Commit Graph

355 Commits

Author SHA1 Message Date
Nicholas J. Kain
9974cc2f51 Separate out dhcp packet validation into validate_dhcp_packet(). 2011-07-01 05:33:12 -04:00
Nicholas J. Kain
09b5c08b5b Cosmetic cleanups in packet.c. 2011-07-01 04:38:38 -04:00
Nicholas J. Kain
42f81ecd33 Make the DHCP BPF perform stricter checks. Now packets that have IP options
are discarded, and the UDP length, IP length, and IP header size fields are
validated for consistency.

Keep track of whether the DHCP BPF has been successfully installed.  If it has,
then don't perform redundant checks in DHCP validation.
2011-07-01 04:14:10 -04:00
Nicholas J. Kain
7a2585d2bf Keep track of whether the ARP BPF has been successfully installed. If it has,
then don't perform redundant checks in ARP validation.
2011-07-01 03:01:29 -04:00
Nicholas J. Kain
0e55bfd4fd Optimize the ARP BPF bytecode to use fewer instructions. 2011-07-01 02:49:19 -04:00
Nicholas J. Kain
927e2590a2 BPF's load instructions automatically convert the loaded argument from host
to network byte order, thus BPF is endian independent.

Make the ARP BPF static const again.
2011-07-01 02:37:19 -04:00
Nicholas J. Kain
9ddfab5085 Define a BPF for ARP-listening raw sockets that discriminates by ethernet
frame protocol type field, ARP hardware type field, ARP protocol type field,
ARP hardware address length field, and ARP protocol address length field.
2011-07-01 00:55:35 -04:00
Nicholas J. Kain
3e3ecc816f Define a BPF for DHCP-listening raw sockets that discriminates by IP
version field, IP protocol number field, and UDP client and server port
fields and passes the number of octets specified in the IP total length
field.
2011-07-01 00:12:03 -04:00
Nicholas J. Kain
f704abe50f C99 designated initializers guarantee zero-init of unspecified members.
Take advantage of that feature in ndhc.c when initializing the state
and config structures.

Fix some seriously stupid typos in the commit before the previous one.
2011-06-30 22:02:28 -04:00
Nicholas J. Kain
1f514cbb50 Hide details of the listen mode implementation in packet.c. 2011-06-30 21:33:38 -04:00
Nicholas J. Kain
5c2398857d Cosmetic cleanups to packet.c. 2011-06-30 20:48:09 -04:00
Nicholas J. Kain
6f2986803f Fix a dumb error in delay_timeout(). Return value should be ms, not s. 2011-06-30 04:12:59 -04:00
Nicholas J. Kain
e77190e2e9 Make frenew() less insane. It was most likely subtly buggy before depending
on state.
2011-06-30 03:43:09 -04:00
Nicholas J. Kain
3a81f1ea6c Use an RFC2131-compliant exponential backoff delay. 2011-06-30 03:27:57 -04:00
Nicholas J. Kain
339804856b Make the renew and rebind timeouts more strictly rfc compliant, and also
take into account the possiblity of renew times being ridiculously deferred
such that the current time is within lease expiration time.
2011-06-30 02:48:58 -04:00
Nicholas J. Kain
8fffc5721f Calculate the renewTime timeout more accurately: take the delay in ARP
checking into account.

Rename t1 and t2 to renewTime and rebindTime.
2011-06-30 01:50:50 -04:00
Nicholas J. Kain
d89e9f89c2 Rename ARP_GW_CHECK to BOUND_GW_CHECK and call anfrelease() rather than
frelease() for this state.
2011-06-30 00:39:17 -04:00
Nicholas J. Kain
3f6aafe809 Remove the DS_RENEW_REQUESTED state. 2011-06-30 00:19:59 -04:00
Nicholas J. Kain
d6fcb35903 Fold renew_requested_timeout() into requesting_timeout(). 2011-06-30 00:11:43 -04:00
Nicholas J. Kain
6ea5ac0d5d Don't special case DS_ARP_CHECK in nfrelease(). 2011-06-30 00:01:02 -04:00
Nicholas J. Kain
76ecfffce2 Centralize DHCP timeout, packet reciept, and user-demanded action handling
into state.[ch].  Remove timeout.c.
2011-06-29 23:47:31 -04:00
Nicholas J. Kain
bef54a23fb Rename perform_renew() and perform_release() to force_renew() and
force_release().
2011-06-29 20:14:24 -04:00
Nicholas J. Kain
de47d3b4d6 Add better comments to timeout.c. 2011-06-29 20:08:32 -04:00
Nicholas J. Kain
3b5faebd6c Fix a typo introduced when refactoring the raw socket code. 2011-06-29 19:17:32 -04:00
Nicholas J. Kain
4c1c1715fe Refactor the send and listen socket creation functions to share common code.
Fix a regression where cooked packets would be truncated because of a typo
in the buffer length calculation that was introduced in an earlier commit.
2011-06-28 23:56:12 -04:00
Nicholas J. Kain
52fbeb46ad Fix a problem where, when ndhc is waiting for an arp packet, an arp packet
is received that is discarded by ndhc's basic checks and provokes a busy
loop in the main program loop because epoll_wait() constantly sees data that
is never drained from the socket buffer since arp_offset exceeds the
maximum size of an ARP packet and would overflow the packet buffer.
2011-06-28 23:50:36 -04:00
Nicholas J. Kain
d1f36cf75e fsync() the leasefile after writing a new lease IP so that it's instantly
updated to disk.
2011-06-28 13:47:36 -04:00
Nicholas J. Kain
ac38a15c9f Don't spam 'No lease, going to background.' messages after going into the
background and trying to get a DHCP lease when the client has never had
a lease in the current instance of the process.
2011-06-28 06:32:10 -04:00
Nicholas J. Kain
8dc93aad54 Cosmetic cleanups to options.c. 2011-06-27 15:19:54 -04:00
Nicholas J. Kain
55a397c2c9 Add the gentoo script for interfacing ndhc with the net configuration init
scripts to version control.
2011-06-27 15:09:29 -04:00
Nicholas J. Kain
27524d9d34 Use the new libc_random_u32() in ncmlib to replace random_xid(). 2011-06-27 15:07:00 -04:00
Nicholas J. Kain
b72b551a0d Cosmetic changes to packet.c. 2011-06-27 13:01:39 -04:00
Nicholas J. Kain
55f24fd2a3 Make the various functions in options.c that take a pointer to an options
buffer and length instead take a pointer to a struct dhcpmsg.  This argument
list choice implicitly gives safe length checks and is simpler.

Remove DHCP_OPTIONS_LENGTH.
Fold set_option() into alloc_option().
Make some more functions in options.[ch] static.
2011-06-27 12:53:35 -04:00
Nicholas J. Kain
63d9763345 Remove init_header() and clean up init_packet() and its callers. 2011-06-27 12:20:22 -04:00
Nicholas J. Kain
1e2698b402 If a lease is negotiated, then expires after renewal attempts, don't time out
and exit the daemon as would be desirable at startup.  Just keep trying.
2011-06-26 18:21:40 -04:00
Nicholas J. Kain
057211d5f5 Make IP and UDP checksum calculations for sending raw packets much less
confusing.  They are now calculated without mutating the underlying
structures so that there is no longer any tricky operation order dependence.
2011-06-26 17:50:35 -04:00
Nicholas J. Kain
0581cc9aed Trivial cosmetic corrections. 2011-06-26 17:37:57 -04:00
Nicholas J. Kain
864ad73b20 Remove pointless length-checking in get_raw_packet() that can never be triggered
because safe_read() already protects against reads longer than a DHCP
packet in length.

Lots of cosmetic cleanups.  Highlights:
- Remove pointless enums that just define sizeof for various structures.
- Rename struct dhcpMessage to struct dhcpmsg.
2011-06-26 17:25:00 -04:00
Nicholas J. Kain
b70070e592 Define stateless functions to validate the checksum of an ip header and of a
udp packet and use them in get_raw_packet().

Print a warning if the raw UDP receive gets a quantum of data that is greater
than that of a single UDP datagram.

Remove unnecessary argument from net_checksum().  Initializing a nonzero
checksum value is not very helpful in practice.

Define a function net_checksum_add() that, for two sequences of bytes A and B
that return checksums CS(A) and CS(B), will calculate the checksum CS(AB) of
the concatenated value AB given the checksums of the individual parts CS(A)
and CS(B).
2011-06-26 16:33:07 -04:00
Nicholas J. Kain
7d0e05504f Define a new IP checksum function that is resistant to undefined signed
overflow when given ridiculously large data lengths.  In practice, undefined
behavior would never occur with the previous function since it would have
required IP packets >128KiB bytes in length and the maximum length for an
IP packet is 64KiB.

The new checksum function is also a bit more flexible (allowing a starting
checksum value != 0), clearly is endian independent, and does no typesystem
abuse.  It's boringly correct standard C.

Use C99 structure initializers for forming raw UDP packets for send.
2011-06-26 10:21:02 -04:00
Nicholas J. Kain
f43b656673 Make static in packet.c: checksum(), raw_packet(), and kernel_packet().
Rename raw_packet() to send_dhcp_raw() and strip of unnecessary arguments.
Rename kernel_packet() to send_dhcp_cooked() and strip of unnecessary
arguments.
Remove the ugly bcast_raw_packet() wrapper hack.
2011-06-25 16:55:00 -04:00
Nicholas J. Kain
5b3aee93ab Tell the kernel not to attempt routing table lookups for sent DHCP traffic:
- Use SO_DONTROUTE for dhcp listen and send sockets (both raw and udp).

More paranoia against packets being sent to incorrect interfaces:
- Bind arp socket to a specific interface via bind().
- Use SO_BINDTODEVICE for udp send sockets.  It was already used for udp
  listen sockets.

Flatten indentation in arp_(open|close)_fd().
Use C99 initializers in packet.c.
Add more error message prints to packet.c.
2011-06-25 16:31:21 -04:00
Nicholas J. Kain
c37d815754 Rewrite the ARP ping code to properly use modern interfaces. In detail:
- Use AF_PACKET and SOCK_RAW rather than the decade-deprecated
  SOCK_PACKET interface.
- Separate out socket creation code into a subfunction.
- Use C99 initializers for packet and address structures.
- Cosmetic cleanups.
2011-06-25 13:02:56 -04:00
Nicholas J. Kain
8f5eb7e921 Remove invariant args to arpping(). 2011-06-25 11:42:15 -04:00
Nicholas J. Kain
7ee0001e97 Constant correctness: socket(PF_*, ...) -> socket(AF_*, ...) 2011-06-25 11:11:48 -04:00
Nicholas J. Kain
e50c429235 Handle errors in fcntl() if O_NONBLOCK fails. 2011-06-25 10:46:24 -04:00
Nicholas J. Kain
71f59d0433 Remove socket.[ch] : code is merged into packet.c 2011-06-25 10:40:41 -04:00
Nicholas J. Kain
7d206e45b6 Make raw listen sockets nonblocking. They should have been so all along.
Minor constant correction: PF_PACKET -> AF_PACKET
2011-06-25 10:18:14 -04:00
Nicholas J. Kain
19f7e6d11e Silence excessively chatty messages from ARP handling. Random received
packets that are discarded for simply not being targets for examination
should not trigger prints.
2011-06-25 10:02:09 -04:00
Nicholas J. Kain
5cf572c2fd Merge dhcpmsg.[ch] into packet.[ch]. 2011-06-11 11:19:05 -04:00