The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
packet.c
Go to the documentation of this file.
1/*
2 * This library is free software; you can redistribute it and/or
3 * modify it under the terms of the GNU Lesser General Public
4 * License as published by the Free Software Foundation; either
5 * version 2.1 of the License, or (at your option) any later version.
6 *
7 * This library is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
10 * Lesser General Public License for more details.
11 *
12 * You should have received a copy of the GNU Lesser General Public
13 * License along with this library; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: c17c3ec21b5d95428725eb0fffda9d54fc668221 $
19 *
20 * @file protocols/dhcpv4/packet.c
21 * @brief Functions to encode/decode DHCP packets.
22 *
23 * @copyright 2008,2017 The FreeRADIUS server project
24 * @copyright 2008 Alan DeKok (aland@deployingradius.com)
25 */
26#include <freeradius-devel/util/pair.h>
27#include <freeradius-devel/util/rand.h>
28#include <freeradius-devel/protocol/dhcpv4/rfc2131.h>
29
30#include "dhcpv4.h"
31#include "attrs.h"
32
33/** Retrieve a DHCP option from a raw packet buffer
34 *
35 *
36 */
37uint8_t const *fr_dhcpv4_packet_get_option(dhcp_packet_t const *packet, size_t packet_size, fr_dict_attr_t const *da)
38{
39 int overload = 0;
40 int field = DHCP_OPTION_FIELD;
41 size_t where, size;
42 uint8_t const *data;
43
44 if (packet_size < MIN_PACKET_SIZE) return NULL;
45
46 where = 0;
47 size = packet_size - offsetof(dhcp_packet_t, options);
48 data = &packet->options[where];
49
50 while (where < size) {
51 if (data[0] == 0) return NULL; /* padding */
52
53 if (data[0] == 255) { /* end of options */
54 if ((field == DHCP_OPTION_FIELD) && (overload & DHCP_FILE_FIELD)) {
55 data = packet->file;
56 where = 0;
57 size = sizeof(packet->file);
58 field = DHCP_FILE_FIELD;
59 continue;
60
61 } else if ((field == DHCP_FILE_FIELD || field == DHCP_OPTION_FIELD) && (overload & DHCP_SNAME_FIELD)) {
62 data = packet->sname;
63 where = 0;
64 size = sizeof(packet->sname);
65 field = DHCP_SNAME_FIELD;
66 continue;
67 }
68
69 return NULL;
70 }
71
72 /*
73 * We MUST have a real option here.
74 */
75 if ((where + 2) > size) {
76 fr_strerror_printf("Options overflow field at %u",
77 (unsigned int) (data - (uint8_t const *) packet));
78 return NULL;
79 }
80
81 if ((where + 2 + data[1]) > size) {
82 fr_strerror_printf("Option length overflows field at %u",
83 (unsigned int) (data - (uint8_t const *) packet));
84 return NULL;
85 }
86
87 if (data[0] == da->attr) return data;
88
89 if ((data[0] == 52) && (data[1] > 0)) { /* overload sname and/or file */
90 overload = data[2];
91 }
92
93 where += data[1] + 2;
94 data += data[1] + 2;
95 }
96
97 return NULL;
98}
99
100int fr_dhcpv4_decode(TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t const *data, size_t data_len, unsigned int *code)
101{
102 size_t i;
103 uint8_t const *p = data;
104 uint32_t giaddr;
105 fr_pair_list_t tmp;
106 fr_pair_t *vp;
107 fr_pair_t *maxms, *mtu, *netaddr;
108 fr_value_box_t box;
109 fr_dhcpv4_ctx_t *packet_ctx;
110
111 fr_pair_list_init(&tmp);
112
113 if (data[1] > 1) {
114 fr_strerror_printf("Packet is not Ethernet: %u",
115 data[1]);
116 return -1;
117 }
118
119 packet_ctx = talloc_zero(ctx, fr_dhcpv4_ctx_t);
120 if (!packet_ctx) return -1;
121 packet_ctx->tmp_ctx = talloc(packet_ctx, uint8_t);
122
123 /*
124 * Decode the header.
125 */
126 for (i = 0; i < dhcp_header_attrs_len; i++) {
127 fr_dict_attr_t const *da = *dhcp_header_attrs[i];
128
129 vp = fr_pair_afrom_da(ctx, da);
130 if (!vp) {
131 fr_strerror_const_push("Cannot decode packet due to internal error");
132 error:
133 talloc_free(vp);
134 fr_pair_list_free(&tmp);
135 talloc_free(packet_ctx);
136 return -1;
137 }
138
139 switch (vp->vp_type) {
140 case FR_TYPE_STRING:
141 /*
142 * According to RFC 2131, these are null terminated strings.
143 * We don't trust everyone to abide by the RFC, though.
144 */
145 if (*p != '\0') {
146 uint8_t *q;
147
148 q = memchr(p, '\0', dhcp_header_sizes[i]);
149 fr_pair_value_bstrndup(vp, (char const *)p, q ? q - p : dhcp_header_sizes[i], true);
150 } else {
151 TALLOC_FREE(vp);
152 }
153 break;
154
155 /*
156 * The DHCP header size for CHADDR is not
157 * 6, so the value_box function doesn't
158 * like it. Just do the copy manually.
159 */
160 case FR_TYPE_ETHERNET:
161 if ((data[1] != 1) || (data[2] != 6)) {
162 TALLOC_FREE(vp);
163 break;
164 }
165
166 memcpy(vp->vp_ether, p, sizeof(vp->vp_ether));
167 break;
168
169 default:
170 if (fr_value_box_from_network(vp, &vp->data, vp->vp_type, vp->da,
171 &FR_DBUFF_TMP(p, (size_t)dhcp_header_sizes[i]),
172 dhcp_header_sizes[i], true) < 0) goto error;
173 break;
174 }
175 p += dhcp_header_sizes[i];
176
177 if (!vp) continue;
178
179 fr_pair_append(&tmp, vp);
180 }
181
182 /*
183 * Nothing uses tail after this call, if it does in the future
184 * it'll need to find the new tail...
185 */
186 {
187 uint8_t const *end;
188 ssize_t len;
189
190 p = data + 240;
191 end = p + (data_len - 240);
192
193 /*
194 * Loop over all the options data
195 */
196 while (p < end) {
197 len = fr_dhcpv4_decode_option(ctx, &tmp, p, (end - p), packet_ctx);
198 if (len <= 0) {
199 fail:
200 fr_pair_list_free(&tmp);
201 talloc_free(packet_ctx);
202 return len;
203 }
204 p += len;
205 }
206
207 if (code) {
208 vp = fr_pair_find_by_da(&tmp, NULL, attr_dhcp_message_type);
209 if (vp) {
210 *code = vp->vp_uint8;
211 }
212 }
213
214 /*
215 * If option Overload is present in the 'options' field, then fields 'file' and/or 'sname'
216 * are used to hold more options. They are partitioned and must be interpreted in sequence.
217 */
218 vp = fr_pair_find_by_da(&tmp, NULL, attr_dhcp_overload);
219 if (vp) {
220 if ((vp->vp_uint8 & 1) == 1) {
221 /*
222 * The 'file' field is used to hold options.
223 * It must be interpreted before 'sname'.
224 */
225 p = data + 44;
226 end = p + 64;
227 while (p < end) {
228 len = fr_dhcpv4_decode_option(ctx, &tmp,
229 p, end - p, packet_ctx);
230 if (len <= 0) goto fail;
231 p += len;
232 }
233 fr_pair_delete_by_da(&tmp, attr_dhcp_boot_filename);
234 }
235 if ((vp->vp_uint8 & 2) == 2) {
236 /*
237 * The 'sname' field is used to hold options.
238 */
239 p = data + 108;
240 end = p + 128;
241 while (p < end) {
242 len = fr_dhcpv4_decode_option(ctx, &tmp,
243 p, end - p, packet_ctx);
244 if (len <= 0) goto fail;
245 p += len;
246 }
247 fr_pair_delete_by_da(&tmp, attr_dhcp_server_host_name);
248 }
249 }
250 }
251
252 /*
253 * If DHCP request, set ciaddr to zero.
254 */
255
256 /*
257 * Set broadcast flag for broken vendors, but only if
258 * giaddr isn't set.
259 */
260 memcpy(&giaddr, data + 24, sizeof(giaddr));
261 if (giaddr == htonl(INADDR_ANY)) {
262 /*
263 * DHCP Opcode is request
264 */
265 vp = fr_pair_find_by_da(&tmp, NULL, attr_dhcp_opcode);
266 if (vp && vp->vp_uint8 == 1) {
267 /*
268 * Vendor is "MSFT 98"
269 */
270 vp = fr_pair_find_by_da(&tmp, NULL, attr_dhcp_vendor_class_identifier);
271 if (vp && (vp->vp_length == 7) && (memcmp(vp->vp_strvalue, "MSFT 98", 7) == 0)) {
272 vp = fr_pair_find_by_da(&tmp, NULL, attr_dhcp_flags);
273
274 /*
275 * Reply should be broadcast.
276 */
277 if (vp) vp->vp_uint16 |= 0x8000;
278 }
279 }
280 }
281
282 /*
283 * Determine the address to use in looking up which subnet the
284 * client belongs to based on packet data. The sequence here
285 * is based on ISC DHCP behaviour and RFCs 3527 and 3011. We
286 * store the found address in an internal attribute of
287 * Network-Subnet
288 *
289 *
290 * All of these options / fields are type "ipv4addr", so
291 * we need to decode them as that. And then cast it to
292 * "ipv4prefix".
293 */
294 vp = fr_pair_afrom_da(ctx, attr_dhcp_network_subnet);
295 if (!vp) return -1;
296
297 /*
298 * First look for Relay-Link-Selection
299 */
300 netaddr = fr_pair_find_by_da_nested(&tmp, NULL, attr_dhcp_relay_link_selection);
301 if (!netaddr) {
302 /*
303 * Next try Subnet-Selection-Option
304 */
305 netaddr = fr_pair_find_by_da(&tmp, NULL, attr_dhcp_subnet_selection_option);
306 }
307
308 if (netaddr) {
309 /*
310 * Store whichever address we found from options and ensure
311 * the data type matches the pair, i.e address to prefix
312 * conversion.
313 */
314 if (fr_value_box_cast(vp, &vp->data, vp->vp_type, vp->da, &netaddr->data) < 0) return -1;
315
316 } else if (giaddr != htonl(INADDR_ANY)) {
317 /*
318 * Gateway address is set - use that one
319 */
320 if (fr_value_box_from_network(vp, &box, FR_TYPE_IPV4_ADDR, NULL,
321 &FR_DBUFF_TMP(data + 24, 4), 4, true) < 0) return -1;
322 if (fr_value_box_cast(vp, &vp->data, vp->vp_type, vp->da, &box) < 0) return -1;
323
324 } else {
325 /*
326 * else, store client address whatever it is
327 */
328 if (fr_value_box_from_network(vp, &box, FR_TYPE_IPV4_ADDR, NULL,
329 &FR_DBUFF_TMP(data + 12, 4), 4, true) < 0) return -1;
330 if (fr_value_box_cast(vp, &vp->data, vp->vp_type, vp->da, &box) < 0) return -1;
331 }
332
333 fr_pair_append(&tmp, vp);
334
335 /*
336 * Client can request a LARGER size, but not a smaller
337 * one. They also cannot request a size larger than MTU.
338 */
339 maxms = fr_pair_find_by_da(&tmp, NULL, attr_dhcp_dhcp_maximum_msg_size);
340 mtu = fr_pair_find_by_da(&tmp, NULL, attr_dhcp_interface_mtu_size);
341
342 if (mtu && (mtu->vp_uint16 < DEFAULT_PACKET_SIZE)) {
343 fr_strerror_const("Client says MTU is smaller than minimum permitted by the specification");
344 return -1;
345 }
346
347 /*
348 * Client says maximum message size is smaller than minimum permitted
349 * by the specification: fixing it.
350 */
351 if (maxms && (maxms->vp_uint16 < DEFAULT_PACKET_SIZE)) maxms->vp_uint16 = DEFAULT_PACKET_SIZE;
352
353 /*
354 * Client says MTU is smaller than maximum message size: fixing it
355 */
356 if (maxms && mtu && (maxms->vp_uint16 > mtu->vp_uint16)) maxms->vp_uint16 = mtu->vp_uint16;
357
358 /*
359 * FIXME: Nuke attributes that aren't used in the normal
360 * header for discover/requests.
361 */
362 fr_pair_list_append(out, &tmp);
363
364 return 0;
365}
366
367int fr_dhcpv4_packet_encode(fr_packet_t *packet, fr_pair_list_t *list)
368{
369 ssize_t len;
370 fr_pair_t *vp;
371
372 if (packet->data) return 0;
373
374 packet->data_len = MAX_PACKET_SIZE;
375 packet->data = talloc_zero_array(packet, uint8_t, packet->data_len);
376
377 /* XXX Ugly ... should be set by the caller */
378 if (packet->code == 0) packet->code = FR_DHCP_NAK;
379
380 /* store xid */
381 if ((vp = fr_pair_find_by_da(list, NULL, attr_dhcp_transaction_id))) {
382 packet->id = vp->vp_uint32;
383 } else {
384 packet->id = fr_rand();
385 }
386
387 len = fr_dhcpv4_encode(packet->data, packet->data_len, NULL, packet->code, packet->id, list);
388 if (len < 0) return -1;
389
390 packet->data_len = len;
391
392 return 0;
393}
394
395fr_packet_t *fr_dhcpv4_packet_alloc(uint8_t const *data, ssize_t data_len)
396{
397 fr_packet_t *packet;
398 uint32_t magic;
399 uint8_t const *code;
400
401 code = fr_dhcpv4_packet_get_option((dhcp_packet_t const *) data, data_len, attr_dhcp_message_type);
402 if (!code) return NULL;
403
404 if (data_len < MIN_PACKET_SIZE) return NULL;
405
406 /* Now that checks are done, allocate packet */
407 packet = fr_packet_alloc(NULL, false);
408 if (!packet) {
409 fr_strerror_const("Failed allocating packet");
410 return NULL;
411 }
412
413 /*
414 * Get XID.
415 */
416 memcpy(&magic, data + 4, 4);
417
418 packet->data_len = data_len;
419 packet->code = code[2];
420 packet->id = ntohl(magic);
421
422 /*
423 * FIXME: for DISCOVER / REQUEST: src_port == dst_port + 1
424 * FIXME: for OFFER / ACK : src_port = dst_port - 1
425 */
426
427 /*
428 * Unique keys are xid, client mac, and client ID?
429 */
430 return packet;
431}
FR_DBUFF_TMP
#define FR_DBUFF_TMP(_start, _len_or_end)
Creates a compound literal to pass into functions which accept a dbuff.
Definition dbuff.h:514
attr_dhcp_message_type
static fr_dict_attr_t const * attr_dhcp_message_type
Definition dhcpclient.c:90
dhcpv4.h
Implementation of the DHCPv4 protocol.
fr_dhcpv4_ctx_t::tmp_ctx
TALLOC_CTX * tmp_ctx
for temporary things cleaned up during decoding
Definition dhcpv4.h:136
DEFAULT_PACKET_SIZE
#define DEFAULT_PACKET_SIZE
Definition dhcpv4.h:89
MIN_PACKET_SIZE
#define MIN_PACKET_SIZE
Definition dhcpv4.h:88
DHCP_OPTION_FIELD
#define DHCP_OPTION_FIELD
Definition dhcpv4.h:93
DHCP_SNAME_FIELD
#define DHCP_SNAME_FIELD
Definition dhcpv4.h:95
dhcp_packet_t::options
uint8_t options[DHCP_VEND_LEN]
Definition dhcpv4.h:82
DHCP_FILE_FIELD
#define DHCP_FILE_FIELD
Definition dhcpv4.h:94
dhcp_packet_t::file
uint8_t file[DHCP_FILE_LEN]
Definition dhcpv4.h:80
FR_DHCP_NAK
@ FR_DHCP_NAK
Definition dhcpv4.h:50
MAX_PACKET_SIZE
#define MAX_PACKET_SIZE
Definition dhcpv4.h:90
dhcp_packet_t::sname
uint8_t sname[DHCP_SNAME_LEN]
Definition dhcpv4.h:79
dhcp_packet_t
Definition dhcpv4.h:66
fr_dhcpv4_ctx_t
Used as the decoder ctx.
Definition dhcpv4.h:134
talloc_free
talloc_free(reap)
fr_packet_alloc
fr_packet_t * fr_packet_alloc(TALLOC_CTX *ctx, bool new_vector)
Allocate a new fr_packet_t.
Definition packet.c:38
FR_TYPE_IPV4_ADDR
@ FR_TYPE_IPV4_ADDR
32 Bit IPv4 Address.
Definition merged_model.c:86
FR_TYPE_ETHERNET
@ FR_TYPE_ETHERNET
48 Bit Mac-Address.
Definition merged_model.c:93
FR_TYPE_STRING
@ FR_TYPE_STRING
String of printable characters.
Definition merged_model.c:83
uint32_t
unsigned int uint32_t
Definition merged_model.c:33
ssize_t
long int ssize_t
Definition merged_model.c:24
uint8_t
unsigned char uint8_t
Definition merged_model.c:30
fr_dict_attr_t
Definition merged_model.c:133
fr_value_box_t
Definition merged_model.c:136
fr_pair_find_by_da_nested
fr_pair_t * fr_pair_find_by_da_nested(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find a pair with a matching fr_dict_attr_t, by walking the nested fr_dict_attr_t tree.
Definition pair.c:770
fr_pair_find_by_da
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
Definition pair.c:693
fr_pair_append
int fr_pair_append(fr_pair_list_t *list, fr_pair_t *to_add)
Add a VP to the end of the list.
Definition pair.c:1345
fr_pair_delete_by_da
int fr_pair_delete_by_da(fr_pair_list_t *list, fr_dict_attr_t const *da)
Delete matching pairs from the specified list.
Definition pair.c:1689
fr_pair_afrom_da
fr_pair_t * fr_pair_afrom_da(TALLOC_CTX *ctx, fr_dict_attr_t const *da)
Dynamically allocate a new attribute and assign a fr_dict_attr_t.
Definition pair.c:283
fr_pair_list_init
void fr_pair_list_init(fr_pair_list_t *list)
Initialise a pair list header.
Definition pair.c:46
fr_pair_value_bstrndup
int fr_pair_value_bstrndup(fr_pair_t *vp, char const *src, size_t len, bool tainted)
Copy data into a "string" type value pair.
Definition pair.c:2784
attr_dhcp_overload
HIDDEN fr_dict_attr_t const * attr_dhcp_overload
Definition base.c:66
attr_dhcp_boot_filename
HIDDEN fr_dict_attr_t const * attr_dhcp_boot_filename
Definition base.c:48
attr_dhcp_opcode
HIDDEN fr_dict_attr_t const * attr_dhcp_opcode
Definition base.c:57
attr_dhcp_interface_mtu_size
HIDDEN fr_dict_attr_t const * attr_dhcp_interface_mtu_size
Definition base.c:63
attr_dhcp_subnet_selection_option
HIDDEN fr_dict_attr_t const * attr_dhcp_subnet_selection_option
Definition base.c:69
attr_dhcp_network_subnet
HIDDEN fr_dict_attr_t const * attr_dhcp_network_subnet
Definition base.c:70
attr_dhcp_relay_link_selection
HIDDEN fr_dict_attr_t const * attr_dhcp_relay_link_selection
Definition base.c:68
attr_dhcp_transaction_id
HIDDEN fr_dict_attr_t const * attr_dhcp_transaction_id
Definition base.c:60
attr_dhcp_dhcp_maximum_msg_size
HIDDEN fr_dict_attr_t const * attr_dhcp_dhcp_maximum_msg_size
Definition base.c:62
attr_dhcp_vendor_class_identifier
HIDDEN fr_dict_attr_t const * attr_dhcp_vendor_class_identifier
Definition base.c:67
attr_dhcp_flags
HIDDEN fr_dict_attr_t const * attr_dhcp_flags
Definition base.c:51
attr_dhcp_server_host_name
HIDDEN fr_dict_attr_t const * attr_dhcp_server_host_name
Definition base.c:58
dhcp_header_attrs_len
size_t dhcp_header_attrs_len
Definition base.c:124
dhcp_header_sizes
int dhcp_header_sizes[]
Definition base.c:147
fr_dhcpv4_encode
ssize_t fr_dhcpv4_encode(uint8_t *buffer, size_t buflen, dhcp_packet_t *original, int code, uint32_t xid, fr_pair_list_t *vps)
Definition base.c:336
dhcp_header_attrs
fr_dict_attr_t const ** dhcp_header_attrs[]
Definition base.c:108
fr_dhcpv4_decode_option
ssize_t fr_dhcpv4_decode_option(TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t const *data, size_t data_len, void *decode_ctx)
Decode DHCP option.
Definition decode.c:538
fr_dhcpv4_packet_get_option
uint8_t const * fr_dhcpv4_packet_get_option(dhcp_packet_t const *packet, size_t packet_size, fr_dict_attr_t const *da)
Retrieve a DHCP option from a raw packet buffer.
Definition packet.c:37
fr_dhcpv4_packet_alloc
fr_packet_t * fr_dhcpv4_packet_alloc(uint8_t const *data, ssize_t data_len)
Definition packet.c:395
fr_dhcpv4_packet_encode
int fr_dhcpv4_packet_encode(fr_packet_t *packet, fr_pair_list_t *list)
Definition packet.c:367
fr_dhcpv4_decode
int fr_dhcpv4_decode(TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t const *data, size_t data_len, unsigned int *code)
Definition packet.c:100
attrs.h
VQP attributes.
fr_rand
uint32_t fr_rand(void)
Return a 32-bit random number.
Definition rand.c:105
vp
fr_pair_t * vp
Definition state_machine.c:2262
pair_list_s
Definition pair.h:52
value_pair_s
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
value_pair_s::da
fr_dict_attr_t const *_CONST da
Dictionary attribute defines the attribute number, vendor and type of the pair.
Definition pair.h:69
fr_packet_t::code
unsigned int code
Packet code (type).
Definition packet.h:61
fr_packet_t::id
int id
Packet ID (used to link requests/responses).
Definition packet.h:60
fr_packet_t::data
uint8_t * data
Packet data (body).
Definition packet.h:63
fr_packet_t::data_len
size_t data_len
Length of packet data.
Definition packet.h:64
fr_packet_t
Definition packet.h:56
fr_pair_list_free
void fr_pair_list_free(fr_pair_list_t *list)
Free memory used by a valuepair list.
Definition pair_inline.c:113
fr_pair_list_append
void fr_pair_list_append(fr_pair_list_t *dst, fr_pair_list_t *src)
Appends a list of fr_pair_t from a temporary list to a destination list.
Definition pair_inline.c:182
fr_strerror_printf
#define fr_strerror_printf(_fmt,...)
Log to thread local error buffer.
Definition strerror.h:64
fr_strerror_const_push
#define fr_strerror_const_push(_msg)
Definition strerror.h:227
fr_strerror_const
#define fr_strerror_const(_msg)
Definition strerror.h:223
fr_value_box_from_network
ssize_t fr_value_box_from_network(TALLOC_CTX *ctx, fr_value_box_t *dst, fr_type_t type, fr_dict_attr_t const *enumv, fr_dbuff_t *dbuff, size_t len, bool tainted)
Decode a fr_value_box_t from serialized binary data.
Definition value.c:1754
fr_value_box_cast
int fr_value_box_cast(TALLOC_CTX *ctx, fr_value_box_t *dst, fr_type_t dst_type, fr_dict_attr_t const *dst_enumv, fr_value_box_t const *src)
Convert one type of fr_value_box_t to another.
Definition value.c:3352
data
static fr_slen_t data
Definition value.h:1265
out
static size_t char ** out
Definition value.h:997
Generated by   doxygen 1.9.8