emo/ndhc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8c30c82240
ndhc/ndhc/arp.c

718 lines
23 KiB
C
Raw Normal View History

Fetch the gateway hardware address after receiving a router option in a DHCP lease. Be more aggressive about closing old arp file descriptors. Check the ARP headers to make sure that received ARP packets are addressed to our machine. Whatever bug may have existed before doesn't exist on modern Linux kernels, if it ever did. Use the stored gateway hardware address to validate a restored link in the DS_ARP_GW_CHECK state. If an ARP message is received while we are in a state that does not expect ARP messages, close the ARP socket and log a message.
2011-03-31 08:47:27 +05:30
/* arp.c - arp ping checking
Refactor the ARP code to be similar to the dhcp code -- timeout functions and packet response functions are handled by an array of function pointers indexed by ARP state. Split arp_retransmit() apart into simpler functions. Fix a typo in renewing_timeout() that would result in too-short timeouts that would soak cpu. Call handle_arp_timeout() from the timeout_action() function rather than having explicit hooks in various <dhcpstate>_timeout() functions. Make the function pointer arrays static const.
2011-07-11 14:39:38 +05:30
* Time-stamp: <2011-07-09 17:34:29 njk>
Massive cosmetic patch: update or add copyright headers, untabify, and change all unsigned char to uint8_t.
2011-03-31 09:29:22 +05:30
*
Fetch the gateway hardware address after receiving a router option in a DHCP lease. Be more aggressive about closing old arp file descriptors. Check the ARP headers to make sure that received ARP packets are addressed to our machine. Whatever bug may have existed before doesn't exist on modern Linux kernels, if it ever did. Use the stored gateway hardware address to validate a restored link in the DS_ARP_GW_CHECK state. If an ARP message is received while we are in a state that does not expect ARP messages, close the ARP socket and log a message.
2011-03-31 08:47:27 +05:30
* Copyright 2010-2011 Nicholas J. Kain <njkain@gmail.com>
*
Massive cosmetic patch: update or add copyright headers, untabify, and change all unsigned char to uint8_t.
2011-03-31 09:29:22 +05:30
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
Make sure our assigned address is unique on our segment by using arp.
2010-11-16 06:36:50 +05:30
*/
#include <unistd.h>
Move timeout and arp handling code out to arpping.c and timeout.c.
2010-12-24 20:02:58 +05:30
#include <stdlib.h>
Make sure our assigned address is unique on our segment by using arp.
2010-11-16 06:36:50 +05:30
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/if_ether.h>
Move timeout and arp handling code out to arpping.c and timeout.c.
2010-12-24 20:02:58 +05:30
#include <netinet/in.h>
#include <arpa/inet.h>
Make sure our assigned address is unique on our segment by using arp.
2010-11-16 06:36:50 +05:30
#include <sys/time.h>
Rewrite the ARP ping code to properly use modern interfaces. In detail: - Use AF_PACKET and SOCK_RAW rather than the decade-deprecated SOCK_PACKET interface. - Separate out socket creation code into a subfunction. - Use C99 initializers for packet and address structures. - Cosmetic cleanups.
2011-06-25 22:32:56 +05:30
#include <linux/if_packet.h>
Define a BPF for ARP-listening raw sockets that discriminates by ethernet frame protocol type field, ARP hardware type field, ARP protocol type field, ARP hardware address length field, and ARP protocol address length field.
2011-07-01 10:25:35 +05:30
#include <linux/filter.h>
Remove socket.[ch] : code is merged into packet.c
2011-06-25 20:10:41 +05:30
#include <fcntl.h>
Make sure our assigned address is unique on our segment by using arp.
2010-11-16 06:36:50 +05:30
#include <errno.h>
Rename arpping.[ch] to arp.[ch].
2010-12-24 20:28:47 +05:30
#include "arp.h"
Centralize DHCP timeout, packet reciept, and user-demanded action handling into state.[ch]. Remove timeout.c.
2011-06-30 09:17:31 +05:30
#include "state.h"
Rename packet.[ch] to dhcp.[ch].
2011-07-02 13:21:44 +05:30
#include "dhcp.h"
Move timeout and arp handling code out to arpping.c and timeout.c.
2010-12-24 20:02:58 +05:30
#include "sys.h"
Rename script.[ch] to ifchange.[ch].
2010-12-24 20:42:41 +05:30
#include "ifchange.h"
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
#include "options.h"
Add support for writing lease files.
2011-04-20 02:07:43 +05:30
#include "leasefile.h"
Make sure our assigned address is unique on our segment by using arp.
2010-11-16 06:36:50 +05:30
#include "log.h"
#include "io.h"
Make arp code more robust and refactor it a bit. Handle failure to create arp sockets more gracefully. Add initial support for retransmitting arp requests if no reply is met after a certain number of spurious packets.
2011-03-31 12:02:34 +05:30
#define ARP_MSG_SIZE 0x2a
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
#define ARP_RETRANS_DELAY 5000 // ms
Enable active defense of IP address / lease, as described in RFC5227.
2011-07-05 22:33:55 +05:30
// From RFC5227
#define PROBE_WAIT 1000 // initial random delay
#define PROBE_NUM 3 // number of probe packets
#define PROBE_MIN 1000 // minimum delay until repeated probe
#define PROBE_MAX 2000 // maximum delay until repeated probe
#define ANNOUNCE_WAIT 2000 // delay before announcing
#define ANNOUNCE_NUM 2 // number of Announcement packets
#define ANNOUNCE_INTERVAL 2000 // time between Announcement packets
#define MAX_CONFLICTS 10 // max conflicts before rate-limiting
#define RATE_LIMIT_INTERVAL 60000 // delay between successive attempts
#define DEFEND_INTERVAL 10000 // minimum interval between defensive ARPs
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
typedef enum {
AS_NONE = 0, // Nothing to react to wrt ARP
AS_COLLISION_CHECK, // Checking to see if another host has our IP before
// accepting a new lease.
AS_GW_CHECK, // Seeing if the default GW still exists on the local
// segment after the hardware link was lost.
AS_GW_QUERY, // Finding the default GW MAC address.
AS_DEFENSE, // Defending our IP address (RFC5227)
AS_MAX,
} arp_state_t;
Send probe requests in COLLISION_CHECK state in a way that is compliant with RFC5227. Rate-limiting is also supported. Keep ARP stats per packet send type rather than per ARP state. Use the new stats to replace last_def_ts. Multiple triggers of arp_gw_check from interface-up-events in quick succession could cause the dhcpState to become corrupt. Fix by making the ARP_GW_CHECK be level triggered rather than edge triggered. Make the timeout calculations in the ARP retransmission code much more accurate. Close the ARP fd if we give up on lease defense and go back to requesting a new lease. Do a second arp_announcement() after finding the default GW's hwaddr. Clean up frenew to sanely handle the various ARP checking events. Now renew signals will be ignored during these states. It was particularly insane before if a renew signal were received during DS_COLLISION_CHECK. If the hardware link carrier goes down, do not sleep. Just keep working. Only go to sleep if the user explicitly deconfigures the interface. This change is far more sane for non-mobile hosts, and still works fine with roaming machines: the important thing is the gw hardware address checking that is triggered when the interface comes back up.
2011-07-06 01:10:57 +05:30
typedef enum {
ASEND_COLLISION_CHECK,
ASEND_GW_PING,
ASEND_ANNOUNCE,
ASEND_MAX,
} arp_send_t;
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
static arp_state_t arpState;
struct arp_stats {
long long ts;
int count;
};
Send probe requests in COLLISION_CHECK state in a way that is compliant with RFC5227. Rate-limiting is also supported. Keep ARP stats per packet send type rather than per ARP state. Use the new stats to replace last_def_ts. Multiple triggers of arp_gw_check from interface-up-events in quick succession could cause the dhcpState to become corrupt. Fix by making the ARP_GW_CHECK be level triggered rather than edge triggered. Make the timeout calculations in the ARP retransmission code much more accurate. Close the ARP fd if we give up on lease defense and go back to requesting a new lease. Do a second arp_announcement() after finding the default GW's hwaddr. Clean up frenew to sanely handle the various ARP checking events. Now renew signals will be ignored during these states. It was particularly insane before if a renew signal were received during DS_COLLISION_CHECK. If the hardware link carrier goes down, do not sleep. Just keep working. Only go to sleep if the user explicitly deconfigures the interface. This change is far more sane for non-mobile hosts, and still works fine with roaming machines: the important thing is the gw hardware address checking that is triggered when the interface comes back up.
2011-07-06 01:10:57 +05:30
static struct arp_stats arp_send_stats[ASEND_MAX];
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
static int using_arp_bpf; // Is a BPF installed on the ARP socket?
Send probe requests in COLLISION_CHECK state in a way that is compliant with RFC5227. Rate-limiting is also supported. Keep ARP stats per packet send type rather than per ARP state. Use the new stats to replace last_def_ts. Multiple triggers of arp_gw_check from interface-up-events in quick succession could cause the dhcpState to become corrupt. Fix by making the ARP_GW_CHECK be level triggered rather than edge triggered. Make the timeout calculations in the ARP retransmission code much more accurate. Close the ARP fd if we give up on lease defense and go back to requesting a new lease. Do a second arp_announcement() after finding the default GW's hwaddr. Clean up frenew to sanely handle the various ARP checking events. Now renew signals will be ignored during these states. It was particularly insane before if a renew signal were received during DS_COLLISION_CHECK. If the hardware link carrier goes down, do not sleep. Just keep working. Only go to sleep if the user explicitly deconfigures the interface. This change is far more sane for non-mobile hosts, and still works fine with roaming machines: the important thing is the gw hardware address checking that is triggered when the interface comes back up.
2011-07-06 01:10:57 +05:30
Enable active defense of IP address / lease, as described in RFC5227.
2011-07-05 22:33:55 +05:30
int arp_relentless_def; // Don't give up defense no matter what.
static long long last_conflict_ts; // TS of the last conflicting ARP seen.
static long long pending_def_ts; // TS of the upcoming defense ARP send.
static int def_old_oldTimeout; // Old value of cs->oldTimeout.
Make arp code more robust and refactor it a bit. Handle failure to create arp sockets more gracefully. Add initial support for retransmitting arp requests if no reply is met after a certain number of spurious packets.
2011-03-31 12:02:34 +05:30
Send probe requests in COLLISION_CHECK state in a way that is compliant with RFC5227. Rate-limiting is also supported. Keep ARP stats per packet send type rather than per ARP state. Use the new stats to replace last_def_ts. Multiple triggers of arp_gw_check from interface-up-events in quick succession could cause the dhcpState to become corrupt. Fix by making the ARP_GW_CHECK be level triggered rather than edge triggered. Make the timeout calculations in the ARP retransmission code much more accurate. Close the ARP fd if we give up on lease defense and go back to requesting a new lease. Do a second arp_announcement() after finding the default GW's hwaddr. Clean up frenew to sanely handle the various ARP checking events. Now renew signals will be ignored during these states. It was particularly insane before if a renew signal were received during DS_COLLISION_CHECK. If the hardware link carrier goes down, do not sleep. Just keep working. Only go to sleep if the user explicitly deconfigures the interface. This change is far more sane for non-mobile hosts, and still works fine with roaming machines: the important thing is the gw hardware address checking that is triggered when the interface comes back up.
2011-07-06 01:10:57 +05:30
static int gw_check_init_pingcount; // Initial count of ASEND_GW_PING when
// AS_GW_CHECK was entered.
static long long collision_check_init_ts; // Initial ts when COLLISION_CHECK
// was entered.
static uint16_t probe_wait_time; // Time to wait for a COLLISION_CHECK reply.
static unsigned int total_conflicts; // Total number of address conflicts on
// the interface. Never decreases.
Only perform arpreply_clear() after consuming an arp packet in handle_arp_response() and when opening a new arp fd. Do not clear the arpreply buffer and offset on ARP state transitions. Only perform ARP collision probing when binding a new lease from the DS_REQUESTING state, or if we have renewed or rebound a lease with a different IP than we had before. Resequence the arp_dhcp_packet memcpy() in arp_check() so that the current IP address is ARP checked rather than the previous one.
2011-07-06 18:56:07 +05:30
static struct dhcpmsg arp_dhcp_packet; // Used only for AS_COLLISION_CHECK
Move timeout and arp handling code out to arpping.c and timeout.c.
2010-12-24 20:02:58 +05:30
static struct arpMsg arpreply;
static int arpreply_offset;
Only perform arpreply_clear() after consuming an arp packet in handle_arp_response() and when opening a new arp fd. Do not clear the arpreply buffer and offset on ARP state transitions. Only perform ARP collision probing when binding a new lease from the DS_REQUESTING state, or if we have renewed or rebound a lease with a different IP than we had before. Resequence the arp_dhcp_packet memcpy() in arp_check() so that the current IP address is ARP checked rather than the previous one.
2011-07-06 18:56:07 +05:30
static void arpreply_clear(void)
{
memset(&arpreply, 0, sizeof arpreply);
arpreply_offset = 0;
}
Make arp code more robust and refactor it a bit. Handle failure to create arp sockets more gracefully. Add initial support for retransmitting arp requests if no reply is met after a certain number of spurious packets.
2011-03-31 12:02:34 +05:30
Send probe requests in COLLISION_CHECK state in a way that is compliant with RFC5227. Rate-limiting is also supported. Keep ARP stats per packet send type rather than per ARP state. Use the new stats to replace last_def_ts. Multiple triggers of arp_gw_check from interface-up-events in quick succession could cause the dhcpState to become corrupt. Fix by making the ARP_GW_CHECK be level triggered rather than edge triggered. Make the timeout calculations in the ARP retransmission code much more accurate. Close the ARP fd if we give up on lease defense and go back to requesting a new lease. Do a second arp_announcement() after finding the default GW's hwaddr. Clean up frenew to sanely handle the various ARP checking events. Now renew signals will be ignored during these states. It was particularly insane before if a renew signal were received during DS_COLLISION_CHECK. If the hardware link carrier goes down, do not sleep. Just keep working. Only go to sleep if the user explicitly deconfigures the interface. This change is far more sane for non-mobile hosts, and still works fine with roaming machines: the important thing is the gw hardware address checking that is triggered when the interface comes back up.
2011-07-06 01:10:57 +05:30
void arp_reset_send_stats(void)
{
for (int i = 0; i < ASEND_MAX; ++i) {
arp_send_stats[i].ts = 0;
arp_send_stats[i].count = 0;
}
}
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
static void arp_set_bpf_basic(int fd)
Make sure our assigned address is unique on our segment by using arp.
2010-11-16 06:36:50 +05:30
{
BPF's load instructions automatically convert the loaded argument from host to network byte order, thus BPF is endian independent. Make the ARP BPF static const again.
2011-07-01 12:07:19 +05:30
static const struct sock_filter sf_arp[] = {
Optimize the ARP BPF bytecode to use fewer instructions.
2011-07-01 12:19:19 +05:30
// Verify that the frame has ethernet protocol type of ARP
// and that the ARP hardware type field indicates Ethernet.
BPF_STMT(BPF_LD + BPF_W + BPF_ABS, 12),
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, (ETH_P_ARP << 16) | ARPHRD_ETHER,
1, 0),
Define a BPF for ARP-listening raw sockets that discriminates by ethernet frame protocol type field, ARP hardware type field, ARP protocol type field, ARP hardware address length field, and ARP protocol address length field.
2011-07-01 10:25:35 +05:30
BPF_STMT(BPF_RET + BPF_K, 0),
Optimize the ARP BPF bytecode to use fewer instructions.
2011-07-01 12:19:19 +05:30
// Verify that the ARP protocol type field indicates IP, the ARP
// hardware address length field is 6, and the ARP protocol address
// length field is 4.
BPF_STMT(BPF_LD + BPF_W + BPF_ABS, 16),
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, (ETH_P_IP << 16) | 0x0604, 1, 0),
Define a BPF for ARP-listening raw sockets that discriminates by ethernet frame protocol type field, ARP hardware type field, ARP protocol type field, ARP hardware address length field, and ARP protocol address length field.
2011-07-01 10:25:35 +05:30
BPF_STMT(BPF_RET + BPF_K, 0),
// Sanity tests passed, so send all possible data.
Randomize the DHCP timeout by +[0,1000]ms to comply with RFC.
2011-07-06 18:16:05 +05:30
BPF_STMT(BPF_RET + BPF_K, 0x7fffffff),
Define a BPF for ARP-listening raw sockets that discriminates by ethernet frame protocol type field, ARP hardware type field, ARP protocol type field, ARP hardware address length field, and ARP protocol address length field.
2011-07-01 10:25:35 +05:30
};
BPF's load instructions automatically convert the loaded argument from host to network byte order, thus BPF is endian independent. Make the ARP BPF static const again.
2011-07-01 12:07:19 +05:30
static const struct sock_fprog sfp_arp = {
Define a BPF for ARP-listening raw sockets that discriminates by ethernet frame protocol type field, ARP hardware type field, ARP protocol type field, ARP hardware address length field, and ARP protocol address length field.
2011-07-01 10:25:35 +05:30
.len = sizeof sf_arp / sizeof sf_arp[0],
.filter = (struct sock_filter *)sf_arp,
};
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
using_arp_bpf = setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER, &sfp_arp,
sizeof sfp_arp) != -1;
}
static void arp_set_bpf_defense(struct client_state_t *cs, int fd)
{
uint32_t mac4b;
uint16_t mac2b;
memcpy(&mac4b, client_config.arp, 4);
memcpy(&mac2b, client_config.arp+4, 2);
struct sock_filter sf_arp[] = {
// Verify that the frame has ethernet protocol type of ARP
// and that the ARP hardware type field indicates Ethernet.
BPF_STMT(BPF_LD + BPF_W + BPF_ABS, 12),
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, (ETH_P_ARP << 16) | ARPHRD_ETHER,
1, 0),
BPF_STMT(BPF_RET + BPF_K, 0),
// Verify that the ARP protocol type field indicates IP, the ARP
// hardware address length field is 6, and the ARP protocol address
// length field is 4.
BPF_STMT(BPF_LD + BPF_W + BPF_ABS, 16),
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, (ETH_P_IP << 16) | 0x0604, 1, 0),
BPF_STMT(BPF_RET + BPF_K, 0),
// If the ARP packet source IP does not match our IP address, then
// it can be ignored.
BPF_STMT(BPF_LD + BPF_W + BPF_ABS, 28),
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, cs->clientAddr, 1, 0),
BPF_STMT(BPF_RET + BPF_K, 0),
// If the first four bytes of the ARP packet source hardware address
// does not equal our hardware address, then it's a conflict and should
// be passed along.
BPF_STMT(BPF_LD + BPF_W + BPF_ABS, 22),
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, mac4b, 1, 0),
Randomize the DHCP timeout by +[0,1000]ms to comply with RFC.
2011-07-06 18:16:05 +05:30
BPF_STMT(BPF_RET + BPF_K, 0x7fffffff),
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
// If the last two bytes of the ARP packet source hardware address
// do not equal our hardware address, then it's a conflict and should
// be passed along.
BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 26),
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, mac2b, 1, 0),
Randomize the DHCP timeout by +[0,1000]ms to comply with RFC.
2011-07-06 18:16:05 +05:30
BPF_STMT(BPF_RET + BPF_K, 0x7fffffff),
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
// Packet announces our IP address and hardware address, so it requires
// no action.
BPF_STMT(BPF_RET + BPF_K, 0),
};
struct sock_fprog sfp_arp = {
.len = sizeof sf_arp / sizeof sf_arp[0],
.filter = (struct sock_filter *)sf_arp,
};
using_arp_bpf = setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER, &sfp_arp,
sizeof sfp_arp) != -1;
}
Define a BPF for ARP-listening raw sockets that discriminates by ethernet frame protocol type field, ARP hardware type field, ARP protocol type field, ARP hardware address length field, and ARP protocol address length field.
2011-07-01 10:25:35 +05:30
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
static int arp_open_fd(struct client_state_t *cs)
{
Tell the kernel not to attempt routing table lookups for sent DHCP traffic: - Use SO_DONTROUTE for dhcp listen and send sockets (both raw and udp). More paranoia against packets being sent to incorrect interfaces: - Bind arp socket to a specific interface via bind(). - Use SO_BINDTODEVICE for udp send sockets. It was already used for udp listen sockets. Flatten indentation in arp_(open|close)_fd(). Use C99 initializers in packet.c. Add more error message prints to packet.c.
2011-06-26 02:01:21 +05:30
if (cs->arpFd != -1)
return 0;
Make sure our assigned address is unique on our segment by using arp.
2010-11-16 06:36:50 +05:30
Tell the kernel not to attempt routing table lookups for sent DHCP traffic: - Use SO_DONTROUTE for dhcp listen and send sockets (both raw and udp). More paranoia against packets being sent to incorrect interfaces: - Bind arp socket to a specific interface via bind(). - Use SO_BINDTODEVICE for udp send sockets. It was already used for udp listen sockets. Flatten indentation in arp_(open|close)_fd(). Use C99 initializers in packet.c. Add more error message prints to packet.c.
2011-06-26 02:01:21 +05:30
int fd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ARP));
if (fd == -1) {
log_error("arp: failed to create socket: %s", strerror(errno));
goto out;
Make sure our assigned address is unique on our segment by using arp.
2010-11-16 06:36:50 +05:30
}
Tell the kernel not to attempt routing table lookups for sent DHCP traffic: - Use SO_DONTROUTE for dhcp listen and send sockets (both raw and udp). More paranoia against packets being sent to incorrect interfaces: - Bind arp socket to a specific interface via bind(). - Use SO_BINDTODEVICE for udp send sockets. It was already used for udp listen sockets. Flatten indentation in arp_(open|close)_fd(). Use C99 initializers in packet.c. Add more error message prints to packet.c.
2011-06-26 02:01:21 +05:30
int opt = 1;
if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &opt, sizeof opt) == -1) {
log_error("arp: failed to set broadcast: %s", strerror(errno));
goto out_fd;
}
if (fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) | O_NONBLOCK) == -1) {
log_error("arp: failed to set non-blocking: %s", strerror(errno));
goto out_fd;
}
struct sockaddr_ll saddr = {
.sll_family = AF_PACKET,
.sll_protocol = htons(ETH_P_ARP),
.sll_ifindex = client_config.ifindex,
};
if (bind(fd, (struct sockaddr *)&saddr, sizeof(struct sockaddr_ll)) < 0) {
log_error("arp: bind failed: %s", strerror(errno));
goto out_fd;
}
cs->arpFd = fd;
epoll_add(cs, fd);
Only perform arpreply_clear() after consuming an arp packet in handle_arp_response() and when opening a new arp fd. Do not clear the arpreply buffer and offset on ARP state transitions. Only perform ARP collision probing when binding a new lease from the DS_REQUESTING state, or if we have renewed or rebound a lease with a different IP than we had before. Resequence the arp_dhcp_packet memcpy() in arp_check() so that the current IP address is ARP checked rather than the previous one.
2011-07-06 18:56:07 +05:30
arpreply_clear();
Rewrite the ARP ping code to properly use modern interfaces. In detail: - Use AF_PACKET and SOCK_RAW rather than the decade-deprecated SOCK_PACKET interface. - Separate out socket creation code into a subfunction. - Use C99 initializers for packet and address structures. - Cosmetic cleanups.
2011-06-25 22:32:56 +05:30
return 0;
Tell the kernel not to attempt routing table lookups for sent DHCP traffic: - Use SO_DONTROUTE for dhcp listen and send sockets (both raw and udp). More paranoia against packets being sent to incorrect interfaces: - Bind arp socket to a specific interface via bind(). - Use SO_BINDTODEVICE for udp send sockets. It was already used for udp listen sockets. Flatten indentation in arp_(open|close)_fd(). Use C99 initializers in packet.c. Add more error message prints to packet.c.
2011-06-26 02:01:21 +05:30
out_fd:
close(fd);
out:
return -1;
Rewrite the ARP ping code to properly use modern interfaces. In detail: - Use AF_PACKET and SOCK_RAW rather than the decade-deprecated SOCK_PACKET interface. - Separate out socket creation code into a subfunction. - Use C99 initializers for packet and address structures. - Cosmetic cleanups.
2011-06-25 22:32:56 +05:30
}
If sending on the arp fd fails, then re-open the arp fd and restore arp state to what it was before closing the fd. It may allow the client to continue working in the face of error, as arp functionality is not critical for simply holding a lease.
2011-07-05 08:05:53 +05:30
static void arp_switch_state(struct client_state_t *cs, arp_state_t state)
{
arp_state_t prev_state = arpState;
if (arpState == state || arpState >= AS_MAX)
return;
arpState = state;
if (arpState == AS_NONE) {
arp_close_fd(cs);
return;
}
if (cs->arpFd == -1) {
if (arp_open_fd(cs) == -1)
suicide("arp: failed to open arpFd when changing state to %u",
arpState);
if (arpState != AS_DEFENSE)
arp_set_bpf_basic(cs->arpFd);
}
if (arpState == AS_DEFENSE) {
arp_set_bpf_defense(cs, cs->arpFd);
return;
}
if (prev_state == AS_DEFENSE) {
arp_set_bpf_basic(cs->arpFd);
return;
}
}
Make frenew() less insane. It was most likely subtly buggy before depending on state.
2011-06-30 13:13:09 +05:30
int arp_close_fd(struct client_state_t *cs)
Rewrite the ARP ping code to properly use modern interfaces. In detail: - Use AF_PACKET and SOCK_RAW rather than the decade-deprecated SOCK_PACKET interface. - Separate out socket creation code into a subfunction. - Use C99 initializers for packet and address structures. - Cosmetic cleanups.
2011-06-25 22:32:56 +05:30
{
Tell the kernel not to attempt routing table lookups for sent DHCP traffic: - Use SO_DONTROUTE for dhcp listen and send sockets (both raw and udp). More paranoia against packets being sent to incorrect interfaces: - Bind arp socket to a specific interface via bind(). - Use SO_BINDTODEVICE for udp send sockets. It was already used for udp listen sockets. Flatten indentation in arp_(open|close)_fd(). Use C99 initializers in packet.c. Add more error message prints to packet.c.
2011-06-26 02:01:21 +05:30
if (cs->arpFd == -1)
Make frenew() less insane. It was most likely subtly buggy before depending on state.
2011-06-30 13:13:09 +05:30
return 0;
Tell the kernel not to attempt routing table lookups for sent DHCP traffic: - Use SO_DONTROUTE for dhcp listen and send sockets (both raw and udp). More paranoia against packets being sent to incorrect interfaces: - Bind arp socket to a specific interface via bind(). - Use SO_BINDTODEVICE for udp send sockets. It was already used for udp listen sockets. Flatten indentation in arp_(open|close)_fd(). Use C99 initializers in packet.c. Add more error message prints to packet.c.
2011-06-26 02:01:21 +05:30
epoll_del(cs, cs->arpFd);
close(cs->arpFd);
cs->arpFd = -1;
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
arpState = AS_NONE;
Make frenew() less insane. It was most likely subtly buggy before depending on state.
2011-06-30 13:13:09 +05:30
return 1;
Rewrite the ARP ping code to properly use modern interfaces. In detail: - Use AF_PACKET and SOCK_RAW rather than the decade-deprecated SOCK_PACKET interface. - Separate out socket creation code into a subfunction. - Use C99 initializers for packet and address structures. - Cosmetic cleanups.
2011-06-25 22:32:56 +05:30
}
If sending on the arp fd fails, then re-open the arp fd and restore arp state to what it was before closing the fd. It may allow the client to continue working in the face of error, as arp functionality is not critical for simply holding a lease.
2011-07-05 08:05:53 +05:30
static int arp_reopen_fd(struct client_state_t *cs)
{
arp_state_t prev_state = arpState;
arp_close_fd(cs);
if (arp_open_fd(cs) == -1) {
log_warning("arp_reopen_fd: Failed to open. Something is very wrong.");
log_warning("arp_reopen_fd: Client will still run, but functionality will be degraded.");
return -1;
}
arp_switch_state(cs, prev_state);
return 0;
}
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
static int arp_send(struct client_state_t *cs, struct arpMsg *arp)
Rewrite the ARP ping code to properly use modern interfaces. In detail: - Use AF_PACKET and SOCK_RAW rather than the decade-deprecated SOCK_PACKET interface. - Separate out socket creation code into a subfunction. - Use C99 initializers for packet and address structures. - Cosmetic cleanups.
2011-06-25 22:32:56 +05:30
{
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
struct sockaddr_ll addr = {
.sll_family = AF_PACKET,
.sll_ifindex = client_config.ifindex,
.sll_halen = 6,
};
memcpy(addr.sll_addr, client_config.arp, 6);
If sending on the arp fd fails, then re-open the arp fd and restore arp state to what it was before closing the fd. It may allow the client to continue working in the face of error, as arp functionality is not critical for simply holding a lease.
2011-07-05 08:05:53 +05:30
if (cs->arpFd == -1) {
log_warning("arp_send: Send attempted when no ARP fd is open.");
return -1;
}
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
if (safe_sendto(cs->arpFd, (const char *)arp, sizeof *arp,
0, (struct sockaddr *)&addr, sizeof addr) < 0) {
log_error("arp: sendto failed: %s", strerror(errno));
If sending on the arp fd fails, then re-open the arp fd and restore arp state to what it was before closing the fd. It may allow the client to continue working in the face of error, as arp functionality is not critical for simply holding a lease.
2011-07-05 08:05:53 +05:30
arp_reopen_fd(cs);
Rewrite the ARP ping code to properly use modern interfaces. In detail: - Use AF_PACKET and SOCK_RAW rather than the decade-deprecated SOCK_PACKET interface. - Separate out socket creation code into a subfunction. - Use C99 initializers for packet and address structures. - Cosmetic cleanups.
2011-06-25 22:32:56 +05:30
return -1;
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
}
return 0;
}
Rewrite the ARP ping code to properly use modern interfaces. In detail: - Use AF_PACKET and SOCK_RAW rather than the decade-deprecated SOCK_PACKET interface. - Separate out socket creation code into a subfunction. - Use C99 initializers for packet and address structures. - Cosmetic cleanups.
2011-06-25 22:32:56 +05:30
Refactor the common ARP structure fields between arp sending functions into the BASE_ARPMSG() macro to make it more obvious what is shared. Resequence the gateway arp address print and the arp state change to AS_DEFENSE so that the debug prints are less confusing. No other change.
2011-07-05 05:49:30 +05:30
#define BASE_ARPMSG() struct arpMsg arp = { \
.h_proto = htons(ETH_P_ARP), \
.htype = htons(ARPHRD_ETHER), \
.ptype = htons(ETH_P_IP), \
.hlen = 6, .plen = 4, \
.operation = htons(ARPOP_REQUEST), }; \
memcpy(arp.h_source, client_config.arp, 6); \
memset(arp.h_dest, 0xff, 6); \
memcpy(arp.smac, client_config.arp, 6)
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
// Returns 0 on success, -1 on failure.
static int arp_ping(struct client_state_t *cs, uint32_t test_ip)
{
Refactor the common ARP structure fields between arp sending functions into the BASE_ARPMSG() macro to make it more obvious what is shared. Resequence the gateway arp address print and the arp state change to AS_DEFENSE so that the debug prints are less confusing. No other change.
2011-07-05 05:49:30 +05:30
BASE_ARPMSG();
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
memcpy(arp.sip4, &cs->clientAddr, sizeof cs->clientAddr);
Refactor the common ARP structure fields between arp sending functions into the BASE_ARPMSG() macro to make it more obvious what is shared. Resequence the gateway arp address print and the arp state change to AS_DEFENSE so that the debug prints are less confusing. No other change.
2011-07-05 05:49:30 +05:30
memcpy(arp.dip4, &test_ip, sizeof test_ip);
Send probe requests in COLLISION_CHECK state in a way that is compliant with RFC5227. Rate-limiting is also supported. Keep ARP stats per packet send type rather than per ARP state. Use the new stats to replace last_def_ts. Multiple triggers of arp_gw_check from interface-up-events in quick succession could cause the dhcpState to become corrupt. Fix by making the ARP_GW_CHECK be level triggered rather than edge triggered. Make the timeout calculations in the ARP retransmission code much more accurate. Close the ARP fd if we give up on lease defense and go back to requesting a new lease. Do a second arp_announcement() after finding the default GW's hwaddr. Clean up frenew to sanely handle the various ARP checking events. Now renew signals will be ignored during these states. It was particularly insane before if a renew signal were received during DS_COLLISION_CHECK. If the hardware link carrier goes down, do not sleep. Just keep working. Only go to sleep if the user explicitly deconfigures the interface. This change is far more sane for non-mobile hosts, and still works fine with roaming machines: the important thing is the gw hardware address checking that is triggered when the interface comes back up.
2011-07-06 01:10:57 +05:30
if (arp_send(cs, &arp) == -1)
return -1;
arp_send_stats[ASEND_GW_PING].count++;
arp_send_stats[ASEND_GW_PING].ts = curms();
return 0;
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
}
Rewrite the ARP ping code to properly use modern interfaces. In detail: - Use AF_PACKET and SOCK_RAW rather than the decade-deprecated SOCK_PACKET interface. - Separate out socket creation code into a subfunction. - Use C99 initializers for packet and address structures. - Cosmetic cleanups.
2011-06-25 22:32:56 +05:30
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
// Returns 0 on success, -1 on failure.
static int arp_ip_anon_ping(struct client_state_t *cs, uint32_t test_ip)
{
Refactor the common ARP structure fields between arp sending functions into the BASE_ARPMSG() macro to make it more obvious what is shared. Resequence the gateway arp address print and the arp state change to AS_DEFENSE so that the debug prints are less confusing. No other change.
2011-07-05 05:49:30 +05:30
BASE_ARPMSG();
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
memcpy(arp.dip4, &test_ip, sizeof test_ip);
Send probe requests in COLLISION_CHECK state in a way that is compliant with RFC5227. Rate-limiting is also supported. Keep ARP stats per packet send type rather than per ARP state. Use the new stats to replace last_def_ts. Multiple triggers of arp_gw_check from interface-up-events in quick succession could cause the dhcpState to become corrupt. Fix by making the ARP_GW_CHECK be level triggered rather than edge triggered. Make the timeout calculations in the ARP retransmission code much more accurate. Close the ARP fd if we give up on lease defense and go back to requesting a new lease. Do a second arp_announcement() after finding the default GW's hwaddr. Clean up frenew to sanely handle the various ARP checking events. Now renew signals will be ignored during these states. It was particularly insane before if a renew signal were received during DS_COLLISION_CHECK. If the hardware link carrier goes down, do not sleep. Just keep working. Only go to sleep if the user explicitly deconfigures the interface. This change is far more sane for non-mobile hosts, and still works fine with roaming machines: the important thing is the gw hardware address checking that is triggered when the interface comes back up.
2011-07-06 01:10:57 +05:30
if (arp_send(cs, &arp) == -1)
return -1;
arp_send_stats[ASEND_COLLISION_CHECK].count++;
arp_send_stats[ASEND_COLLISION_CHECK].ts = curms();
return 0;
Make sure our assigned address is unique on our segment by using arp.
2010-11-16 06:36:50 +05:30
}
Move timeout and arp handling code out to arpping.c and timeout.c.
2010-12-24 20:02:58 +05:30
Send an ARP announcement after getting a new lease.
2011-07-02 15:18:24 +05:30
static int arp_announcement(struct client_state_t *cs)
{
Refactor the common ARP structure fields between arp sending functions into the BASE_ARPMSG() macro to make it more obvious what is shared. Resequence the gateway arp address print and the arp state change to AS_DEFENSE so that the debug prints are less confusing. No other change.
2011-07-05 05:49:30 +05:30
BASE_ARPMSG();
Send an ARP announcement after getting a new lease.
2011-07-02 15:18:24 +05:30
memcpy(arp.sip4, &cs->clientAddr, 4);
memcpy(arp.dip4, &cs->clientAddr, 4);
Send probe requests in COLLISION_CHECK state in a way that is compliant with RFC5227. Rate-limiting is also supported. Keep ARP stats per packet send type rather than per ARP state. Use the new stats to replace last_def_ts. Multiple triggers of arp_gw_check from interface-up-events in quick succession could cause the dhcpState to become corrupt. Fix by making the ARP_GW_CHECK be level triggered rather than edge triggered. Make the timeout calculations in the ARP retransmission code much more accurate. Close the ARP fd if we give up on lease defense and go back to requesting a new lease. Do a second arp_announcement() after finding the default GW's hwaddr. Clean up frenew to sanely handle the various ARP checking events. Now renew signals will be ignored during these states. It was particularly insane before if a renew signal were received during DS_COLLISION_CHECK. If the hardware link carrier goes down, do not sleep. Just keep working. Only go to sleep if the user explicitly deconfigures the interface. This change is far more sane for non-mobile hosts, and still works fine with roaming machines: the important thing is the gw hardware address checking that is triggered when the interface comes back up.
2011-07-06 01:10:57 +05:30
if (arp_send(cs, &arp) == -1)
return -1;
arp_send_stats[ASEND_ANNOUNCE].count++;
arp_send_stats[ASEND_ANNOUNCE].ts = curms();
return 0;
Send an ARP announcement after getting a new lease.
2011-07-02 15:18:24 +05:30
}
Refactor the common ARP structure fields between arp sending functions into the BASE_ARPMSG() macro to make it more obvious what is shared. Resequence the gateway arp address print and the arp state change to AS_DEFENSE so that the debug prints are less confusing. No other change.
2011-07-05 05:49:30 +05:30
#undef BASE_ARPMSG
Send an ARP announcement after getting a new lease.
2011-07-02 15:18:24 +05:30
Only perform arpreply_clear() after consuming an arp packet in handle_arp_response() and when opening a new arp fd. Do not clear the arpreply buffer and offset on ARP state transitions. Only perform ARP collision probing when binding a new lease from the DS_REQUESTING state, or if we have renewed or rebound a lease with a different IP than we had before. Resequence the arp_dhcp_packet memcpy() in arp_check() so that the current IP address is ARP checked rather than the previous one.
2011-07-06 18:56:07 +05:30
// Callable from DS_REQUESTING, DS_RENEWING, or DS_REBINDING via an_packet()
Remove pointless length-checking in get_raw_packet() that can never be triggered because safe_read() already protects against reads longer than a DHCP packet in length. Lots of cosmetic cleanups. Highlights: - Remove pointless enums that just define sizeof for various structures. - Rename struct dhcpMessage to struct dhcpmsg.
2011-06-27 02:55:00 +05:30
int arp_check(struct client_state_t *cs, struct dhcpmsg *packet)
Move timeout and arp handling code out to arpping.c and timeout.c.
2010-12-24 20:02:58 +05:30
{
Only perform arpreply_clear() after consuming an arp packet in handle_arp_response() and when opening a new arp fd. Do not clear the arpreply buffer and offset on ARP state transitions. Only perform ARP collision probing when binding a new lease from the DS_REQUESTING state, or if we have renewed or rebound a lease with a different IP than we had before. Resequence the arp_dhcp_packet memcpy() in arp_check() so that the current IP address is ARP checked rather than the previous one.
2011-07-06 18:56:07 +05:30
memcpy(&arp_dhcp_packet, packet, sizeof (struct dhcpmsg));
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
arp_switch_state(cs, AS_COLLISION_CHECK);
Send probe requests in COLLISION_CHECK state in a way that is compliant with RFC5227. Rate-limiting is also supported. Keep ARP stats per packet send type rather than per ARP state. Use the new stats to replace last_def_ts. Multiple triggers of arp_gw_check from interface-up-events in quick succession could cause the dhcpState to become corrupt. Fix by making the ARP_GW_CHECK be level triggered rather than edge triggered. Make the timeout calculations in the ARP retransmission code much more accurate. Close the ARP fd if we give up on lease defense and go back to requesting a new lease. Do a second arp_announcement() after finding the default GW's hwaddr. Clean up frenew to sanely handle the various ARP checking events. Now renew signals will be ignored during these states. It was particularly insane before if a renew signal were received during DS_COLLISION_CHECK. If the hardware link carrier goes down, do not sleep. Just keep working. Only go to sleep if the user explicitly deconfigures the interface. This change is far more sane for non-mobile hosts, and still works fine with roaming machines: the important thing is the gw hardware address checking that is triggered when the interface comes back up.
2011-07-06 01:10:57 +05:30
log_line("arp: Probing for hosts that may conflict with our lease...");
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
if (arp_ip_anon_ping(cs, arp_dhcp_packet.yiaddr) == -1)
Make arp code more robust and refactor it a bit. Handle failure to create arp sockets more gracefully. Add initial support for retransmitting arp requests if no reply is met after a certain number of spurious packets.
2011-03-31 12:02:34 +05:30
return -1;
Move timeout and arp handling code out to arpping.c and timeout.c.
2010-12-24 20:02:58 +05:30
cs->arpPrevState = cs->dhcpState;
Rename DS_ARP_CHECK to the less confusing DS_COLLISION_CHECK. Call arp_reopen_fd() if reading from the arp fd fails in any state other than AS_COLLISION_CHECK or AS_GW_CHECK.
2011-07-05 08:29:07 +05:30
cs->dhcpState = DS_COLLISION_CHECK;
Send probe requests in COLLISION_CHECK state in a way that is compliant with RFC5227. Rate-limiting is also supported. Keep ARP stats per packet send type rather than per ARP state. Use the new stats to replace last_def_ts. Multiple triggers of arp_gw_check from interface-up-events in quick succession could cause the dhcpState to become corrupt. Fix by making the ARP_GW_CHECK be level triggered rather than edge triggered. Make the timeout calculations in the ARP retransmission code much more accurate. Close the ARP fd if we give up on lease defense and go back to requesting a new lease. Do a second arp_announcement() after finding the default GW's hwaddr. Clean up frenew to sanely handle the various ARP checking events. Now renew signals will be ignored during these states. It was particularly insane before if a renew signal were received during DS_COLLISION_CHECK. If the hardware link carrier goes down, do not sleep. Just keep working. Only go to sleep if the user explicitly deconfigures the interface. This change is far more sane for non-mobile hosts, and still works fine with roaming machines: the important thing is the gw hardware address checking that is triggered when the interface comes back up.
2011-07-06 01:10:57 +05:30
collision_check_init_ts = arp_send_stats[ASEND_COLLISION_CHECK].ts;
cs->timeout = probe_wait_time = PROBE_WAIT;
Make arp code more robust and refactor it a bit. Handle failure to create arp sockets more gracefully. Add initial support for retransmitting arp requests if no reply is met after a certain number of spurious packets.
2011-03-31 12:02:34 +05:30
return 0;
Move timeout and arp handling code out to arpping.c and timeout.c.
2010-12-24 20:02:58 +05:30
}
If sending on the arp fd fails, then re-open the arp fd and restore arp state to what it was before closing the fd. It may allow the client to continue working in the face of error, as arp functionality is not critical for simply holding a lease.
2011-07-05 08:05:53 +05:30
// Callable only from DS_BOUND via state.c:ifup_action().
Make arp code more robust and refactor it a bit. Handle failure to create arp sockets more gracefully. Add initial support for retransmitting arp requests if no reply is met after a certain number of spurious packets.
2011-03-31 12:02:34 +05:30
int arp_gw_check(struct client_state_t *cs)
If physical link state changes to UP and a lease is bound, check to see if the currently assigned gateway/router still replies to ARP queries. If so, keep the lease. If not, get a new lease. Save the IP address of the current gateway/router. Remove an outdated check for a buggy compiler. Fix a typo in the previous commit that caused timeouts to be 1000x faster than they should be.
2011-03-31 05:43:48 +05:30
{
Send probe requests in COLLISION_CHECK state in a way that is compliant with RFC5227. Rate-limiting is also supported. Keep ARP stats per packet send type rather than per ARP state. Use the new stats to replace last_def_ts. Multiple triggers of arp_gw_check from interface-up-events in quick succession could cause the dhcpState to become corrupt. Fix by making the ARP_GW_CHECK be level triggered rather than edge triggered. Make the timeout calculations in the ARP retransmission code much more accurate. Close the ARP fd if we give up on lease defense and go back to requesting a new lease. Do a second arp_announcement() after finding the default GW's hwaddr. Clean up frenew to sanely handle the various ARP checking events. Now renew signals will be ignored during these states. It was particularly insane before if a renew signal were received during DS_COLLISION_CHECK. If the hardware link carrier goes down, do not sleep. Just keep working. Only go to sleep if the user explicitly deconfigures the interface. This change is far more sane for non-mobile hosts, and still works fine with roaming machines: the important thing is the gw hardware address checking that is triggered when the interface comes back up.
2011-07-06 01:10:57 +05:30
if (arpState == AS_GW_CHECK) // Guard against state bounce.
return 0;
gw_check_init_pingcount = arp_send_stats[ASEND_GW_PING].count;
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
if (arp_ping(cs, cs->routerAddr) == -1)
Make arp code more robust and refactor it a bit. Handle failure to create arp sockets more gracefully. Add initial support for retransmitting arp requests if no reply is met after a certain number of spurious packets.
2011-03-31 12:02:34 +05:30
return -1;
Send probe requests in COLLISION_CHECK state in a way that is compliant with RFC5227. Rate-limiting is also supported. Keep ARP stats per packet send type rather than per ARP state. Use the new stats to replace last_def_ts. Multiple triggers of arp_gw_check from interface-up-events in quick succession could cause the dhcpState to become corrupt. Fix by making the ARP_GW_CHECK be level triggered rather than edge triggered. Make the timeout calculations in the ARP retransmission code much more accurate. Close the ARP fd if we give up on lease defense and go back to requesting a new lease. Do a second arp_announcement() after finding the default GW's hwaddr. Clean up frenew to sanely handle the various ARP checking events. Now renew signals will be ignored during these states. It was particularly insane before if a renew signal were received during DS_COLLISION_CHECK. If the hardware link carrier goes down, do not sleep. Just keep working. Only go to sleep if the user explicitly deconfigures the interface. This change is far more sane for non-mobile hosts, and still works fine with roaming machines: the important thing is the gw hardware address checking that is triggered when the interface comes back up.
2011-07-06 01:10:57 +05:30
arp_switch_state(cs, AS_GW_CHECK);
If physical link state changes to UP and a lease is bound, check to see if the currently assigned gateway/router still replies to ARP queries. If so, keep the lease. If not, get a new lease. Save the IP address of the current gateway/router. Remove an outdated check for a buggy compiler. Fix a typo in the previous commit that caused timeouts to be 1000x faster than they should be.
2011-03-31 05:43:48 +05:30
cs->arpPrevState = cs->dhcpState;
Rename ARP_GW_CHECK to BOUND_GW_CHECK and call anfrelease() rather than frelease() for this state.
2011-06-30 10:09:17 +05:30
cs->dhcpState = DS_BOUND_GW_CHECK;
If physical link state changes to UP and a lease is bound, check to see if the currently assigned gateway/router still replies to ARP queries. If so, keep the lease. If not, get a new lease. Save the IP address of the current gateway/router. Remove an outdated check for a buggy compiler. Fix a typo in the previous commit that caused timeouts to be 1000x faster than they should be.
2011-03-31 05:43:48 +05:30
cs->oldTimeout = cs->timeout;
Perform timeout-based ARP retransmission for AS_GW_CHECK and AS_GW_QUERY.
2011-07-05 20:37:42 +05:30
cs->timeout = ARP_RETRANS_DELAY + 250;
Make arp code more robust and refactor it a bit. Handle failure to create arp sockets more gracefully. Add initial support for retransmitting arp requests if no reply is met after a certain number of spurious packets.
2011-03-31 12:02:34 +05:30
return 0;
If physical link state changes to UP and a lease is bound, check to see if the currently assigned gateway/router still replies to ARP queries. If so, keep the lease. If not, get a new lease. Save the IP address of the current gateway/router. Remove an outdated check for a buggy compiler. Fix a typo in the previous commit that caused timeouts to be 1000x faster than they should be.
2011-03-31 05:43:48 +05:30
}
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
static int arp_get_gw_hwaddr(struct client_state_t *cs)
Fetch the gateway hardware address after receiving a router option in a DHCP lease. Be more aggressive about closing old arp file descriptors. Check the ARP headers to make sure that received ARP packets are addressed to our machine. Whatever bug may have existed before doesn't exist on modern Linux kernels, if it ever did. Use the stored gateway hardware address to validate a restored link in the DS_ARP_GW_CHECK state. If an ARP message is received while we are in a state that does not expect ARP messages, close the ARP socket and log a message.
2011-03-31 08:47:27 +05:30
{
if (cs->dhcpState != DS_BOUND)
Clean up logging prints in arp.c.
2011-06-02 20:18:58 +05:30
log_error("arp_get_gw_hwaddr: called when state != DS_BOUND");
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
arp_switch_state(cs, AS_GW_QUERY);
log_line("arp: Searching for gw address...");
if (arp_ping(cs, cs->routerAddr) == -1)
Make arp code more robust and refactor it a bit. Handle failure to create arp sockets more gracefully. Add initial support for retransmitting arp requests if no reply is met after a certain number of spurious packets.
2011-03-31 12:02:34 +05:30
return -1;
Perform timeout-based ARP retransmission for AS_GW_CHECK and AS_GW_QUERY.
2011-07-05 20:37:42 +05:30
cs->oldTimeout = cs->timeout;
cs->timeout = ARP_RETRANS_DELAY + 250;
Make arp code more robust and refactor it a bit. Handle failure to create arp sockets more gracefully. Add initial support for retransmitting arp requests if no reply is met after a certain number of spurious packets.
2011-03-31 12:02:34 +05:30
return 0;
Fetch the gateway hardware address after receiving a router option in a DHCP lease. Be more aggressive about closing old arp file descriptors. Check the ARP headers to make sure that received ARP packets are addressed to our machine. Whatever bug may have existed before doesn't exist on modern Linux kernels, if it ever did. Use the stored gateway hardware address to validate a restored link in the DS_ARP_GW_CHECK state. If an ARP message is received while we are in a state that does not expect ARP messages, close the ARP socket and log a message.
2011-03-31 08:47:27 +05:30
}
Move timeout and arp handling code out to arpping.c and timeout.c.
2010-12-24 20:02:58 +05:30
static void arp_failed(struct client_state_t *cs)
{
Clean up logging prints in arp.c.
2011-06-02 20:18:58 +05:30
log_line("arp: Offered address is in use -- declining");
Clean up the DHCP packet sending functions and make them more RFC-compliant. Rename cs->requestedIP to cs->clientAddr. Move the IFS_* defines into netlink.c. Cosmetic cleanups.
2011-07-01 21:07:13 +05:30
send_decline(cs, arp_dhcp_packet.yiaddr);
Send probe requests in COLLISION_CHECK state in a way that is compliant with RFC5227. Rate-limiting is also supported. Keep ARP stats per packet send type rather than per ARP state. Use the new stats to replace last_def_ts. Multiple triggers of arp_gw_check from interface-up-events in quick succession could cause the dhcpState to become corrupt. Fix by making the ARP_GW_CHECK be level triggered rather than edge triggered. Make the timeout calculations in the ARP retransmission code much more accurate. Close the ARP fd if we give up on lease defense and go back to requesting a new lease. Do a second arp_announcement() after finding the default GW's hwaddr. Clean up frenew to sanely handle the various ARP checking events. Now renew signals will be ignored during these states. It was particularly insane before if a renew signal were received during DS_COLLISION_CHECK. If the hardware link carrier goes down, do not sleep. Just keep working. Only go to sleep if the user explicitly deconfigures the interface. This change is far more sane for non-mobile hosts, and still works fine with roaming machines: the important thing is the gw hardware address checking that is triggered when the interface comes back up.
2011-07-06 01:10:57 +05:30
reinit_selecting(cs, total_conflicts < MAX_CONFLICTS ?
0 : RATE_LIMIT_INTERVAL);
Move timeout and arp handling code out to arpping.c and timeout.c.
2010-12-24 20:02:58 +05:30
}
Handle DS_REBINDING and DS_RENEWING states just like DS_BOUND when the hardware link returns after having been lost. Make the timeout action for DS_BOUND_GW_CHECK perform ARP retransmissions rather than just sending a single query.
2011-07-06 01:27:11 +05:30
static void arp_gw_failed(struct client_state_t *cs)
{
log_line("arp: Gateway appears to have changed, getting new lease.");
cs->oldTimeout = 0;
reinit_selecting(cs, 0);
}
static int act_if_arp_gw_failed(struct client_state_t *cs)
If physical link state changes to UP and a lease is bound, check to see if the currently assigned gateway/router still replies to ARP queries. If so, keep the lease. If not, get a new lease. Save the IP address of the current gateway/router. Remove an outdated check for a buggy compiler. Fix a typo in the previous commit that caused timeouts to be 1000x faster than they should be.
2011-03-31 05:43:48 +05:30
{
Send probe requests in COLLISION_CHECK state in a way that is compliant with RFC5227. Rate-limiting is also supported. Keep ARP stats per packet send type rather than per ARP state. Use the new stats to replace last_def_ts. Multiple triggers of arp_gw_check from interface-up-events in quick succession could cause the dhcpState to become corrupt. Fix by making the ARP_GW_CHECK be level triggered rather than edge triggered. Make the timeout calculations in the ARP retransmission code much more accurate. Close the ARP fd if we give up on lease defense and go back to requesting a new lease. Do a second arp_announcement() after finding the default GW's hwaddr. Clean up frenew to sanely handle the various ARP checking events. Now renew signals will be ignored during these states. It was particularly insane before if a renew signal were received during DS_COLLISION_CHECK. If the hardware link carrier goes down, do not sleep. Just keep working. Only go to sleep if the user explicitly deconfigures the interface. This change is far more sane for non-mobile hosts, and still works fine with roaming machines: the important thing is the gw hardware address checking that is triggered when the interface comes back up.
2011-07-06 01:10:57 +05:30
if (arp_send_stats[ASEND_GW_PING].count >= gw_check_init_pingcount + 3) {
Handle DS_REBINDING and DS_RENEWING states just like DS_BOUND when the hardware link returns after having been lost. Make the timeout action for DS_BOUND_GW_CHECK perform ARP retransmissions rather than just sending a single query.
2011-07-06 01:27:11 +05:30
arp_gw_failed(cs);
return 1;
Perform timeout-based ARP retransmission for AS_GW_CHECK and AS_GW_QUERY.
2011-07-05 20:37:42 +05:30
}
Handle DS_REBINDING and DS_RENEWING states just like DS_BOUND when the hardware link returns after having been lost. Make the timeout action for DS_BOUND_GW_CHECK perform ARP retransmissions rather than just sending a single query.
2011-07-06 01:27:11 +05:30
return 0;
If physical link state changes to UP and a lease is bound, check to see if the currently assigned gateway/router still replies to ARP queries. If so, keep the lease. If not, get a new lease. Save the IP address of the current gateway/router. Remove an outdated check for a buggy compiler. Fix a typo in the previous commit that caused timeouts to be 1000x faster than they should be.
2011-03-31 05:43:48 +05:30
}
Fix a regression: if renewing or rebinding a dhcp lease that matches our previous client ip, make sure to stop listening for dhcp packets, set the proper timeout interval, and make sure we're in AS_DEFENSE state.
2011-07-06 21:11:49 +05:30
void arp_set_defense_mode(struct client_state_t *cs)
{
arp_switch_state(cs, AS_DEFENSE);
}
Move timeout and arp handling code out to arpping.c and timeout.c.
2010-12-24 20:02:58 +05:30
void arp_success(struct client_state_t *cs)
{
Calculate the renewTime timeout more accurately: take the delay in ARP checking into account. Rename t1 and t2 to renewTime and rebindTime.
2011-06-30 11:20:50 +05:30
cs->timeout = (cs->renewTime * 1000) - (curms() - cs->leaseStartTime);
Move timeout and arp handling code out to arpping.c and timeout.c.
2010-12-24 20:02:58 +05:30
Calculate the renewTime timeout more accurately: take the delay in ARP checking into account. Rename t1 and t2 to renewTime and rebindTime.
2011-06-30 11:20:50 +05:30
struct in_addr temp_addr = {.s_addr = arp_dhcp_packet.yiaddr};
Clean up logging prints in arp.c.
2011-06-02 20:18:58 +05:30
log_line("arp: Lease of %s obtained, lease time %ld",
Move timeout and arp handling code out to arpping.c and timeout.c.
2010-12-24 20:02:58 +05:30
inet_ntoa(temp_addr), cs->lease);
Clean up the DHCP packet sending functions and make them more RFC-compliant. Rename cs->requestedIP to cs->clientAddr. Move the IFS_* defines into netlink.c. Cosmetic cleanups.
2011-07-01 21:07:13 +05:30
cs->clientAddr = arp_dhcp_packet.yiaddr;
Fetch the gateway hardware address after receiving a router option in a DHCP lease. Be more aggressive about closing old arp file descriptors. Check the ARP headers to make sure that received ARP packets are addressed to our machine. Whatever bug may have existed before doesn't exist on modern Linux kernels, if it ever did. Use the stored gateway hardware address to validate a restored link in the DS_ARP_GW_CHECK state. If an ARP message is received while we are in a state that does not expect ARP messages, close the ARP socket and log a message.
2011-03-31 08:47:27 +05:30
cs->dhcpState = DS_BOUND;
If a lease is negotiated, then expires after renewal attempts, don't time out and exit the daemon as would be desirable at startup. Just keep trying.
2011-06-27 03:51:40 +05:30
cs->init = 0;
Enable active defense of IP address / lease, as described in RFC5227.
2011-07-05 22:33:55 +05:30
last_conflict_ts = 0;
pending_def_ts = 0;
def_old_oldTimeout = 0;
Perform timeout-based ARP retransmission for AS_GW_CHECK and AS_GW_QUERY.
2011-07-05 20:37:42 +05:30
ifchange_bind(&arp_dhcp_packet);
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
if (cs->arpPrevState == DS_RENEWING || cs->arpPrevState == DS_REBINDING) {
arp_switch_state(cs, AS_DEFENSE);
} else {
ssize_t ol;
Perform timeout-based ARP retransmission for AS_GW_CHECK and AS_GW_QUERY.
2011-07-05 20:37:42 +05:30
uint8_t *od = get_option_data(&arp_dhcp_packet, DHCP_ROUTER, &ol);
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
if (ol == 4) {
memcpy(&cs->routerAddr, od, 4);
arp_get_gw_hwaddr(cs);
} else
arp_switch_state(cs, AS_DEFENSE);
}
Hide details of the listen mode implementation in packet.c.
2011-07-01 07:03:38 +05:30
set_listen_none(cs);
Add support for writing lease files.
2011-04-20 02:07:43 +05:30
write_leasefile(temp_addr);
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
arp_announcement(cs);
Move timeout and arp handling code out to arpping.c and timeout.c.
2010-12-24 20:02:58 +05:30
if (client_config.quit_after_lease)
exit(EXIT_SUCCESS);
if (!client_config.foreground)
After fork(), a signalfd-created file descriptor still returns signal info for the parent. Close and recreate a new signalfd after forking into the background.
2010-12-27 20:35:43 +05:30
background(cs);
Move timeout and arp handling code out to arpping.c and timeout.c.
2010-12-24 20:02:58 +05:30
}
Add arpreply_clear() helper.
2011-05-31 20:54:40 +05:30
static void arp_gw_success(struct client_state_t *cs)
If physical link state changes to UP and a lease is bound, check to see if the currently assigned gateway/router still replies to ARP queries. If so, keep the lease. If not, get a new lease. Save the IP address of the current gateway/router. Remove an outdated check for a buggy compiler. Fix a typo in the previous commit that caused timeouts to be 1000x faster than they should be.
2011-03-31 05:43:48 +05:30
{
Clean up logging prints in arp.c.
2011-06-02 20:18:58 +05:30
log_line("arp: Gateway seems unchanged");
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
arp_switch_state(cs, AS_DEFENSE);
Send an ARP announcement after getting a new lease.
2011-07-02 15:18:24 +05:30
arp_announcement(cs);
Make arp code more robust and refactor it a bit. Handle failure to create arp sockets more gracefully. Add initial support for retransmitting arp requests if no reply is met after a certain number of spurious packets.
2011-03-31 12:02:34 +05:30
If physical link state changes to UP and a lease is bound, check to see if the currently assigned gateway/router still replies to ARP queries. If so, keep the lease. If not, get a new lease. Save the IP address of the current gateway/router. Remove an outdated check for a buggy compiler. Fix a typo in the previous commit that caused timeouts to be 1000x faster than they should be.
2011-03-31 05:43:48 +05:30
cs->timeout = cs->oldTimeout;
cs->dhcpState = cs->arpPrevState;
}
Keep track of whether the ARP BPF has been successfully installed. If it has, then don't perform redundant checks in ARP validation.
2011-07-01 12:31:29 +05:30
// ARP validation functions that will be performed by the BPF if it is
// installed.
static int arp_validate_bpf(struct arpMsg *am)
More strictly validate ARP responses from remote servers.
2011-05-31 20:31:08 +05:30
{
Print explicit warning messages when ARP packets fail in arp_validate().
2011-06-02 20:11:34 +05:30
if (am->h_proto != htons(ETH_P_ARP)) {
log_warning("arp: IP header does not indicate ARP protocol");
More strictly validate ARP responses from remote servers.
2011-05-31 20:31:08 +05:30
return 0;
Print explicit warning messages when ARP packets fail in arp_validate().
2011-06-02 20:11:34 +05:30
}
if (am->htype != htons(ARPHRD_ETHER)) {
log_warning("arp: ARP hardware type field invalid");
More strictly validate ARP responses from remote servers.
2011-05-31 20:31:08 +05:30
return 0;
Print explicit warning messages when ARP packets fail in arp_validate().
2011-06-02 20:11:34 +05:30
}
if (am->ptype != htons(ETH_P_IP)) {
log_warning("arp: ARP protocol type field invalid");
More strictly validate ARP responses from remote servers.
2011-05-31 20:31:08 +05:30
return 0;
Print explicit warning messages when ARP packets fail in arp_validate().
2011-06-02 20:11:34 +05:30
}
if (am->hlen != 6) {
log_warning("arp: ARP hardware address length invalid");
More strictly validate ARP responses from remote servers.
2011-05-31 20:31:08 +05:30
return 0;
Print explicit warning messages when ARP packets fail in arp_validate().
2011-06-02 20:11:34 +05:30
}
if (am->plen != 4) {
log_warning("arp: ARP protocol address length invalid");
More strictly validate ARP responses from remote servers.
2011-05-31 20:31:08 +05:30
return 0;
Print explicit warning messages when ARP packets fail in arp_validate().
2011-06-02 20:11:34 +05:30
}
Keep track of whether the ARP BPF has been successfully installed. If it has, then don't perform redundant checks in ARP validation.
2011-07-01 12:31:29 +05:30
return 1;
}
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
// ARP validation functions that will be performed by the BPF if it is
// installed.
static int arp_validate_bpf_defense(struct client_state_t *cs,
struct arpMsg *am)
Keep track of whether the ARP BPF has been successfully installed. If it has, then don't perform redundant checks in ARP validation.
2011-07-01 12:31:29 +05:30
{
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
if (memcmp(am->sip4, &cs->clientAddr, 4))
return 0;
if (!memcmp(am->smac, client_config.arp, 6))
More strictly validate ARP responses from remote servers.
2011-05-31 20:31:08 +05:30
return 0;
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
return 1;
}
static int arp_is_query_reply(struct arpMsg *am)
{
Keep track of whether the ARP BPF has been successfully installed. If it has, then don't perform redundant checks in ARP validation.
2011-07-01 12:31:29 +05:30
if (am->operation != htons(ARPOP_REPLY))
More strictly validate ARP responses from remote servers.
2011-05-31 20:31:08 +05:30
return 0;
Keep track of whether the ARP BPF has been successfully installed. If it has, then don't perform redundant checks in ARP validation.
2011-07-01 12:31:29 +05:30
if (memcmp(am->h_dest, client_config.arp, 6))
return 0;
if (memcmp(am->dmac, client_config.arp, 6))
More strictly validate ARP responses from remote servers.
2011-05-31 20:31:08 +05:30
return 0;
return 1;
}
Send probe requests in COLLISION_CHECK state in a way that is compliant with RFC5227. Rate-limiting is also supported. Keep ARP stats per packet send type rather than per ARP state. Use the new stats to replace last_def_ts. Multiple triggers of arp_gw_check from interface-up-events in quick succession could cause the dhcpState to become corrupt. Fix by making the ARP_GW_CHECK be level triggered rather than edge triggered. Make the timeout calculations in the ARP retransmission code much more accurate. Close the ARP fd if we give up on lease defense and go back to requesting a new lease. Do a second arp_announcement() after finding the default GW's hwaddr. Clean up frenew to sanely handle the various ARP checking events. Now renew signals will be ignored during these states. It was particularly insane before if a renew signal were received during DS_COLLISION_CHECK. If the hardware link carrier goes down, do not sleep. Just keep working. Only go to sleep if the user explicitly deconfigures the interface. This change is far more sane for non-mobile hosts, and still works fine with roaming machines: the important thing is the gw hardware address checking that is triggered when the interface comes back up.
2011-07-06 01:10:57 +05:30
static int arp_gen_probe_wait(void)
{
// This is not a uniform distribution but it doesn't matter here.
return PROBE_MIN + rand() % (PROBE_MAX - PROBE_MIN);
}
Optimize timeout calculations so that curms() is called fewer times and the timeout intervals are a bit more exact.
2011-07-11 18:29:50 +05:30
static void arp_defense_timeout(struct client_state_t *cs, long long nowts)
Perform timeout-based ARP retransmission for AS_GW_CHECK and AS_GW_QUERY.
2011-07-05 20:37:42 +05:30
{
Enable active defense of IP address / lease, as described in RFC5227.
2011-07-05 22:33:55 +05:30
if (pending_def_ts) {
log_line("arp: Defending our lease IP.");
pending_def_ts = 0;
arp_announcement(cs);
if (def_old_oldTimeout) {
cs->timeout = cs->oldTimeout;
cs->oldTimeout = def_old_oldTimeout;
def_old_oldTimeout = 0;
}
}
Refactor the ARP code to be similar to the dhcp code -- timeout functions and packet response functions are handled by an array of function pointers indexed by ARP state. Split arp_retransmit() apart into simpler functions. Fix a typo in renewing_timeout() that would result in too-short timeouts that would soak cpu. Call handle_arp_timeout() from the timeout_action() function rather than having explicit hooks in various <dhcpstate>_timeout() functions. Make the function pointer arrays static const.
2011-07-11 14:39:38 +05:30
}
Optimize timeout calculations so that curms() is called fewer times and the timeout intervals are a bit more exact.
2011-07-11 18:29:50 +05:30
static void arp_check_timeout(struct client_state_t *cs, long long nowts)
Refactor the ARP code to be similar to the dhcp code -- timeout functions and packet response functions are handled by an array of function pointers indexed by ARP state. Split arp_retransmit() apart into simpler functions. Fix a typo in renewing_timeout() that would result in too-short timeouts that would soak cpu. Call handle_arp_timeout() from the timeout_action() function rather than having explicit hooks in various <dhcpstate>_timeout() functions. Make the function pointer arrays static const.
2011-07-11 14:39:38 +05:30
{
Optimize timeout calculations so that curms() is called fewer times and the timeout intervals are a bit more exact.
2011-07-11 18:29:50 +05:30
arp_defense_timeout(cs, nowts);
Refactor the ARP code to be similar to the dhcp code -- timeout functions and packet response functions are handled by an array of function pointers indexed by ARP state. Split arp_retransmit() apart into simpler functions. Fix a typo in renewing_timeout() that would result in too-short timeouts that would soak cpu. Call handle_arp_timeout() from the timeout_action() function rather than having explicit hooks in various <dhcpstate>_timeout() functions. Make the function pointer arrays static const.
2011-07-11 14:39:38 +05:30
if (arpState == AS_GW_CHECK && act_if_arp_gw_failed(cs))
return;
long long rtts = arp_send_stats[ASEND_GW_PING].ts + ARP_RETRANS_DELAY;
Optimize timeout calculations so that curms() is called fewer times and the timeout intervals are a bit more exact.
2011-07-11 18:29:50 +05:30
if (nowts < rtts) {
cs->timeout = rtts - nowts;
Send probe requests in COLLISION_CHECK state in a way that is compliant with RFC5227. Rate-limiting is also supported. Keep ARP stats per packet send type rather than per ARP state. Use the new stats to replace last_def_ts. Multiple triggers of arp_gw_check from interface-up-events in quick succession could cause the dhcpState to become corrupt. Fix by making the ARP_GW_CHECK be level triggered rather than edge triggered. Make the timeout calculations in the ARP retransmission code much more accurate. Close the ARP fd if we give up on lease defense and go back to requesting a new lease. Do a second arp_announcement() after finding the default GW's hwaddr. Clean up frenew to sanely handle the various ARP checking events. Now renew signals will be ignored during these states. It was particularly insane before if a renew signal were received during DS_COLLISION_CHECK. If the hardware link carrier goes down, do not sleep. Just keep working. Only go to sleep if the user explicitly deconfigures the interface. This change is far more sane for non-mobile hosts, and still works fine with roaming machines: the important thing is the gw hardware address checking that is triggered when the interface comes back up.
2011-07-06 01:10:57 +05:30
return;
}
Refactor the ARP code to be similar to the dhcp code -- timeout functions and packet response functions are handled by an array of function pointers indexed by ARP state. Split arp_retransmit() apart into simpler functions. Fix a typo in renewing_timeout() that would result in too-short timeouts that would soak cpu. Call handle_arp_timeout() from the timeout_action() function rather than having explicit hooks in various <dhcpstate>_timeout() functions. Make the function pointer arrays static const.
2011-07-11 14:39:38 +05:30
log_line(arpState == AS_GW_CHECK ?
"arp: Still waiting for gateway to reply to arp ping..." :
"arp: Still looking for gateway hardware address...");
if (arp_ping(cs, cs->routerAddr) == -1)
log_warning("arp: Failed to send ARP ping in retransmission.");
cs->timeout = ARP_RETRANS_DELAY;
}
Optimize timeout calculations so that curms() is called fewer times and the timeout intervals are a bit more exact.
2011-07-11 18:29:50 +05:30
static void arp_collision_timeout(struct client_state_t *cs, long long nowts)
Refactor the ARP code to be similar to the dhcp code -- timeout functions and packet response functions are handled by an array of function pointers indexed by ARP state. Split arp_retransmit() apart into simpler functions. Fix a typo in renewing_timeout() that would result in too-short timeouts that would soak cpu. Call handle_arp_timeout() from the timeout_action() function rather than having explicit hooks in various <dhcpstate>_timeout() functions. Make the function pointer arrays static const.
2011-07-11 14:39:38 +05:30
{
Optimize timeout calculations so that curms() is called fewer times and the timeout intervals are a bit more exact.
2011-07-11 18:29:50 +05:30
arp_defense_timeout(cs, nowts);
Refactor the ARP code to be similar to the dhcp code -- timeout functions and packet response functions are handled by an array of function pointers indexed by ARP state. Split arp_retransmit() apart into simpler functions. Fix a typo in renewing_timeout() that would result in too-short timeouts that would soak cpu. Call handle_arp_timeout() from the timeout_action() function rather than having explicit hooks in various <dhcpstate>_timeout() functions. Make the function pointer arrays static const.
2011-07-11 14:39:38 +05:30
Optimize timeout calculations so that curms() is called fewer times and the timeout intervals are a bit more exact.
2011-07-11 18:29:50 +05:30
if (nowts >= collision_check_init_ts + ANNOUNCE_WAIT ||
Refactor the ARP code to be similar to the dhcp code -- timeout functions and packet response functions are handled by an array of function pointers indexed by ARP state. Split arp_retransmit() apart into simpler functions. Fix a typo in renewing_timeout() that would result in too-short timeouts that would soak cpu. Call handle_arp_timeout() from the timeout_action() function rather than having explicit hooks in various <dhcpstate>_timeout() functions. Make the function pointer arrays static const.
2011-07-11 14:39:38 +05:30
arp_send_stats[ASEND_COLLISION_CHECK].count >= PROBE_NUM) {
arp_success(cs);
return;
}
long long rtts = arp_send_stats[ASEND_COLLISION_CHECK].ts +
probe_wait_time;
Optimize timeout calculations so that curms() is called fewer times and the timeout intervals are a bit more exact.
2011-07-11 18:29:50 +05:30
if (nowts < rtts) {
cs->timeout = rtts - nowts;
Perform timeout-based ARP retransmission for AS_GW_CHECK and AS_GW_QUERY.
2011-07-05 20:37:42 +05:30
return;
}
Refactor the ARP code to be similar to the dhcp code -- timeout functions and packet response functions are handled by an array of function pointers indexed by ARP state. Split arp_retransmit() apart into simpler functions. Fix a typo in renewing_timeout() that would result in too-short timeouts that would soak cpu. Call handle_arp_timeout() from the timeout_action() function rather than having explicit hooks in various <dhcpstate>_timeout() functions. Make the function pointer arrays static const.
2011-07-11 14:39:38 +05:30
log_line("arp: Probing for hosts that may conflict with our lease...");
if (arp_ip_anon_ping(cs, arp_dhcp_packet.yiaddr) == -1)
log_warning("arp: Failed to send ARP ping in retransmission.");
cs->timeout = probe_wait_time = arp_gen_probe_wait();
Perform timeout-based ARP retransmission for AS_GW_CHECK and AS_GW_QUERY.
2011-07-05 20:37:42 +05:30
}
Enable active defense of IP address / lease, as described in RFC5227.
2011-07-05 22:33:55 +05:30
static void arp_do_defense(struct client_state_t *cs)
{
log_line("arp: detected a peer attempting to use our IP!");
long long cur_conflict_ts = curms();
if (!last_conflict_ts ||
cur_conflict_ts - last_conflict_ts < DEFEND_INTERVAL) {
log_line("arp: Defending our lease IP.");
arp_announcement(cs);
} else if (!arp_relentless_def) {
log_line("arp: Conflicting peer is persistent. Requesting new lease.");
send_release(cs);
reinit_selecting(cs, 0);
} else {
Send probe requests in COLLISION_CHECK state in a way that is compliant with RFC5227. Rate-limiting is also supported. Keep ARP stats per packet send type rather than per ARP state. Use the new stats to replace last_def_ts. Multiple triggers of arp_gw_check from interface-up-events in quick succession could cause the dhcpState to become corrupt. Fix by making the ARP_GW_CHECK be level triggered rather than edge triggered. Make the timeout calculations in the ARP retransmission code much more accurate. Close the ARP fd if we give up on lease defense and go back to requesting a new lease. Do a second arp_announcement() after finding the default GW's hwaddr. Clean up frenew to sanely handle the various ARP checking events. Now renew signals will be ignored during these states. It was particularly insane before if a renew signal were received during DS_COLLISION_CHECK. If the hardware link carrier goes down, do not sleep. Just keep working. Only go to sleep if the user explicitly deconfigures the interface. This change is far more sane for non-mobile hosts, and still works fine with roaming machines: the important thing is the gw hardware address checking that is triggered when the interface comes back up.
2011-07-06 01:10:57 +05:30
pending_def_ts = arp_send_stats[ASEND_ANNOUNCE].ts + DEFEND_INTERVAL;
Enable active defense of IP address / lease, as described in RFC5227.
2011-07-05 22:33:55 +05:30
long long def_xmit_ts = pending_def_ts - cur_conflict_ts;
if (!cs->timeout || cs->timeout > def_xmit_ts) {
def_old_oldTimeout = cs->oldTimeout;
cs->oldTimeout = cs->timeout;
cs->timeout = def_xmit_ts;
}
}
Send probe requests in COLLISION_CHECK state in a way that is compliant with RFC5227. Rate-limiting is also supported. Keep ARP stats per packet send type rather than per ARP state. Use the new stats to replace last_def_ts. Multiple triggers of arp_gw_check from interface-up-events in quick succession could cause the dhcpState to become corrupt. Fix by making the ARP_GW_CHECK be level triggered rather than edge triggered. Make the timeout calculations in the ARP retransmission code much more accurate. Close the ARP fd if we give up on lease defense and go back to requesting a new lease. Do a second arp_announcement() after finding the default GW's hwaddr. Clean up frenew to sanely handle the various ARP checking events. Now renew signals will be ignored during these states. It was particularly insane before if a renew signal were received during DS_COLLISION_CHECK. If the hardware link carrier goes down, do not sleep. Just keep working. Only go to sleep if the user explicitly deconfigures the interface. This change is far more sane for non-mobile hosts, and still works fine with roaming machines: the important thing is the gw hardware address checking that is triggered when the interface comes back up.
2011-07-06 01:10:57 +05:30
total_conflicts++;
Enable active defense of IP address / lease, as described in RFC5227.
2011-07-05 22:33:55 +05:30
last_conflict_ts = cur_conflict_ts;
}
Refactor the ARP code to be similar to the dhcp code -- timeout functions and packet response functions are handled by an array of function pointers indexed by ARP state. Split arp_retransmit() apart into simpler functions. Fix a typo in renewing_timeout() that would result in too-short timeouts that would soak cpu. Call handle_arp_timeout() from the timeout_action() function rather than having explicit hooks in various <dhcpstate>_timeout() functions. Make the function pointer arrays static const.
2011-07-11 14:39:38 +05:30
static void arp_do_gw_query(struct client_state_t *cs)
{
if (arp_is_query_reply(&arpreply) &&
!memcmp(arpreply.sip4, &cs->routerAddr, 4)) {
cs->timeout = cs->oldTimeout;
memcpy(cs->routerArp, arpreply.smac, 6);
log_line("arp: Gateway hardware address %02x:%02x:%02x:%02x:%02x:%02x",
cs->routerArp[0], cs->routerArp[1],
cs->routerArp[2], cs->routerArp[3],
cs->routerArp[4], cs->routerArp[5]);
arp_switch_state(cs, AS_DEFENSE);
arp_announcement(cs); // Do a second announcement.
return;
}
if (!arp_validate_bpf_defense(cs, &arpreply))
return;
arp_do_defense(cs);
}
static void arp_do_collision_check(struct client_state_t *cs)
{
if (!arp_is_query_reply(&arpreply))
return;
// If this packet was sent from our lease IP, and does not have a
// MAC address matching our own (the latter check guards against stupid
// hubs or repeaters), then it's a conflict and thus a failure.
if (!memcmp(arpreply.sip4, &arp_dhcp_packet.yiaddr, 4) &&
!memcmp(client_config.arp, arpreply.smac, 6)) {
total_conflicts++;
arp_failed(cs);
}
}
static void arp_do_gw_check(struct client_state_t *cs)
{
if (!arp_is_query_reply(&arpreply))
return;
if (!memcmp(arpreply.sip4, &cs->routerAddr, 4)) {
// Success only if the router/gw MAC matches stored value
if (!memcmp(cs->routerArp, arpreply.smac, 6))
arp_gw_success(cs);
else
arp_gw_failed(cs);
}
}
static void arp_do_invalid(struct client_state_t *cs)
{
log_error("handle_arp_response: called in invalid state %u", arpState);
arp_close_fd(cs);
}
typedef struct {
void (*packet_fn)(struct client_state_t *cs);
Optimize timeout calculations so that curms() is called fewer times and the timeout intervals are a bit more exact.
2011-07-11 18:29:50 +05:30
void (*timeout_fn)(struct client_state_t *cs, long long nowts);
Refactor the ARP code to be similar to the dhcp code -- timeout functions and packet response functions are handled by an array of function pointers indexed by ARP state. Split arp_retransmit() apart into simpler functions. Fix a typo in renewing_timeout() that would result in too-short timeouts that would soak cpu. Call handle_arp_timeout() from the timeout_action() function rather than having explicit hooks in various <dhcpstate>_timeout() functions. Make the function pointer arrays static const.
2011-07-11 14:39:38 +05:30
} arp_state_fn_t;
static const arp_state_fn_t arp_states[] = {
{ arp_do_invalid, 0 }, // AS_NONE
{ arp_do_collision_check, arp_collision_timeout }, // AS_COLLISION_CHECK
{ arp_do_gw_check, arp_check_timeout }, // AS_GW_CHECK
{ arp_do_gw_query, arp_check_timeout }, // AS_GW_QUERY
{ arp_do_defense, arp_defense_timeout }, // AS_DEFENSE
{ arp_do_invalid, 0 }, // AS_MAX
};
Move timeout and arp handling code out to arpping.c and timeout.c.
2010-12-24 20:02:58 +05:30
void handle_arp_response(struct client_state_t *cs)
{
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
int r = 0;
Move timeout and arp handling code out to arpping.c and timeout.c.
2010-12-24 20:02:58 +05:30
if (arpreply_offset < sizeof arpreply) {
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
r = safe_read(cs->arpFd, (char *)&arpreply + arpreply_offset,
Move timeout and arp handling code out to arpping.c and timeout.c.
2010-12-24 20:02:58 +05:30
sizeof arpreply - arpreply_offset);
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
if (r < 0 && errno != EWOULDBLOCK && errno != EAGAIN) {
Clean up logging prints in arp.c.
2011-06-02 20:18:58 +05:30
log_error("arp: ARP response read failed: %s", strerror(errno));
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
switch (arpState) {
case AS_COLLISION_CHECK: arp_failed(cs); break;
case AS_GW_CHECK: arp_gw_failed(cs); break;
default:
Rename DS_ARP_CHECK to the less confusing DS_COLLISION_CHECK. Call arp_reopen_fd() if reading from the arp fd fails in any state other than AS_COLLISION_CHECK or AS_GW_CHECK.
2011-07-05 08:29:07 +05:30
arp_reopen_fd(cs);
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
break;
Make arp code more robust and refactor it a bit. Handle failure to create arp sockets more gracefully. Add initial support for retransmitting arp requests if no reply is met after a certain number of spurious packets.
2011-03-31 12:02:34 +05:30
}
Move timeout and arp handling code out to arpping.c and timeout.c.
2010-12-24 20:02:58 +05:30
} else
arpreply_offset += r;
}
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
Perform timeout-based ARP retransmission for AS_GW_CHECK and AS_GW_QUERY.
2011-07-05 20:37:42 +05:30
if (r <= 0) {
Optimize timeout calculations so that curms() is called fewer times and the timeout intervals are a bit more exact.
2011-07-11 18:29:50 +05:30
handle_arp_timeout(cs, curms());
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
return;
}
Fix a problem where, when ndhc is waiting for an arp packet, an arp packet is received that is discarded by ndhc's basic checks and provokes a busy loop in the main program loop because epoll_wait() constantly sees data that is never drained from the socket buffer since arp_offset exceeds the maximum size of an ARP packet and would overflow the packet buffer.
2011-06-29 09:20:36 +05:30
if (arpreply_offset < ARP_MSG_SIZE)
Fetch the gateway hardware address after receiving a router option in a DHCP lease. Be more aggressive about closing old arp file descriptors. Check the ARP headers to make sure that received ARP packets are addressed to our machine. Whatever bug may have existed before doesn't exist on modern Linux kernels, if it ever did. Use the stored gateway hardware address to validate a restored link in the DS_ARP_GW_CHECK state. If an ARP message is received while we are in a state that does not expect ARP messages, close the ARP socket and log a message.
2011-03-31 08:47:27 +05:30
return;
Make arp code more robust and refactor it a bit. Handle failure to create arp sockets more gracefully. Add initial support for retransmitting arp requests if no reply is met after a certain number of spurious packets.
2011-03-31 12:02:34 +05:30
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
// Emulate the BPF filters if they are not in use.
Only perform arpreply_clear() after consuming an arp packet in handle_arp_response() and when opening a new arp fd. Do not clear the arpreply buffer and offset on ARP state transitions. Only perform ARP collision probing when binding a new lease from the DS_REQUESTING state, or if we have renewed or rebound a lease with a different IP than we had before. Resequence the arp_dhcp_packet memcpy() in arp_check() so that the current IP address is ARP checked rather than the previous one.
2011-07-06 18:56:07 +05:30
if (!using_arp_bpf && (!arp_validate_bpf(&arpreply) ||
(arpState == AS_DEFENSE &&
!arp_validate_bpf_defense(cs, &arpreply)))) {
arpreply_clear();
return;
Fix a problem where, when ndhc is waiting for an arp packet, an arp packet is received that is discarded by ndhc's basic checks and provokes a busy loop in the main program loop because epoll_wait() constantly sees data that is never drained from the socket buffer since arp_offset exceeds the maximum size of an ARP packet and would overflow the packet buffer.
2011-06-29 09:20:36 +05:30
}
More strictly validate ARP responses from remote servers.
2011-05-31 20:31:08 +05:30
Refactor the ARP code to be similar to the dhcp code -- timeout functions and packet response functions are handled by an array of function pointers indexed by ARP state. Split arp_retransmit() apart into simpler functions. Fix a typo in renewing_timeout() that would result in too-short timeouts that would soak cpu. Call handle_arp_timeout() from the timeout_action() function rather than having explicit hooks in various <dhcpstate>_timeout() functions. Make the function pointer arrays static const.
2011-07-11 14:39:38 +05:30
if (arp_states[arpState].packet_fn)
arp_states[arpState].packet_fn(cs);
Massive overhaul to arp.c in preparation for adding address defense: Use a separate state machine for the arp handling. It's loosely coupled to the dhcp code, and is thus much easier to reason about than the previous approach that made the arp code use the dhcp state. Add a BPF and C emulation of the BPF for RFC5227-style address defense. Allow switchable BPF filters for the arp socket. Fix a regression introduced in the arp announcement commit. Contrary to RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff for wildcard semantics, not all 0x00. Keep track of the millisecond timestamp of the most recent ARP packet that has been sent as well as the total number of packets that have been sent in the current ARP state. Use these values to implement time-based ARP retransmit. When querying the default gateway/router, use ARP packets that have the source IP set to the client lease IP rather than 0.0.0.0. Combine common code in the arp sending functions into arp_send(). Resequence the arp_announcement() in arp_success() so that it happens after the interface is configured by ifchange() / ifchd. Get rid of layering hack in ifchange.c to set the router address in the client state. Do it in the proper place in arp.c. Add an early exit before ifchd_cmd() in ifchange.c. This change prevents sending a ':' to ifchd for a string type option with no string content.
2011-07-05 05:37:16 +05:30
arpreply_clear();
Move timeout and arp handling code out to arpping.c and timeout.c.
2010-12-24 20:02:58 +05:30
}
Refactor the ARP code to be similar to the dhcp code -- timeout functions and packet response functions are handled by an array of function pointers indexed by ARP state. Split arp_retransmit() apart into simpler functions. Fix a typo in renewing_timeout() that would result in too-short timeouts that would soak cpu. Call handle_arp_timeout() from the timeout_action() function rather than having explicit hooks in various <dhcpstate>_timeout() functions. Make the function pointer arrays static const.
2011-07-11 14:39:38 +05:30
// Perform retransmission if necessary.
Optimize timeout calculations so that curms() is called fewer times and the timeout intervals are a bit more exact.
2011-07-11 18:29:50 +05:30
void handle_arp_timeout(struct client_state_t *cs, long long nowts)
Refactor the ARP code to be similar to the dhcp code -- timeout functions and packet response functions are handled by an array of function pointers indexed by ARP state. Split arp_retransmit() apart into simpler functions. Fix a typo in renewing_timeout() that would result in too-short timeouts that would soak cpu. Call handle_arp_timeout() from the timeout_action() function rather than having explicit hooks in various <dhcpstate>_timeout() functions. Make the function pointer arrays static const.
2011-07-11 14:39:38 +05:30
{
if (arp_states[arpState].timeout_fn)
Optimize timeout calculations so that curms() is called fewer times and the timeout intervals are a bit more exact.
2011-07-11 18:29:50 +05:30
arp_states[arpState].timeout_fn(cs, nowts);
Refactor the ARP code to be similar to the dhcp code -- timeout functions and packet response functions are handled by an array of function pointers indexed by ARP state. Split arp_retransmit() apart into simpler functions. Fix a typo in renewing_timeout() that would result in too-short timeouts that would soak cpu. Call handle_arp_timeout() from the timeout_action() function rather than having explicit hooks in various <dhcpstate>_timeout() functions. Make the function pointer arrays static const.
2011-07-11 14:39:38 +05:30
}
Reference in New Issue Copy Permalink