1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * dhcpcd - ARP handler 4 * Copyright (c) 2006-2025 Roy Marples <roy (at) marples.name> 5 * All rights reserved 6 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <sys/socket.h> 30 #include <sys/types.h> 31 32 #include <arpa/inet.h> 33 34 #include <net/if.h> 35 #include <netinet/in.h> 36 #include <netinet/if_ether.h> 37 38 #include <errno.h> 39 #include <stdlib.h> 40 #include <stdio.h> 41 #include <string.h> 42 #include <unistd.h> 43 44 #define ELOOP_QUEUE ELOOP_ARP 45 #include "config.h" 46 #include "arp.h" 47 #include "bpf.h" 48 #include "ipv4.h" 49 #include "common.h" 50 #include "dhcpcd.h" 51 #include "eloop.h" 52 #include "if.h" 53 #include "if-options.h" 54 #include "ipv4ll.h" 55 #include "logerr.h" 56 #include "privsep.h" 57 58 #if defined(ARP) 59 #define ARP_LEN \ 60 (FRAMEHDRLEN_MAX + \ 61 sizeof(struct arphdr) + (2 * sizeof(uint32_t)) + (2 * HWADDR_LEN)) 62 63 /* ARP debugging can be quite noisy. Enable this for more noise! */ 64 //#define ARP_DEBUG 65 66 /* Assert the correct structure size for on wire */ 67 __CTASSERT(sizeof(struct arphdr) == 8); 68 69 static ssize_t 70 arp_request(const struct arp_state *astate, 71 const struct in_addr *sip) 72 { 73 const struct interface *ifp = astate->iface; 74 const struct in_addr *tip = &astate->addr; 75 uint8_t arp_buffer[ARP_LEN]; 76 struct arphdr ar; 77 size_t len; 78 uint8_t *p; 79 80 ar.ar_hrd = htons(ifp->hwtype); 81 ar.ar_pro = htons(ETHERTYPE_IP); 82 ar.ar_hln = ifp->hwlen; 83 ar.ar_pln = sizeof(tip->s_addr); 84 ar.ar_op = htons(ARPOP_REQUEST); 85 86 p = arp_buffer; 87 len = 0; 88 89 #define CHECK(fun, b, l) \ 90 do { \ 91 if (len + (l) > sizeof(arp_buffer)) \ 92 goto eexit; \ 93 fun(p, (b), (l)); \ 94 p += (l); \ 95 len += (l); \ 96 } while (/* CONSTCOND */ 0) 97 #define APPEND(b, l) CHECK(memcpy, b, l) 98 #define ZERO(l) CHECK(memset, 0, l) 99 100 APPEND(&ar, sizeof(ar)); 101 APPEND(ifp->hwaddr, ifp->hwlen); 102 if (sip != NULL) 103 APPEND(&sip->s_addr, sizeof(sip->s_addr)); 104 else 105 ZERO(sizeof(tip->s_addr)); 106 ZERO(ifp->hwlen); 107 APPEND(&tip->s_addr, sizeof(tip->s_addr)); 108 109 #ifdef PRIVSEP 110 if (ifp->ctx->options & DHCPCD_PRIVSEP) 111 return ps_bpf_sendarp(ifp, tip, arp_buffer, len); 112 #endif 113 /* Note that well formed ethernet will add extra padding 114 * to ensure that the packet is at least 60 bytes (64 including FCS). */ 115 return bpf_send(astate->bpf, ETHERTYPE_ARP, arp_buffer, len); 116 117 eexit: 118 errno = ENOBUFS; 119 return -1; 120 } 121 122 static void 123 arp_report_conflicted(const struct arp_state *astate, 124 const struct arp_msg *amsg) 125 { 126 char abuf[HWADDR_LEN * 3]; 127 char fbuf[HWADDR_LEN * 3]; 128 129 if (amsg == NULL) { 130 logerrx("%s: DAD detected %s", 131 astate->iface->name, inet_ntoa(astate->addr)); 132 return; 133 } 134 135 hwaddr_ntoa(amsg->sha, astate->iface->hwlen, abuf, sizeof(abuf)); 136 if (bpf_frame_header_len(astate->iface) == 0) { 137 logwarnx("%s: %s claims %s", 138 astate->iface->name, abuf, inet_ntoa(astate->addr)); 139 return; 140 } 141 142 logwarnx("%s: %s(%s) claims %s", 143 astate->iface->name, abuf, 144 hwaddr_ntoa(amsg->fsha, astate->iface->hwlen, fbuf, sizeof(fbuf)), 145 inet_ntoa(astate->addr)); 146 } 147 148 static void 149 arp_found(struct arp_state *astate, const struct arp_msg *amsg) 150 { 151 struct interface *ifp; 152 struct ipv4_addr *ia; 153 #ifndef KERNEL_RFC5227 154 struct timespec now; 155 #endif 156 157 arp_report_conflicted(astate, amsg); 158 ifp = astate->iface; 159 160 /* If we haven't added the address we're doing a probe. */ 161 ia = ipv4_iffindaddr(ifp, &astate->addr, NULL); 162 if (ia == NULL) { 163 if (astate->found_cb != NULL) 164 astate->found_cb(astate, amsg); 165 return; 166 } 167 168 #ifndef KERNEL_RFC5227 169 /* RFC 3927 Section 2.5 says a defence should 170 * broadcast an ARP announcement. 171 * Because the kernel will also unicast a reply to the 172 * hardware address which requested the IP address 173 * the other IPv4LL client will receieve two ARP 174 * messages. 175 * If another conflict happens within DEFEND_INTERVAL 176 * then we must drop our address and negotiate a new one. 177 * If DHCPCD_ARP_PERSISTDEFENCE is set, that enables 178 * RFC5227 section 2.4.c behaviour. Upon conflict 179 * detection, the host records the time that the 180 * conflicting ARP packet was received, and then 181 * broadcasts one single ARP Announcement. The host then 182 * continues to use the address normally. All further 183 * conflict notifications within the DEFEND_INTERVAL are 184 * ignored. */ 185 clock_gettime(CLOCK_MONOTONIC, &now); 186 if (timespecisset(&astate->defend) && 187 eloop_timespec_diff(&now, &astate->defend, NULL) < DEFEND_INTERVAL) 188 { 189 logwarnx("%s: %d second defence failed for %s", 190 ifp->name, DEFEND_INTERVAL, inet_ntoa(astate->addr)); 191 if (ifp->options->options & DHCPCD_ARP_PERSISTDEFENCE) 192 return; 193 } 194 else if (arp_request(astate, &astate->addr) == -1) 195 logerr(__func__); 196 else { 197 logdebugx("%s: defended address %s", 198 ifp->name, inet_ntoa(astate->addr)); 199 astate->defend = now; 200 return; 201 } 202 #endif 203 204 if (astate->defend_failed_cb != NULL) 205 astate->defend_failed_cb(astate); 206 } 207 208 static bool 209 arp_validate(const struct interface *ifp, struct arphdr *arp) 210 { 211 212 /* Address type must match */ 213 if (arp->ar_hrd != htons(ifp->hwtype)) 214 return false; 215 216 /* Protocol must be IP. */ 217 if (arp->ar_pro != htons(ETHERTYPE_IP)) 218 return false; 219 220 /* lladdr length matches */ 221 if (arp->ar_hln != ifp->hwlen) 222 return false; 223 224 /* Protocol length must match in_addr_t */ 225 if (arp->ar_pln != sizeof(in_addr_t)) 226 return false; 227 228 /* Only these types are recognised */ 229 if (arp->ar_op != htons(ARPOP_REPLY) && 230 arp->ar_op != htons(ARPOP_REQUEST)) 231 return false; 232 233 return true; 234 } 235 236 void 237 arp_packet(struct interface *ifp, uint8_t *data, size_t len, 238 unsigned int bpf_flags) 239 { 240 size_t fl = bpf_frame_header_len(ifp), falen; 241 struct arphdr ar; 242 struct arp_msg arm; 243 const struct iarp_state *state; 244 struct arp_state *astate, *astaten; 245 uint8_t *hw_s, *hw_t; 246 #ifndef KERNEL_RFC5227 247 bool is_probe; 248 #endif /* KERNEL_RFC5227 */ 249 250 /* Copy the frame header source and destination out */ 251 memset(&arm, 0, sizeof(arm)); 252 if (fl != 0) { 253 hw_s = bpf_frame_header_src(ifp, data, &falen); 254 if (hw_s != NULL && falen <= sizeof(arm.fsha)) 255 memcpy(arm.fsha, hw_s, falen); 256 hw_t = bpf_frame_header_dst(ifp, data, &falen); 257 if (hw_t != NULL && falen <= sizeof(arm.ftha)) 258 memcpy(arm.ftha, hw_t, falen); 259 260 /* Skip past the frame header */ 261 data += fl; 262 len -= fl; 263 } 264 265 /* We must have a full ARP header */ 266 if (len < sizeof(ar)) 267 return; 268 memcpy(&ar, data, sizeof(ar)); 269 270 if (!arp_validate(ifp, &ar)) { 271 #ifdef BPF_DEBUG 272 logerrx("%s: ARP BPF validation failure", ifp->name); 273 #endif 274 return; 275 } 276 277 /* Get pointers to the hardware addresses */ 278 hw_s = data + sizeof(ar); 279 hw_t = hw_s + ar.ar_hln + ar.ar_pln; 280 /* Ensure we got all the data */ 281 if ((size_t)((hw_t + ar.ar_hln + ar.ar_pln) - data) > len) 282 return; 283 /* Ignore messages from ourself */ 284 if (ar.ar_hln == ifp->hwlen && 285 memcmp(hw_s, ifp->hwaddr, ifp->hwlen) == 0) 286 { 287 #ifdef ARP_DEBUG 288 logdebugx("%s: ignoring ARP from self", ifp->name); 289 #endif 290 return; 291 } 292 /* Copy out the HW and IP addresses */ 293 memcpy(&arm.sha, hw_s, ar.ar_hln); 294 memcpy(&arm.sip.s_addr, hw_s + ar.ar_hln, ar.ar_pln); 295 memcpy(&arm.tha, hw_t, ar.ar_hln); 296 memcpy(&arm.tip.s_addr, hw_t + ar.ar_hln, ar.ar_pln); 297 298 #ifndef KERNEL_RFC5227 299 /* During ARP probe the 'sender hardware address' MUST contain the hardware 300 * address of the interface sending the packet. RFC5227, 1.1 */ 301 is_probe = ar.ar_op == htons(ARPOP_REQUEST) && IN_IS_ADDR_UNSPECIFIED(&arm.sip) && 302 bpf_flags & BPF_BCAST; 303 if (is_probe && falen > 0 && (falen != ar.ar_hln || 304 memcmp(&arm.sha, &arm.fsha, ar.ar_hln))) { 305 char abuf[HWADDR_LEN * 3]; 306 char fbuf[HWADDR_LEN * 3]; 307 hwaddr_ntoa(&arm.sha, ar.ar_hln, abuf, sizeof(abuf)); 308 hwaddr_ntoa(&arm.fsha, falen, fbuf, sizeof(fbuf)); 309 logwarnx("%s: invalid ARP probe, sender hw address mismatch (%s, %s)", 310 ifp->name, abuf, fbuf); 311 return; 312 } 313 #endif /* KERNEL_RFC5227 */ 314 315 /* Match the ARP probe to our states. 316 * Ignore Unicast Poll, RFC1122. */ 317 state = ARP_CSTATE(ifp); 318 if (state == NULL) 319 return; 320 TAILQ_FOREACH_SAFE(astate, &state->arp_states, next, astaten) { 321 if (IN_ARE_ADDR_EQUAL(&arm.sip, &astate->addr) || 322 (IN_IS_ADDR_UNSPECIFIED(&arm.sip) && 323 IN_ARE_ADDR_EQUAL(&arm.tip, &astate->addr) && 324 bpf_flags & BPF_BCAST)) 325 arp_found(astate, &arm); 326 } 327 } 328 329 static void 330 arp_read(void *arg, unsigned short events) 331 { 332 struct arp_state *astate = arg; 333 struct bpf *bpf = astate->bpf; 334 struct interface *ifp = astate->iface; 335 uint8_t buf[ARP_LEN]; 336 ssize_t bytes; 337 struct in_addr addr = astate->addr; 338 339 if (events != ELE_READ) 340 logerrx("%s: unexpected event 0x%04x", __func__, events); 341 342 /* Some RAW mechanisms are generic file descriptors, not sockets. 343 * This means we have no kernel call to just get one packet, 344 * so we have to process the entire buffer. */ 345 bpf->bpf_flags &= ~BPF_EOF; 346 while (!(bpf->bpf_flags & BPF_EOF)) { 347 bytes = bpf_read(bpf, buf, sizeof(buf)); 348 if (bytes == -1) { 349 logerr("%s: %s", __func__, ifp->name); 350 arp_free(astate); 351 return; 352 } 353 arp_packet(ifp, buf, (size_t)bytes, bpf->bpf_flags); 354 /* Check we still have a state after processing. */ 355 if ((astate = arp_find(ifp, &addr)) == NULL) 356 break; 357 if ((bpf = astate->bpf) == NULL) 358 break; 359 } 360 } 361 362 static void 363 arp_probed(void *arg) 364 { 365 struct arp_state *astate = arg; 366 367 timespecclear(&astate->defend); 368 astate->not_found_cb(astate); 369 } 370 371 static void 372 arp_probe1(void *arg) 373 { 374 struct arp_state *astate = arg; 375 struct interface *ifp = astate->iface; 376 unsigned int delay; 377 378 if (++astate->probes < PROBE_NUM) { 379 delay = (PROBE_MIN * MSEC_PER_SEC) + 380 (arc4random_uniform( 381 (PROBE_MAX - PROBE_MIN) * MSEC_PER_SEC)); 382 eloop_timeout_add_msec(ifp->ctx->eloop, delay, arp_probe1, astate); 383 } else { 384 delay = ANNOUNCE_WAIT * MSEC_PER_SEC; 385 eloop_timeout_add_msec(ifp->ctx->eloop, delay, arp_probed, astate); 386 } 387 logdebugx("%s: ARP probing %s (%d of %d), next in %0.1f seconds", 388 ifp->name, inet_ntoa(astate->addr), 389 astate->probes ? astate->probes : PROBE_NUM, PROBE_NUM, 390 (float)delay / MSEC_PER_SEC); 391 if (arp_request(astate, NULL) == -1) 392 logerr(__func__); 393 } 394 395 void 396 arp_probe(struct arp_state *astate) 397 { 398 399 astate->probes = 0; 400 logdebugx("%s: probing for %s", 401 astate->iface->name, inet_ntoa(astate->addr)); 402 arp_probe1(astate); 403 } 404 #endif /* ARP */ 405 406 struct arp_state * 407 arp_find(struct interface *ifp, const struct in_addr *addr) 408 { 409 struct iarp_state *state; 410 struct arp_state *astate; 411 412 if ((state = ARP_STATE(ifp)) == NULL) 413 goto out; 414 TAILQ_FOREACH(astate, &state->arp_states, next) { 415 if (astate->addr.s_addr == addr->s_addr && astate->iface == ifp) 416 return astate; 417 } 418 out: 419 errno = ESRCH; 420 return NULL; 421 } 422 423 #ifndef KERNEL_RFC5227 424 static void 425 arp_announced(void *arg) 426 { 427 struct arp_state *astate = arg; 428 429 if (astate->announced_cb) { 430 astate->announced_cb(astate); 431 return; 432 } 433 434 /* Keep the ARP state open to handle ongoing ACD. */ 435 } 436 437 static void 438 arp_announce1(void *arg) 439 { 440 struct arp_state *astate = arg; 441 struct interface *ifp = astate->iface; 442 struct ipv4_addr *ia; 443 444 if (++astate->claims < ANNOUNCE_NUM) 445 logdebugx("%s: ARP announcing %s (%d of %d), " 446 "next in %d.0 seconds", 447 ifp->name, inet_ntoa(astate->addr), 448 astate->claims, ANNOUNCE_NUM, ANNOUNCE_WAIT); 449 else 450 logdebugx("%s: ARP announcing %s (%d of %d)", 451 ifp->name, inet_ntoa(astate->addr), 452 astate->claims, ANNOUNCE_NUM); 453 454 /* The kernel will send a Gratuitous ARP for newly added addresses. 455 * So we can avoid sending the same. 456 * Linux is special and doesn't send one. */ 457 ia = ipv4_iffindaddr(ifp, &astate->addr, NULL); 458 #ifndef __linux__ 459 if (astate->claims == 1 && ia != NULL && ia->flags & IPV4_AF_NEW) 460 goto skip_request; 461 #endif 462 463 if (arp_request(astate, &astate->addr) == -1) 464 logerr(__func__); 465 466 #ifndef __linux__ 467 skip_request: 468 #endif 469 /* No longer a new address. */ 470 if (ia != NULL) 471 ia->flags |= ~IPV4_AF_NEW; 472 473 eloop_timeout_add_sec(ifp->ctx->eloop, ANNOUNCE_WAIT, 474 astate->claims < ANNOUNCE_NUM ? arp_announce1 : arp_announced, 475 astate); 476 } 477 478 static void 479 arp_announce(struct arp_state *astate) 480 { 481 struct iarp_state *state; 482 struct interface *ifp; 483 struct arp_state *a2; 484 int r; 485 486 /* Cancel any other ARP announcements for this address. */ 487 TAILQ_FOREACH(ifp, astate->iface->ctx->ifaces, next) { 488 state = ARP_STATE(ifp); 489 if (state == NULL) 490 continue; 491 TAILQ_FOREACH(a2, &state->arp_states, next) { 492 if (astate == a2 || 493 a2->addr.s_addr != astate->addr.s_addr) 494 continue; 495 r = eloop_timeout_delete(a2->iface->ctx->eloop, 496 a2->claims < ANNOUNCE_NUM 497 ? arp_announce1 : arp_announced, 498 a2); 499 if (r == -1) 500 logerr(__func__); 501 else if (r != 0) { 502 logdebugx("%s: ARP announcement " 503 "of %s cancelled", 504 a2->iface->name, 505 inet_ntoa(a2->addr)); 506 arp_announced(a2); 507 } 508 } 509 } 510 511 astate->claims = 0; 512 arp_announce1(astate); 513 } 514 515 struct arp_state * 516 arp_ifannounceaddr(struct interface *ifp, const struct in_addr *ia) 517 { 518 struct arp_state *astate; 519 520 if (ifp->flags & IFF_NOARP || !(ifp->options->options & DHCPCD_ARP)) 521 return NULL; 522 523 astate = arp_find(ifp, ia); 524 if (astate == NULL) { 525 astate = arp_new(ifp, ia); 526 if (astate == NULL) 527 return NULL; 528 astate->announced_cb = arp_free; 529 } 530 arp_announce(astate); 531 return astate; 532 } 533 #endif 534 535 struct arp_state * 536 arp_new(struct interface *ifp, const struct in_addr *addr) 537 { 538 struct iarp_state *state; 539 struct arp_state *astate; 540 541 if ((state = ARP_STATE(ifp)) == NULL) { 542 ifp->if_data[IF_DATA_ARP] = malloc(sizeof(*state)); 543 state = ARP_STATE(ifp); 544 if (state == NULL) { 545 logerr(__func__); 546 return NULL; 547 } 548 TAILQ_INIT(&state->arp_states); 549 } else { 550 if ((astate = arp_find(ifp, addr)) != NULL) 551 return astate; 552 } 553 554 if ((astate = calloc(1, sizeof(*astate))) == NULL) { 555 logerr(__func__); 556 return NULL; 557 } 558 astate->iface = ifp; 559 astate->addr = *addr; 560 561 #ifdef PRIVSEP 562 if (IN_PRIVSEP(ifp->ctx)) { 563 if (ps_bpf_openarp(ifp, addr) == -1) { 564 logerr(__func__); 565 free(astate); 566 return NULL; 567 } 568 } else 569 #endif 570 { 571 astate->bpf = bpf_open(ifp, bpf_arp, addr); 572 if (astate->bpf == NULL) { 573 logerr(__func__); 574 free(astate); 575 return NULL; 576 } 577 if (eloop_event_add(ifp->ctx->eloop, astate->bpf->bpf_fd, ELE_READ, 578 arp_read, astate) == -1) 579 logerr("%s: eloop_event_add", __func__); 580 } 581 582 583 state = ARP_STATE(ifp); 584 TAILQ_INSERT_TAIL(&state->arp_states, astate, next); 585 return astate; 586 } 587 588 void 589 arp_free(struct arp_state *astate) 590 { 591 struct interface *ifp; 592 struct dhcpcd_ctx *ctx; 593 struct iarp_state *state; 594 595 if (astate == NULL) 596 return; 597 598 ifp = astate->iface; 599 ctx = ifp->ctx; 600 eloop_timeout_delete(ctx->eloop, NULL, astate); 601 602 state = ARP_STATE(ifp); 603 TAILQ_REMOVE(&state->arp_states, astate, next); 604 if (astate->free_cb) 605 astate->free_cb(astate); 606 607 #ifdef PRIVSEP 608 if (IN_PRIVSEP(ctx) && ps_bpf_closearp(ifp, &astate->addr) == -1) 609 logerr(__func__); 610 #endif 611 if (astate->bpf != NULL) { 612 eloop_event_delete(ctx->eloop, astate->bpf->bpf_fd); 613 bpf_close(astate->bpf); 614 } 615 616 free(astate); 617 618 if (TAILQ_FIRST(&state->arp_states) == NULL) { 619 free(state); 620 ifp->if_data[IF_DATA_ARP] = NULL; 621 } 622 } 623 624 void 625 arp_freeaddr(struct interface *ifp, const struct in_addr *ia) 626 { 627 struct arp_state *astate; 628 629 astate = arp_find(ifp, ia); 630 arp_free(astate); 631 } 632 633 void 634 arp_drop(struct interface *ifp) 635 { 636 struct iarp_state *state; 637 struct arp_state *astate; 638 639 while ((state = ARP_STATE(ifp)) != NULL && 640 (astate = TAILQ_FIRST(&state->arp_states)) != NULL) 641 arp_free(astate); 642 } 643
Indexes created Tue Jun 23 00:25:03 UTC 2026