Added DHCP request construction, ACK processing
[strongswan.git] / src / libcharon / plugins / dhcp / dhcp_socket.c
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "dhcp_socket.h"
17
18 #include <unistd.h>
19 #include <errno.h>
20 #include <string.h>
21 #include <netinet/in.h>
22 #include <netinet/ip.h>
23 #include <netinet/udp.h>
24 #include <linux/if_arp.h>
25 #include <linux/if_ether.h>
26 #include <linux/filter.h>
27
28 #include <utils/linked_list.h>
29 #include <utils/identification.h>
30 #include <threading/mutex.h>
31 #include <threading/condvar.h>
32 #include <threading/thread.h>
33
34 #include <daemon.h>
35 #include <processing/jobs/callback_job.h>
36
37 #define DHCP_SERVER_PORT 67
38 #define DHCP_CLIENT_PORT 68
39 #define DHCP_TRIES 5
40
41 typedef struct private_dhcp_socket_t private_dhcp_socket_t;
42
43 /**
44 * Private data of an dhcp_socket_t object.
45 */
46 struct private_dhcp_socket_t {
47
48 /**
49 * Public dhcp_socket_t interface.
50 */
51 dhcp_socket_t public;
52
53 /**
54 * Random number generator
55 */
56 rng_t *rng;
57
58 /**
59 * List of transactions in DISCOVER
60 */
61 linked_list_t *discover;
62
63 /**
64 * List of transactions in REQUEST
65 */
66 linked_list_t *request;
67
68 /**
69 * List of successfully completed transactions
70 */
71 linked_list_t *completed;
72
73 /**
74 * Lock for transactions
75 */
76 mutex_t *mutex;
77
78 /**
79 * Condvar to wait for transaction completion
80 */
81 condvar_t *condvar;
82
83 /**
84 * Threads waiting in condvar
85 */
86 int waiting;
87
88 /**
89 * DHCP send socket
90 */
91 int send;
92
93 /**
94 * DHCP receive socket
95 */
96 int receive;
97
98 /**
99 * DHCP server address, or broadcast
100 */
101 host_t *dst;
102
103 /**
104 * Callback job receiving DHCP responses
105 */
106 callback_job_t *job;
107 };
108
109 /**
110 * DHCP opcode (or BOOTP actually)
111 */
112 typedef enum {
113 BOOTREQUEST = 1,
114 BOOTREPLY = 2,
115 } dhcp_opcode_t;
116
117 /**
118 * Some DHCP options used
119 */
120 typedef enum {
121 DHCP_HOST_NAME = 12,
122 DHCP_REQUESTED_IP = 50,
123 DHCP_MESSAGE_TYPE = 53,
124 DHCP_SERVER_ID = 54,
125 DHCP_PARAM_REQ_LIST = 55,
126 DHCP_OPTEND = 255,
127 } dhcp_option_type_t;
128
129 /**
130 * DHCP messages types in the DHCP_MESSAGE_TYPE option
131 */
132 typedef enum {
133 DHCP_DISCOVER = 1,
134 DHCP_OFFER = 2,
135 DHCP_REQUEST = 3,
136 DHCP_DECLINE = 4,
137 DHCP_ACK = 5,
138 DHCP_NAK = 6,
139 DHCP_RELEASE = 7,
140 DHCP_INFORM = 8,
141 } dhcp_message_type_t;
142
143 /**
144 * DHCP parameters in the DHCP_PARAM_REQ_LIST option
145 */
146 typedef enum {
147 DHCP_ROUTER = 3,
148 DHCP_DNS_SERVER = 6,
149 } dhcp_parameter_t;
150
151 /**
152 * DHCP option encoding, a TLV
153 */
154 typedef struct __attribute__((packed)) {
155 u_int8_t type;
156 u_int8_t len;
157 char data[];
158 } dhcp_option_t;
159
160 /**
161 * DHCP message format, with a maximum size options buffer
162 */
163 typedef struct __attribute__((packed)) {
164 u_int8_t opcode;
165 u_int8_t hw_type;
166 u_int8_t hw_addr_len;
167 u_int8_t hop_count;
168 u_int32_t transaction_id;
169 u_int16_t number_of_seconds;
170 u_int16_t flags;
171 u_int32_t client_address;
172 u_int32_t your_address;
173 u_int32_t server_address;
174 u_int32_t gateway_address;
175 char client_hw_addr[6];
176 char client_hw_padding[10];
177 char server_hostname[64];
178 char boot_filename[128];
179 u_int32_t magic_cookie;
180 char options[252];
181 } dhcp_t;
182
183 /**
184 * Prepare a DHCP message for a given transaction
185 */
186 static int prepare_dhcp(private_dhcp_socket_t *this,
187 dhcp_transaction_t *transaction,
188 dhcp_message_type_t type, dhcp_t *dhcp)
189 {
190 chunk_t chunk, broadcast = chunk_from_chars(0xFF,0xFF,0xFF,0xFF);
191 identification_t *identity;
192 dhcp_option_t *option;
193 int optlen = 0;
194 host_t *src;
195 u_int hash;
196
197 memset(dhcp, 0, sizeof(*dhcp));
198 dhcp->opcode = BOOTREQUEST;
199 dhcp->hw_type = ARPHRD_ETHER;
200 dhcp->hw_addr_len = 6;
201 dhcp->transaction_id = transaction->get_id(transaction);
202 if (chunk_equals(broadcast, this->dst->get_address(this->dst)))
203 {
204 /* TODO: send with 0.0.0.0 source address */
205 }
206 else
207 {
208 /* act as relay agent */
209 src = charon->kernel_interface->get_source_addr(
210 charon->kernel_interface, this->dst, NULL);
211 if (src)
212 {
213 memcpy(&dhcp->gateway_address, src->get_address(src).ptr,
214 sizeof(dhcp->gateway_address));
215 src->destroy(src);
216 }
217 }
218
219 identity = transaction->get_identity(transaction);
220 chunk = identity->get_encoding(identity);
221 /* magic bytes, a locally administered unicast MAC */
222 dhcp->client_hw_addr[0] = 0x7A;
223 dhcp->client_hw_addr[1] = 0xA7;
224 /* with ID specific postfix */
225 hash = htonl(chunk_hash(chunk));
226 memcpy(&dhcp->client_hw_addr[2], &hash, 4);
227
228 dhcp->magic_cookie = htonl(0x63825363);
229
230 option = (dhcp_option_t*)&dhcp->options[optlen];
231 option->type = DHCP_MESSAGE_TYPE;
232 option->len = 1;
233 option->data[0] = type;
234 optlen += sizeof(dhcp_option_t) + option->len;
235
236 option = (dhcp_option_t*)&dhcp->options[optlen];
237 option->type = DHCP_HOST_NAME;
238 option->len = min(chunk.len, 64);
239 memcpy(option->data, chunk.ptr, option->len);
240 optlen += sizeof(dhcp_option_t) + option->len;
241
242 option = (dhcp_option_t*)&dhcp->options[optlen];
243 option->type = DHCP_PARAM_REQ_LIST;
244 option->len = 2;
245 option->data[0] = DHCP_ROUTER;
246 option->data[1] = DHCP_DNS_SERVER;
247 optlen += sizeof(dhcp_option_t) + option->len;
248
249 return optlen;
250 }
251
252 /**
253 * Send a DHCP message with given options length
254 */
255 static bool send_dhcp(private_dhcp_socket_t *this,
256 dhcp_transaction_t *transaction, dhcp_t *dhcp, int optlen)
257 {
258 host_t *dst;
259 ssize_t len;
260
261 dst = transaction->get_server(transaction);
262 if (!dst)
263 {
264 dst = this->dst;
265 }
266 len = offsetof(dhcp_t, magic_cookie) + ((optlen + 4) / 64 * 64 + 64);
267 return sendto(this->send, dhcp, len, 0, dst->get_sockaddr(dst),
268 *dst->get_sockaddr_len(dst)) == len;
269 }
270
271 /**
272 * Send DHCP discover using a given transaction
273 */
274 static bool discover(private_dhcp_socket_t *this,
275 dhcp_transaction_t *transaction)
276 {
277 dhcp_t dhcp;
278 int optlen;
279
280 optlen = prepare_dhcp(this, transaction, DHCP_DISCOVER, &dhcp);
281
282 DBG1(DBG_CFG, "sending DHCP DISCOVER to %H", this->dst);
283
284 dhcp.options[optlen++] = DHCP_OPTEND;
285
286 if (!send_dhcp(this, transaction, &dhcp, optlen))
287 {
288 DBG1(DBG_CFG, "sending DHCP DISCOVER failed: %s", strerror(errno));
289 return FALSE;
290 }
291 return TRUE;
292 }
293
294 /**
295 * Send DHCP request using a given transaction
296 */
297 static bool request(private_dhcp_socket_t *this,
298 dhcp_transaction_t *transaction)
299 {
300 dhcp_option_t *option;
301 dhcp_t dhcp;
302 host_t *offer, *server;
303 chunk_t chunk;
304 int optlen;
305
306 optlen = prepare_dhcp(this, transaction, DHCP_REQUEST, &dhcp);
307
308 offer = transaction->get_address(transaction);
309 server = transaction->get_server(transaction);
310 if (!offer || !server)
311 {
312 return FALSE;
313 }
314 DBG1(DBG_CFG, "sending DHCP REQUEST for %H to %H", offer, server);
315
316 option = (dhcp_option_t*)&dhcp.options[optlen];
317 option->type = DHCP_REQUESTED_IP;
318 option->len = 4;
319 chunk = offer->get_address(offer);
320 memcpy(option->data, chunk.ptr, min(chunk.len, option->len));
321 optlen += sizeof(dhcp_option_t) + option->len;
322
323 option = (dhcp_option_t*)&dhcp.options[optlen];
324 option->type = DHCP_SERVER_ID;
325 option->len = 4;
326 chunk = server->get_address(server);
327 memcpy(option->data, chunk.ptr, min(chunk.len, option->len));
328 optlen += sizeof(dhcp_option_t) + option->len;
329
330 dhcp.options[optlen++] = DHCP_OPTEND;
331
332 if (!send_dhcp(this, transaction, &dhcp, optlen))
333 {
334 DBG1(DBG_CFG, "sending DHCP REQUEST failed: %s", strerror(errno));
335 return FALSE;
336 }
337 return TRUE;
338 }
339
340 METHOD(dhcp_socket_t, enroll, dhcp_transaction_t*,
341 private_dhcp_socket_t *this, identification_t *identity)
342 {
343 dhcp_transaction_t *transaction;
344 u_int32_t id;
345 int try;
346
347 this->rng->get_bytes(this->rng, sizeof(id), (u_int8_t*)&id);
348 transaction = dhcp_transaction_create(id, identity);
349
350 this->mutex->lock(this->mutex);
351 this->discover->insert_last(this->discover, transaction);
352 try = 1;
353 while (try <= DHCP_TRIES && discover(this, transaction))
354 {
355 if (!this->condvar->timed_wait(this->condvar, this->mutex, 1000 * try) &&
356 this->request->find_first(this->request, NULL,
357 (void**)&transaction) == SUCCESS)
358 {
359 break;
360 }
361 try++;
362 }
363 if (this->discover->remove(this->discover, transaction, NULL))
364 { /* no OFFER received */
365 this->mutex->unlock(this->mutex);
366 transaction->destroy(transaction);
367 DBG1(DBG_CFG, "DHCP disover timed out");
368 return NULL;
369 }
370
371 try = 1;
372 while (try <= DHCP_TRIES && request(this, transaction))
373 {
374 if (!this->condvar->timed_wait(this->condvar, this->mutex, 1000 * try) &&
375 this->completed->remove(this->completed, transaction, NULL))
376 {
377 break;
378 }
379 try++;
380 }
381 if (this->request->remove(this->request, transaction, NULL))
382 { /* no ACK received */
383 this->mutex->unlock(this->mutex);
384 transaction->destroy(transaction);
385 DBG1(DBG_CFG, "DHCP request timed out");
386 return NULL;
387 }
388 this->mutex->unlock(this->mutex);
389
390 return transaction;
391 }
392
393 /**
394 * Handle a DHCP OFFER
395 */
396 static void handle_offer(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen)
397 {
398 dhcp_transaction_t *transaction;
399 enumerator_t *enumerator;
400 host_t *offer, *server;
401
402 offer = host_create_from_chunk(AF_INET,
403 chunk_from_thing(dhcp->your_address), 0);
404 server = host_create_from_chunk(AF_INET,
405 chunk_from_thing(dhcp->server_address), DHCP_SERVER_PORT);
406 DBG1(DBG_CFG, "received DHCP OFFER %H from %H", offer, server);
407
408 this->mutex->lock(this->mutex);
409 enumerator = this->discover->create_enumerator(this->discover);
410 while (enumerator->enumerate(enumerator, &transaction))
411 {
412 if (transaction->get_id(transaction) == dhcp->transaction_id)
413 {
414 this->discover->remove_at(this->discover, enumerator);
415 this->request->insert_last(this->request, transaction);
416 transaction->set_address(transaction, offer->clone(offer));
417 transaction->set_server(transaction, server->clone(server));
418 break;
419 }
420 }
421 enumerator->destroy(enumerator);
422 this->mutex->unlock(this->mutex);
423 this->condvar->broadcast(this->condvar);
424 offer->destroy(offer);
425 server->destroy(server);
426 }
427
428 /**
429 * Handle a DHCP ACK
430 */
431 static void handle_ack(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen)
432 {
433 dhcp_transaction_t *transaction;
434 enumerator_t *enumerator;
435 host_t *offer;
436
437 offer = host_create_from_chunk(AF_INET,
438 chunk_from_thing(dhcp->your_address), 0);
439 DBG1(DBG_CFG, "received DHCP ACK for %H", offer);
440
441 this->mutex->lock(this->mutex);
442 enumerator = this->request->create_enumerator(this->request);
443 while (enumerator->enumerate(enumerator, &transaction))
444 {
445 if (transaction->get_id(transaction) == dhcp->transaction_id)
446 {
447 this->request->remove_at(this->request, enumerator);
448 this->completed->insert_last(this->completed, transaction);
449 break;
450 }
451 }
452 enumerator->destroy(enumerator);
453 this->mutex->unlock(this->mutex);
454 this->condvar->broadcast(this->condvar);
455 offer->destroy(offer);
456 }
457
458 /**
459 * Receive DHCP responses
460 */
461 static job_requeue_t receive_dhcp(private_dhcp_socket_t *this)
462 {
463 struct sockaddr_ll addr;
464 socklen_t addr_len = sizeof(addr);
465 struct __attribute__((packed)) {
466 struct iphdr ip;
467 struct udphdr udp;
468 dhcp_t dhcp;
469 } packet;
470 int oldstate, optlen, origoptlen, optsize, optpos = 0;
471 ssize_t len;
472 dhcp_option_t *option;
473
474 oldstate = thread_cancelability(TRUE);
475 len = recvfrom(this->receive, &packet, sizeof(packet), 0,
476 (struct sockaddr*)&addr, &addr_len);
477 thread_cancelability(oldstate);
478
479 if (len >= sizeof(struct iphdr) + sizeof(struct udphdr) +
480 offsetof(dhcp_t, options))
481 {
482 origoptlen = optlen = len - sizeof(struct iphdr) +
483 sizeof(struct udphdr) + offsetof(dhcp_t, options);
484 while (optlen > sizeof(dhcp_option_t))
485 {
486 option = (dhcp_option_t*)&packet.dhcp.options[optpos];
487 optsize = sizeof(dhcp_option_t) + option->len;
488 if (option->type == DHCP_OPTEND || optlen < optsize)
489 {
490 break;
491 }
492 if (option->type == DHCP_MESSAGE_TYPE && option->len == 1)
493 {
494 switch (option->data[0])
495 {
496 case DHCP_OFFER:
497 handle_offer(this, &packet.dhcp, origoptlen);
498 break;
499 case DHCP_ACK:
500 handle_ack(this, &packet.dhcp, origoptlen);
501 default:
502 break;
503 }
504 break;
505 }
506 optlen -= optsize;
507 optpos += optsize;
508 }
509 }
510 return JOB_REQUEUE_DIRECT;
511 }
512
513 METHOD(dhcp_socket_t, destroy, void,
514 private_dhcp_socket_t *this)
515 {
516 if (this->job)
517 {
518 this->job->cancel(this->job);
519 }
520 while (this->waiting)
521 {
522 this->condvar->signal(this->condvar);
523 }
524 if (this->send > 0)
525 {
526 close(this->send);
527 }
528 if (this->receive > 0)
529 {
530 close(this->receive);
531 }
532 this->mutex->destroy(this->mutex);
533 this->condvar->destroy(this->condvar);
534 this->discover->destroy_offset(this->discover,
535 offsetof(dhcp_transaction_t, destroy));
536 this->request->destroy_offset(this->request,
537 offsetof(dhcp_transaction_t, destroy));
538 this->completed->destroy_offset(this->completed,
539 offsetof(dhcp_transaction_t, destroy));
540 DESTROY_IF(this->rng);
541 DESTROY_IF(this->dst);
542 free(this);
543 }
544
545 /**
546 * See header
547 */
548 dhcp_socket_t *dhcp_socket_create()
549 {
550 private_dhcp_socket_t *this;
551 struct sockaddr_in src;
552 int on = 1;
553 struct sock_filter dhcp_filter_code[] = {
554 BPF_STMT(BPF_LD+BPF_B+BPF_ABS,
555 offsetof(struct iphdr, protocol)),
556 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, IPPROTO_UDP, 0, 14),
557 BPF_STMT(BPF_LD+BPF_H+BPF_ABS, sizeof(struct iphdr) +
558 offsetof(struct udphdr, source)),
559 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_SERVER_PORT, 0, 12),
560 BPF_STMT(BPF_LD+BPF_H+BPF_ABS, sizeof(struct iphdr) +
561 offsetof(struct udphdr, dest)),
562 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_CLIENT_PORT, 0, 10),
563 BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) +
564 sizeof(struct udphdr) + offsetof(dhcp_t, opcode)),
565 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, BOOTREPLY, 0, 8),
566 BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) +
567 sizeof(struct udphdr) + offsetof(dhcp_t, hw_type)),
568 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARPHRD_ETHER, 0, 6),
569 BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) +
570 sizeof(struct udphdr) + offsetof(dhcp_t, hw_addr_len)),
571 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 6, 0, 4),
572 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, sizeof(struct iphdr) +
573 sizeof(struct udphdr) + offsetof(dhcp_t, magic_cookie)),
574 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0x63825363, 0, 2),
575 BPF_STMT(BPF_LD+BPF_W+BPF_LEN, 0),
576 BPF_STMT(BPF_RET+BPF_A, 0),
577 BPF_STMT(BPF_RET+BPF_K, 0),
578 };
579 struct sock_fprog dhcp_filter = {
580 sizeof(dhcp_filter_code) / sizeof(struct sock_filter),
581 dhcp_filter_code,
582 };
583
584 INIT(this,
585 .public = {
586 .enroll = _enroll,
587 .destroy = _destroy,
588 },
589 .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
590 .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
591 .condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
592 .discover = linked_list_create(),
593 .request = linked_list_create(),
594 .completed = linked_list_create(),
595 );
596
597 if (!this->rng)
598 {
599 DBG1(DBG_CFG, "unable to create RNG");
600 destroy(this);
601 return NULL;
602 }
603 this->dst = host_create_from_string(lib->settings->get_str(lib->settings,
604 "charon.plugins.dhcp.server", "255.255.255.255"),
605 DHCP_SERVER_PORT);
606 if (!this->dst)
607 {
608 DBG1(DBG_CFG, "configured DHCP server address invalid");
609 destroy(this);
610 return NULL;
611 }
612
613 this->send = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
614 if (this->send == -1)
615 {
616 DBG1(DBG_CFG, "unable to create DHCP send socket: %s", strerror(errno));
617 destroy(this);
618 return NULL;
619 }
620 if (setsockopt(this->send, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1)
621 {
622 DBG1(DBG_CFG, "unable to reuse DHCP socket address: %s", strerror(errno));
623 destroy(this);
624 return NULL;
625 }
626 if (setsockopt(this->send, SOL_SOCKET, SO_BROADCAST, &on, sizeof(on)) == -1)
627 {
628 DBG1(DBG_CFG, "unable to broadcast on DHCP socket: %s", strerror(errno));
629 destroy(this);
630 return NULL;
631 }
632 src.sin_family = AF_INET;
633 src.sin_port = htons(DHCP_CLIENT_PORT);
634 src.sin_addr.s_addr = INADDR_ANY;
635 if (bind(this->send, (struct sockaddr*)&src, sizeof(src)) == -1)
636 {
637 DBG1(DBG_CFG, "unable to bind DHCP send socket: %s", strerror(errno));
638 destroy(this);
639 return NULL;
640 }
641
642 this->receive = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_IP));
643 if (this->receive == -1)
644 {
645 DBG1(DBG_NET, "opening DHCP receive socket failed: %s", strerror(errno));
646 destroy(this);
647 return NULL;
648 }
649 if (setsockopt(this->receive, SOL_SOCKET, SO_ATTACH_FILTER,
650 &dhcp_filter, sizeof(dhcp_filter)) < 0)
651 {
652 DBG1(DBG_CFG, "installing DHCP socket filter failed: %s",
653 strerror(errno));
654 destroy(this);
655 return NULL;
656 }
657
658 this->job = callback_job_create((callback_job_cb_t)receive_dhcp,
659 this, NULL, NULL);
660 charon->processor->queue_job(charon->processor, (job_t*)this->job);
661
662 return &this->public;
663 }
664