Added identity_lease option to create random or identity based DHCP leases
[strongswan.git] / src / libcharon / plugins / dhcp / dhcp_socket.c
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "dhcp_socket.h"
17
18 #include <unistd.h>
19 #include <errno.h>
20 #include <string.h>
21 #include <netinet/in.h>
22 #include <netinet/ip.h>
23 #include <netinet/udp.h>
24 #include <linux/if_arp.h>
25 #include <linux/if_ether.h>
26 #include <linux/filter.h>
27
28 #include <utils/linked_list.h>
29 #include <utils/identification.h>
30 #include <threading/mutex.h>
31 #include <threading/condvar.h>
32 #include <threading/thread.h>
33
34 #include <daemon.h>
35 #include <processing/jobs/callback_job.h>
36
37 #define DHCP_SERVER_PORT 67
38 #define DHCP_CLIENT_PORT 68
39 #define DHCP_TRIES 5
40
41 typedef struct private_dhcp_socket_t private_dhcp_socket_t;
42
43 /**
44 * Private data of an dhcp_socket_t object.
45 */
46 struct private_dhcp_socket_t {
47
48 /**
49 * Public dhcp_socket_t interface.
50 */
51 dhcp_socket_t public;
52
53 /**
54 * Random number generator
55 */
56 rng_t *rng;
57
58 /**
59 * List of transactions in DISCOVER
60 */
61 linked_list_t *discover;
62
63 /**
64 * List of transactions in REQUEST
65 */
66 linked_list_t *request;
67
68 /**
69 * List of successfully completed transactions
70 */
71 linked_list_t *completed;
72
73 /**
74 * Lock for transactions
75 */
76 mutex_t *mutex;
77
78 /**
79 * Condvar to wait for transaction completion
80 */
81 condvar_t *condvar;
82
83 /**
84 * Threads waiting in condvar
85 */
86 int waiting;
87
88 /**
89 * DHCP send socket
90 */
91 int send;
92
93 /**
94 * DHCP receive socket
95 */
96 int receive;
97
98 /**
99 * Do we use per-identity or random leases (and MAC addresses)
100 */
101 bool identity_lease;
102
103 /**
104 * DHCP server address, or broadcast
105 */
106 host_t *dst;
107
108 /**
109 * Callback job receiving DHCP responses
110 */
111 callback_job_t *job;
112 };
113
114 /**
115 * DHCP opcode (or BOOTP actually)
116 */
117 typedef enum {
118 BOOTREQUEST = 1,
119 BOOTREPLY = 2,
120 } dhcp_opcode_t;
121
122 /**
123 * Some DHCP options used
124 */
125 typedef enum {
126 DHCP_HOST_NAME = 12,
127 DHCP_REQUESTED_IP = 50,
128 DHCP_MESSAGE_TYPE = 53,
129 DHCP_SERVER_ID = 54,
130 DHCP_PARAM_REQ_LIST = 55,
131 DHCP_OPTEND = 255,
132 } dhcp_option_type_t;
133
134 /**
135 * DHCP messages types in the DHCP_MESSAGE_TYPE option
136 */
137 typedef enum {
138 DHCP_DISCOVER = 1,
139 DHCP_OFFER = 2,
140 DHCP_REQUEST = 3,
141 DHCP_DECLINE = 4,
142 DHCP_ACK = 5,
143 DHCP_NAK = 6,
144 DHCP_RELEASE = 7,
145 DHCP_INFORM = 8,
146 } dhcp_message_type_t;
147
148 /**
149 * DHCP parameters in the DHCP_PARAM_REQ_LIST option
150 */
151 typedef enum {
152 DHCP_ROUTER = 3,
153 DHCP_DNS_SERVER = 6,
154 } dhcp_parameter_t;
155
156 /**
157 * DHCP option encoding, a TLV
158 */
159 typedef struct __attribute__((packed)) {
160 u_int8_t type;
161 u_int8_t len;
162 char data[];
163 } dhcp_option_t;
164
165 /**
166 * DHCP message format, with a maximum size options buffer
167 */
168 typedef struct __attribute__((packed)) {
169 u_int8_t opcode;
170 u_int8_t hw_type;
171 u_int8_t hw_addr_len;
172 u_int8_t hop_count;
173 u_int32_t transaction_id;
174 u_int16_t number_of_seconds;
175 u_int16_t flags;
176 u_int32_t client_address;
177 u_int32_t your_address;
178 u_int32_t server_address;
179 u_int32_t gateway_address;
180 char client_hw_addr[6];
181 char client_hw_padding[10];
182 char server_hostname[64];
183 char boot_filename[128];
184 u_int32_t magic_cookie;
185 char options[252];
186 } dhcp_t;
187
188 /**
189 * Prepare a DHCP message for a given transaction
190 */
191 static int prepare_dhcp(private_dhcp_socket_t *this,
192 dhcp_transaction_t *transaction,
193 dhcp_message_type_t type, dhcp_t *dhcp)
194 {
195 chunk_t chunk, broadcast = chunk_from_chars(0xFF,0xFF,0xFF,0xFF);
196 identification_t *identity;
197 dhcp_option_t *option;
198 int optlen = 0;
199 host_t *src;
200 u_int32_t id;
201
202 memset(dhcp, 0, sizeof(*dhcp));
203 dhcp->opcode = BOOTREQUEST;
204 dhcp->hw_type = ARPHRD_ETHER;
205 dhcp->hw_addr_len = 6;
206 dhcp->transaction_id = transaction->get_id(transaction);
207 if (chunk_equals(broadcast, this->dst->get_address(this->dst)))
208 {
209 /* TODO: send with 0.0.0.0 source address */
210 }
211 else
212 {
213 /* act as relay agent */
214 src = charon->kernel_interface->get_source_addr(
215 charon->kernel_interface, this->dst, NULL);
216 if (src)
217 {
218 memcpy(&dhcp->gateway_address, src->get_address(src).ptr,
219 sizeof(dhcp->gateway_address));
220 src->destroy(src);
221 }
222 }
223
224 identity = transaction->get_identity(transaction);
225 chunk = identity->get_encoding(identity);
226 /* magic bytes, a locally administered unicast MAC */
227 dhcp->client_hw_addr[0] = 0x7A;
228 dhcp->client_hw_addr[1] = 0xA7;
229 /* with ID specific postfix */
230 if (this->identity_lease)
231 {
232 id = htonl(chunk_hash(chunk));
233 }
234 else
235 {
236 id = transaction->get_id(transaction);
237 }
238 memcpy(&dhcp->client_hw_addr[2], &id, sizeof(id));
239
240 dhcp->magic_cookie = htonl(0x63825363);
241
242 option = (dhcp_option_t*)&dhcp->options[optlen];
243 option->type = DHCP_MESSAGE_TYPE;
244 option->len = 1;
245 option->data[0] = type;
246 optlen += sizeof(dhcp_option_t) + option->len;
247
248 option = (dhcp_option_t*)&dhcp->options[optlen];
249 option->type = DHCP_HOST_NAME;
250 option->len = min(chunk.len, 64);
251 memcpy(option->data, chunk.ptr, option->len);
252 optlen += sizeof(dhcp_option_t) + option->len;
253
254 option = (dhcp_option_t*)&dhcp->options[optlen];
255 option->type = DHCP_PARAM_REQ_LIST;
256 option->len = 2;
257 option->data[0] = DHCP_ROUTER;
258 option->data[1] = DHCP_DNS_SERVER;
259 optlen += sizeof(dhcp_option_t) + option->len;
260
261 return optlen;
262 }
263
264 /**
265 * Send a DHCP message with given options length
266 */
267 static bool send_dhcp(private_dhcp_socket_t *this,
268 dhcp_transaction_t *transaction, dhcp_t *dhcp, int optlen)
269 {
270 host_t *dst;
271 ssize_t len;
272
273 dst = transaction->get_server(transaction);
274 if (!dst)
275 {
276 dst = this->dst;
277 }
278 len = offsetof(dhcp_t, magic_cookie) + ((optlen + 4) / 64 * 64 + 64);
279 return sendto(this->send, dhcp, len, 0, dst->get_sockaddr(dst),
280 *dst->get_sockaddr_len(dst)) == len;
281 }
282
283 /**
284 * Send DHCP discover using a given transaction
285 */
286 static bool discover(private_dhcp_socket_t *this,
287 dhcp_transaction_t *transaction)
288 {
289 dhcp_t dhcp;
290 int optlen;
291
292 optlen = prepare_dhcp(this, transaction, DHCP_DISCOVER, &dhcp);
293
294 DBG1(DBG_CFG, "sending DHCP DISCOVER to %H", this->dst);
295
296 dhcp.options[optlen++] = DHCP_OPTEND;
297
298 if (!send_dhcp(this, transaction, &dhcp, optlen))
299 {
300 DBG1(DBG_CFG, "sending DHCP DISCOVER failed: %s", strerror(errno));
301 return FALSE;
302 }
303 return TRUE;
304 }
305
306 /**
307 * Send DHCP request using a given transaction
308 */
309 static bool request(private_dhcp_socket_t *this,
310 dhcp_transaction_t *transaction)
311 {
312 dhcp_option_t *option;
313 dhcp_t dhcp;
314 host_t *offer, *server;
315 chunk_t chunk;
316 int optlen;
317
318 optlen = prepare_dhcp(this, transaction, DHCP_REQUEST, &dhcp);
319
320 offer = transaction->get_address(transaction);
321 server = transaction->get_server(transaction);
322 if (!offer || !server)
323 {
324 return FALSE;
325 }
326 DBG1(DBG_CFG, "sending DHCP REQUEST for %H to %H", offer, server);
327
328 option = (dhcp_option_t*)&dhcp.options[optlen];
329 option->type = DHCP_REQUESTED_IP;
330 option->len = 4;
331 chunk = offer->get_address(offer);
332 memcpy(option->data, chunk.ptr, min(chunk.len, option->len));
333 optlen += sizeof(dhcp_option_t) + option->len;
334
335 option = (dhcp_option_t*)&dhcp.options[optlen];
336 option->type = DHCP_SERVER_ID;
337 option->len = 4;
338 chunk = server->get_address(server);
339 memcpy(option->data, chunk.ptr, min(chunk.len, option->len));
340 optlen += sizeof(dhcp_option_t) + option->len;
341
342 dhcp.options[optlen++] = DHCP_OPTEND;
343
344 if (!send_dhcp(this, transaction, &dhcp, optlen))
345 {
346 DBG1(DBG_CFG, "sending DHCP REQUEST failed: %s", strerror(errno));
347 return FALSE;
348 }
349 return TRUE;
350 }
351
352 METHOD(dhcp_socket_t, enroll, dhcp_transaction_t*,
353 private_dhcp_socket_t *this, identification_t *identity)
354 {
355 dhcp_transaction_t *transaction;
356 u_int32_t id;
357 int try;
358
359 this->rng->get_bytes(this->rng, sizeof(id), (u_int8_t*)&id);
360 transaction = dhcp_transaction_create(id, identity);
361
362 this->mutex->lock(this->mutex);
363 this->discover->insert_last(this->discover, transaction);
364 try = 1;
365 while (try <= DHCP_TRIES && discover(this, transaction))
366 {
367 if (!this->condvar->timed_wait(this->condvar, this->mutex, 1000 * try) &&
368 this->request->find_first(this->request, NULL,
369 (void**)&transaction) == SUCCESS)
370 {
371 break;
372 }
373 try++;
374 }
375 if (this->discover->remove(this->discover, transaction, NULL))
376 { /* no OFFER received */
377 this->mutex->unlock(this->mutex);
378 transaction->destroy(transaction);
379 DBG1(DBG_CFG, "DHCP disover timed out");
380 return NULL;
381 }
382
383 try = 1;
384 while (try <= DHCP_TRIES && request(this, transaction))
385 {
386 if (!this->condvar->timed_wait(this->condvar, this->mutex, 1000 * try) &&
387 this->completed->remove(this->completed, transaction, NULL))
388 {
389 break;
390 }
391 try++;
392 }
393 if (this->request->remove(this->request, transaction, NULL))
394 { /* no ACK received */
395 this->mutex->unlock(this->mutex);
396 transaction->destroy(transaction);
397 DBG1(DBG_CFG, "DHCP request timed out");
398 return NULL;
399 }
400 this->mutex->unlock(this->mutex);
401
402 return transaction;
403 }
404
405 /**
406 * Handle a DHCP OFFER
407 */
408 static void handle_offer(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen)
409 {
410 dhcp_transaction_t *transaction;
411 enumerator_t *enumerator;
412 host_t *offer, *server;
413
414 offer = host_create_from_chunk(AF_INET,
415 chunk_from_thing(dhcp->your_address), 0);
416 server = host_create_from_chunk(AF_INET,
417 chunk_from_thing(dhcp->server_address), DHCP_SERVER_PORT);
418 DBG1(DBG_CFG, "received DHCP OFFER %H from %H", offer, server);
419
420 this->mutex->lock(this->mutex);
421 enumerator = this->discover->create_enumerator(this->discover);
422 while (enumerator->enumerate(enumerator, &transaction))
423 {
424 if (transaction->get_id(transaction) == dhcp->transaction_id)
425 {
426 this->discover->remove_at(this->discover, enumerator);
427 this->request->insert_last(this->request, transaction);
428 transaction->set_address(transaction, offer->clone(offer));
429 transaction->set_server(transaction, server->clone(server));
430 break;
431 }
432 }
433 enumerator->destroy(enumerator);
434 this->mutex->unlock(this->mutex);
435 this->condvar->broadcast(this->condvar);
436 offer->destroy(offer);
437 server->destroy(server);
438 }
439
440 /**
441 * Handle a DHCP ACK
442 */
443 static void handle_ack(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen)
444 {
445 dhcp_transaction_t *transaction;
446 enumerator_t *enumerator;
447 host_t *offer;
448
449 offer = host_create_from_chunk(AF_INET,
450 chunk_from_thing(dhcp->your_address), 0);
451 DBG1(DBG_CFG, "received DHCP ACK for %H", offer);
452
453 this->mutex->lock(this->mutex);
454 enumerator = this->request->create_enumerator(this->request);
455 while (enumerator->enumerate(enumerator, &transaction))
456 {
457 if (transaction->get_id(transaction) == dhcp->transaction_id)
458 {
459 this->request->remove_at(this->request, enumerator);
460 this->completed->insert_last(this->completed, transaction);
461 break;
462 }
463 }
464 enumerator->destroy(enumerator);
465 this->mutex->unlock(this->mutex);
466 this->condvar->broadcast(this->condvar);
467 offer->destroy(offer);
468 }
469
470 /**
471 * Receive DHCP responses
472 */
473 static job_requeue_t receive_dhcp(private_dhcp_socket_t *this)
474 {
475 struct sockaddr_ll addr;
476 socklen_t addr_len = sizeof(addr);
477 struct __attribute__((packed)) {
478 struct iphdr ip;
479 struct udphdr udp;
480 dhcp_t dhcp;
481 } packet;
482 int oldstate, optlen, origoptlen, optsize, optpos = 0;
483 ssize_t len;
484 dhcp_option_t *option;
485
486 oldstate = thread_cancelability(TRUE);
487 len = recvfrom(this->receive, &packet, sizeof(packet), 0,
488 (struct sockaddr*)&addr, &addr_len);
489 thread_cancelability(oldstate);
490
491 if (len >= sizeof(struct iphdr) + sizeof(struct udphdr) +
492 offsetof(dhcp_t, options))
493 {
494 origoptlen = optlen = len - sizeof(struct iphdr) +
495 sizeof(struct udphdr) + offsetof(dhcp_t, options);
496 while (optlen > sizeof(dhcp_option_t))
497 {
498 option = (dhcp_option_t*)&packet.dhcp.options[optpos];
499 optsize = sizeof(dhcp_option_t) + option->len;
500 if (option->type == DHCP_OPTEND || optlen < optsize)
501 {
502 break;
503 }
504 if (option->type == DHCP_MESSAGE_TYPE && option->len == 1)
505 {
506 switch (option->data[0])
507 {
508 case DHCP_OFFER:
509 handle_offer(this, &packet.dhcp, origoptlen);
510 break;
511 case DHCP_ACK:
512 handle_ack(this, &packet.dhcp, origoptlen);
513 default:
514 break;
515 }
516 break;
517 }
518 optlen -= optsize;
519 optpos += optsize;
520 }
521 }
522 return JOB_REQUEUE_DIRECT;
523 }
524
525 METHOD(dhcp_socket_t, destroy, void,
526 private_dhcp_socket_t *this)
527 {
528 if (this->job)
529 {
530 this->job->cancel(this->job);
531 }
532 while (this->waiting)
533 {
534 this->condvar->signal(this->condvar);
535 }
536 if (this->send > 0)
537 {
538 close(this->send);
539 }
540 if (this->receive > 0)
541 {
542 close(this->receive);
543 }
544 this->mutex->destroy(this->mutex);
545 this->condvar->destroy(this->condvar);
546 this->discover->destroy_offset(this->discover,
547 offsetof(dhcp_transaction_t, destroy));
548 this->request->destroy_offset(this->request,
549 offsetof(dhcp_transaction_t, destroy));
550 this->completed->destroy_offset(this->completed,
551 offsetof(dhcp_transaction_t, destroy));
552 DESTROY_IF(this->rng);
553 DESTROY_IF(this->dst);
554 free(this);
555 }
556
557 /**
558 * See header
559 */
560 dhcp_socket_t *dhcp_socket_create()
561 {
562 private_dhcp_socket_t *this;
563 struct sockaddr_in src;
564 int on = 1;
565 struct sock_filter dhcp_filter_code[] = {
566 BPF_STMT(BPF_LD+BPF_B+BPF_ABS,
567 offsetof(struct iphdr, protocol)),
568 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, IPPROTO_UDP, 0, 14),
569 BPF_STMT(BPF_LD+BPF_H+BPF_ABS, sizeof(struct iphdr) +
570 offsetof(struct udphdr, source)),
571 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_SERVER_PORT, 0, 12),
572 BPF_STMT(BPF_LD+BPF_H+BPF_ABS, sizeof(struct iphdr) +
573 offsetof(struct udphdr, dest)),
574 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_CLIENT_PORT, 0, 10),
575 BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) +
576 sizeof(struct udphdr) + offsetof(dhcp_t, opcode)),
577 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, BOOTREPLY, 0, 8),
578 BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) +
579 sizeof(struct udphdr) + offsetof(dhcp_t, hw_type)),
580 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARPHRD_ETHER, 0, 6),
581 BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) +
582 sizeof(struct udphdr) + offsetof(dhcp_t, hw_addr_len)),
583 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 6, 0, 4),
584 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, sizeof(struct iphdr) +
585 sizeof(struct udphdr) + offsetof(dhcp_t, magic_cookie)),
586 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0x63825363, 0, 2),
587 BPF_STMT(BPF_LD+BPF_W+BPF_LEN, 0),
588 BPF_STMT(BPF_RET+BPF_A, 0),
589 BPF_STMT(BPF_RET+BPF_K, 0),
590 };
591 struct sock_fprog dhcp_filter = {
592 sizeof(dhcp_filter_code) / sizeof(struct sock_filter),
593 dhcp_filter_code,
594 };
595
596 INIT(this,
597 .public = {
598 .enroll = _enroll,
599 .destroy = _destroy,
600 },
601 .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
602 .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
603 .condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
604 .discover = linked_list_create(),
605 .request = linked_list_create(),
606 .completed = linked_list_create(),
607 );
608
609 if (!this->rng)
610 {
611 DBG1(DBG_CFG, "unable to create RNG");
612 destroy(this);
613 return NULL;
614 }
615 this->identity_lease = lib->settings->get_bool(lib->settings,
616 "charon.plugins.dhcp.identity_lease", FALSE);
617 this->dst = host_create_from_string(lib->settings->get_str(lib->settings,
618 "charon.plugins.dhcp.server", "255.255.255.255"),
619 DHCP_SERVER_PORT);
620 if (!this->dst)
621 {
622 DBG1(DBG_CFG, "configured DHCP server address invalid");
623 destroy(this);
624 return NULL;
625 }
626
627 this->send = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
628 if (this->send == -1)
629 {
630 DBG1(DBG_CFG, "unable to create DHCP send socket: %s", strerror(errno));
631 destroy(this);
632 return NULL;
633 }
634 if (setsockopt(this->send, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1)
635 {
636 DBG1(DBG_CFG, "unable to reuse DHCP socket address: %s", strerror(errno));
637 destroy(this);
638 return NULL;
639 }
640 if (setsockopt(this->send, SOL_SOCKET, SO_BROADCAST, &on, sizeof(on)) == -1)
641 {
642 DBG1(DBG_CFG, "unable to broadcast on DHCP socket: %s", strerror(errno));
643 destroy(this);
644 return NULL;
645 }
646 src.sin_family = AF_INET;
647 src.sin_port = htons(DHCP_CLIENT_PORT);
648 src.sin_addr.s_addr = INADDR_ANY;
649 if (bind(this->send, (struct sockaddr*)&src, sizeof(src)) == -1)
650 {
651 DBG1(DBG_CFG, "unable to bind DHCP send socket: %s", strerror(errno));
652 destroy(this);
653 return NULL;
654 }
655
656 this->receive = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_IP));
657 if (this->receive == -1)
658 {
659 DBG1(DBG_NET, "opening DHCP receive socket failed: %s", strerror(errno));
660 destroy(this);
661 return NULL;
662 }
663 if (setsockopt(this->receive, SOL_SOCKET, SO_ATTACH_FILTER,
664 &dhcp_filter, sizeof(dhcp_filter)) < 0)
665 {
666 DBG1(DBG_CFG, "installing DHCP socket filter failed: %s",
667 strerror(errno));
668 destroy(this);
669 return NULL;
670 }
671
672 this->job = callback_job_create((callback_job_cb_t)receive_dhcp,
673 this, NULL, NULL);
674 charon->processor->queue_job(charon->processor, (job_t*)this->job);
675
676 return &this->public;
677 }
678