF_ROUTE, SOCK_RAW, 0); 679 if (r == -1) { 680 logmsg(LOG_ERR, "raw route socket: %m"); 681 exit(1); 682 } 683 pid = getpid(); 684 685 ar = &sin_inarp; 686 ar->sin_addr.s_addr = ipaddr; 687 ll = &sin_dl; 688 bcopy(ep, LLADDR(ll), 6); 689 690 /* Get the type and interface index */ 691 rt = &rtmsg.rthdr; 692 bzero(rt, sizeof(rtmsg)); 693 rt->rtm_version = RTM_VERSION; 694 rt->rtm_addrs = RTA_DST; 695 rt->rtm_type = RTM_GET; 696 rt->rtm_seq = ++seq; 697 ar2 = (struct sockaddr_inarp *)rtmsg.rtspace; 698 bcopy(ar, ar2, sizeof(*ar)); 699 rt->rtm_msglen = sizeof(*rt) + sizeof(*ar); 700 errno = 0; 701 if ((write(r, rt, rt->rtm_msglen) == -1) && (errno != ESRCH)) { 702 logmsg(LOG_ERR, "rtmsg get write: %m"); 703 close(r); 704 return; 705 } 706 do { 707 cc = read(r, rt, sizeof(rtmsg)); 708 } while (cc > 0 && (rt->rtm_seq != seq || rt->rtm_pid != pid)); 709 if (cc == -1) { 710 logmsg(LOG_ERR, "rtmsg get read: %m"); 711 close(r); 712 return; 713 } 714 ll2 = (struct sockaddr_dl *)((u_char *)ar2 + ar2->sin_len); 715 if (ll2->sdl_family != AF_LINK) { 716 /* 717 * XXX I think this means the ip address is not on a 718 * directly connected network (the family is AF_INET in 719 * this case). 720 */ 721 logmsg(LOG_ERR, "bogus link family (%d) wrong net for %08X?\n", 722 ll2->sdl_family, ipaddr); 723 close(r); 724 return; 725 } 726 xtype = ll2->sdl_type; 727 xindex = ll2->sdl_index; 728 729 /* Set the new arp entry */ 730 bzero(rt, sizeof(rtmsg)); 731 rt->rtm_version = RTM_VERSION; 732 rt->rtm_addrs = RTA_DST | RTA_GATEWAY; 733 rt->rtm_inits = RTV_EXPIRE; 734 clock_gettime(CLOCK_MONOTONIC, &tp); 735 rt->rtm_rmx.rmx_expire = tp.tv_sec + ARPSECS; 736 rt->rtm_flags = RTF_HOST | RTF_STATIC; 737 rt->rtm_type = RTM_ADD; 738 rt->rtm_seq = ++seq; 739 740 bcopy(ar, ar2, sizeof(*ar)); 741 742 ll2 = (struct sockaddr_dl *)((u_char *)ar2 + sizeof(*ar2)); 743 bcopy(ll, ll2, sizeof(*ll)); 744 ll2->sdl_type = xtype; 745 ll2->sdl_index = xindex; 746 747 rt->rtm_msglen = sizeof(*rt) + sizeof(*ar2) + sizeof(*ll2); 748 errno = 0; 749 if ((write(r, rt, rt->rtm_msglen) == -1) && (errno != EEXIST)) { 750 logmsg(LOG_ERR, "rtmsg add write: %m"); 751 close(r); 752 return; 753 } 754 do { 755 cc = read(r, rt, sizeof(rtmsg)); 756 } while (cc > 0 && (rt->rtm_seq != seq || rt->rtm_pid != pid)); 757 close(r); 758 if (cc == -1) { 759 logmsg(LOG_ERR, "rtmsg add read: %m"); 760 return; 761 } 762 } 763 764 /* 765 * Build a reverse ARP packet and sent it out on the interface. 766 * 'ep' points to a valid REVARP_REQUEST. The REVARP_REPLY is built 767 * on top of the request, then written to the network. 768 * 769 * RFC 903 defines the ether_arp fields as follows. The following comments 770 * are taken (more or less) straight from this document. 771 * 772 * REVARP_REQUEST 773 * 774 * arp_sha is the hardware address of the sender of the packet. 775 * arp_spa is undefined. 776 * arp_tha is the 'target' hardware address. 777 * In the case where the sender wishes to determine his own 778 * protocol address, this, like arp_sha, will be the hardware 779 * address of the sender. 780 * arp_tpa is undefined. 781 * 782 * REVARP_REPLY 783 * 784 * arp_sha is the hardware address of the responder (the sender of the 785 * reply packet). 786 * arp_spa is the protocol address of the responder (see the note below). 787 * arp_tha is the hardware address of the target, and should be the same as 788 * that which was given in the request. 789 * arp_tpa is the protocol address of the target, that is, the desired address. 790 * 791 * Note that the requirement that arp_spa be filled in with the responder's 792 * protocol is purely for convenience. For instance, if a system were to use 793 * both ARP and RARP, then the inclusion of the valid protocol-hardware 794 * address pair (arp_spa, arp_sha) may eliminate the need for a subsequent 795 * ARP request. 796 */ 797 static void 798 rarp_reply(struct if_info *ii, struct ether_header *ep, in_addr_t ipaddr, 799 u_int len) 800 { 801 u_int n; 802 struct ether_arp *ap = (struct ether_arp *)(ep + 1); 803 804 update_arptab((u_char *)&ap->arp_sha, ipaddr); 805 806 /* 807 * Build the rarp reply by modifying the rarp request in place. 808 */ 809 ap->arp_op = htons(REVARP_REPLY); 810 811 #ifdef BROKEN_BPF 812 ep->ether_type = ETHERTYPE_REVARP; 813 #endif 814 bcopy((char *)&ap->arp_sha, (char *)&ep->ether_dhost, 6); 815 bcopy((char *)ii->ii_eaddr, (char *)&ep->ether_shost, 6); 816 bcopy((char *)ii->ii_eaddr, (char *)&ap->arp_sha, 6); 817 818 bcopy((char *)&ipaddr, (char *)ap->arp_tpa, 4); 819 /* Target hardware is unchanged. */ 820 bcopy((char *)&ii->ii_ipaddr, (char *)ap->arp_spa, 4); 821 822 /* Zero possible garbage after packet. */ 823 bzero((char *)ep + (sizeof(*ep) + sizeof(*ap)), 824 len - (sizeof(*ep) + sizeof(*ap))); 825 n = write(ii->ii_fd, (char *)ep, len); 826 if (n != len) 827 logmsg(LOG_ERR, "write: only %d of %d bytes written", n, len); 828 if (verbose) 829 logmsg(LOG_INFO, "%s %s at %s REPLIED", ii->ii_ifname, 830 eatoa(ap->arp_tha), 831 intoa(ntohl(ipaddr))); 832 } 833 834 /* 835 * Get the netmask of an IP address. This routine is used if 836 * SIOCGIFNETMASK doesn't work. 837 */ 838 static in_addr_t 839 ipaddrtonetmask(in_addr_t addr) 840 { 841 addr = ntohl(addr); 842 if (IN_CLASSA(addr)) 843 return htonl(IN_CLASSA_NET); 844 if (IN_CLASSB(addr)) 845 return htonl(IN_CLASSB_NET); 846 if (IN_CLASSC(addr)) 847 return htonl(IN_CLASSC_NET); 848 logmsg(LOG_DEBUG, "unknown IP address class: %08X", addr); 849 return htonl(0xffffffff); 850 } 851 852 /* 853 * A faster replacement for inet_ntoa(). 854 */ 855 static char * 856 intoa(in_addr_t addr) 857 { 858 char *cp; 859 u_int byte; 860 int n; 861 static char buf[sizeof(".xxx.xxx.xxx.xxx")]; 862 863 cp = &buf[sizeof buf]; 864 *--cp = '\0'; 865 866 n = 4; 867 do { 868 byte = addr & 0xff; 869 *--cp = byte % 10 + '0'; 870 byte /= 10; 871 if (byte > 0) { 872 *--cp = byte % 10 + '0'; 873 byte /= 10; 874 if (byte > 0) 875 *--cp = byte + '0'; 876 } 877 *--cp = '.'; 878 addr >>= 8; 879 } while (--n > 0); 880 881 return cp + 1; 882 } 883 884 static char * 885 eatoa(u_char *ea) 886 { 887 static char buf[sizeof("xx:xx:xx:xx:xx:xx")]; 888 889 (void)sprintf(buf, "%x:%x:%x:%x:%x:%x", 890 ea[0], ea[1], ea[2], ea[3], ea[4], ea[5]); 891 return (buf); 892 } 893 894 static void 895 logmsg(int pri, const char *fmt, ...) 896 { 897 va_list v; 898 FILE *fp; 899 char *newfmt; 900 901 va_start(v, fmt); 902 if (dflag) { 903 if (pri == LOG_ERR) 904 fp = stderr; 905 else 906 fp = stdout; 907 if (expand_syslog_m(fmt, &newfmt) == -1) { 908 vfprintf(fp, fmt, v); 909 } else { 910 vfprintf(fp, newfmt, v); 911 free(newfmt); 912 } 913 fputs("\n", fp); 914 fflush(fp); 915 } else { 916 vsyslog(pri, fmt, v); 917 } 918 va_end(v); 919 } 920 921 static int 922 expand_syslog_m(const char *fmt, char **newfmt) { 923 const char *str, *m; 924 char *p, *np; 925 926 p = strdup(""); 927 str = fmt; 928 while ((m = strstr(str, "%m")) != NULL) { 929 asprintf(&np, "%s%.*s%s", p, (int)(m - str), 930 str, strerror(errno)); 931 free(p); 932 if (np == NULL) { 933 errno = ENOMEM; 934 return (-1); 935 } 936 p = np; 937 str = m + 2; 938 } 939 940 if (*str != '\0') { 941 asprintf(&np, "%s%s", p, str); 942 free(p); 943 if (np == NULL) { 944 errno = ENOMEM; 945 return (-1); 946 } 947 p = np; 948 } 949 950 *newfmt = p; 951 return (0); 952 } 953