passt/arp.c
Stefano Brivio 8bca388e8a passt: Assorted fixes from "fresh eyes" review
A bunch of fixes not worth single commits at this stage, notably:

- make buffer, length parameter ordering consistent in ARP, DHCP,
  NDP handlers

- strict checking of buffer, message and option length in DHCP
  handler (a malicious client could have easily crashed it)

- set up forwarding for IPv4 and IPv6, and masquerading with nft for
  IPv4, from demo script

- get rid of separate slow and fast timers, we don't save any
  overhead that way

- stricter checking of buffer lengths as passed to tap handlers

- proper dequeuing from qemu socket back-end: I accidentally trashed
  messages that were bundled up together in a single tap read
  operation -- the length header tells us what's the size of the next
  frame, but there's no apparent limit to the number of messages we
  get with one single receive

- rework some bits of the TCP state machine, now passive and active
  connection closes appear to be robust -- introduce a new
  FIN_WAIT_1_SOCK_FIN state indicating a FIN_WAIT_1 with a FIN flag
  from socket

- streamline TCP option parsing routine

- track TCP state changes to stderr (this is temporary, proper
  debugging and syslogging support pending)

- observe that multiplying a number by four might very well change
  its value, and this happens to be the case for the data offset
  from the TCP header as we check if it's the same as the total
  length to find out if it's a duplicated ACK segment

- recent estimates suggest that the duration of a millisecond is
  closer to a million nanoseconds than a thousand of them, this
  trend is now reflected into the timespec_diff_ms() convenience
  routine

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2021-02-21 11:55:49 +01:00

88 lines
2 KiB
C

// SPDX-License-Identifier: AGPL-3.0-or-later
/* PASST - Plug A Simple Socket Transport
*
* arp.c - ARP implementation
*
* Copyright (c) 2020-2021 Red Hat GmbH
* Author: Stefano Brivio <sbrivio@redhat.com>
*
*/
#include <stdio.h>
#include <stddef.h>
#include <stdint.h>
#include <unistd.h>
#include <string.h>
#include <linux/if_ether.h>
#include <linux/ip.h>
#include <linux/ipv6.h>
#include <linux/udp.h>
#include <net/if.h>
#include <net/if_arp.h>
#include <arpa/inet.h>
#include "passt.h"
#include "dhcp.h"
#include "util.h"
#include "tap.h"
/**
* struct arpmsg - 802.2 ARP IPv4 payload
* @sha: Sender hardware address
* @sip: Sender IP address
* @tha: Target hardware address
* @tip: Target IP address
*/
struct arpmsg {
unsigned char sha[ETH_ALEN];
unsigned char sip[4];
unsigned char tha[ETH_ALEN];
unsigned char tip[4];
} __attribute__((__packed__));
/**
* arp() - Check if this is an ARP message, reply as needed
* @c: Execution context
* @len: Total L2 packet length
* @eh: Packet buffer, Ethernet header
*
* Return: 0 if it's not an ARP message, 1 if handled, -1 on failure
*/
int arp(struct ctx *c, struct ethhdr *eh, size_t len)
{
struct arphdr *ah = (struct arphdr *)(eh + 1);
struct arpmsg *am = (struct arpmsg *)(ah + 1);
unsigned char swap[4];
if (eh->h_proto != htons(ETH_P_ARP))
return 0;
if (len < sizeof(*eh) + sizeof(*ah) + sizeof(*am))
return -1;
if (ah->ar_hrd != htons(ARPHRD_ETHER) ||
ah->ar_pro != htons(ETH_P_IP) ||
ah->ar_hln != ETH_ALEN || ah->ar_pln != 4 ||
ah->ar_op != htons(ARPOP_REQUEST))
return 1;
ah->ar_op = htons(ARPOP_REPLY);
memcpy(am->tha, am->sha, ETH_ALEN);
memcpy(am->sha, c->mac, ETH_ALEN);
memcpy(swap, am->tip, 4);
memcpy(am->tip, am->sip, 4);
memcpy(am->sip, swap, 4);
len = sizeof(*eh) + sizeof(*ah) + sizeof(*am);
memcpy(eh->h_dest, eh->h_source, ETH_ALEN);
/* HACK */
memcpy(c->mac_guest, eh->h_source, ETH_ALEN);
memcpy(eh->h_source, c->mac, ETH_ALEN);
if (tap_send(c->fd_unix, eh, len, 0) < 0)
perror("ARP: send");
return 1;
}