8bca388e8a
A bunch of fixes not worth single commits at this stage, notably: - make buffer, length parameter ordering consistent in ARP, DHCP, NDP handlers - strict checking of buffer, message and option length in DHCP handler (a malicious client could have easily crashed it) - set up forwarding for IPv4 and IPv6, and masquerading with nft for IPv4, from demo script - get rid of separate slow and fast timers, we don't save any overhead that way - stricter checking of buffer lengths as passed to tap handlers - proper dequeuing from qemu socket back-end: I accidentally trashed messages that were bundled up together in a single tap read operation -- the length header tells us what's the size of the next frame, but there's no apparent limit to the number of messages we get with one single receive - rework some bits of the TCP state machine, now passive and active connection closes appear to be robust -- introduce a new FIN_WAIT_1_SOCK_FIN state indicating a FIN_WAIT_1 with a FIN flag from socket - streamline TCP option parsing routine - track TCP state changes to stderr (this is temporary, proper debugging and syslogging support pending) - observe that multiplying a number by four might very well change its value, and this happens to be the case for the data offset from the TCP header as we check if it's the same as the total length to find out if it's a duplicated ACK segment - recent estimates suggest that the duration of a millisecond is closer to a million nanoseconds than a thousand of them, this trend is now reflected into the timespec_diff_ms() convenience routine Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
88 lines
2 KiB
C
88 lines
2 KiB
C
// SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
/* PASST - Plug A Simple Socket Transport
|
|
*
|
|
* arp.c - ARP implementation
|
|
*
|
|
* Copyright (c) 2020-2021 Red Hat GmbH
|
|
* Author: Stefano Brivio <sbrivio@redhat.com>
|
|
*
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
#include <stddef.h>
|
|
#include <stdint.h>
|
|
#include <unistd.h>
|
|
#include <string.h>
|
|
#include <linux/if_ether.h>
|
|
#include <linux/ip.h>
|
|
#include <linux/ipv6.h>
|
|
#include <linux/udp.h>
|
|
#include <net/if.h>
|
|
#include <net/if_arp.h>
|
|
#include <arpa/inet.h>
|
|
|
|
#include "passt.h"
|
|
#include "dhcp.h"
|
|
#include "util.h"
|
|
#include "tap.h"
|
|
|
|
/**
|
|
* struct arpmsg - 802.2 ARP IPv4 payload
|
|
* @sha: Sender hardware address
|
|
* @sip: Sender IP address
|
|
* @tha: Target hardware address
|
|
* @tip: Target IP address
|
|
*/
|
|
struct arpmsg {
|
|
unsigned char sha[ETH_ALEN];
|
|
unsigned char sip[4];
|
|
unsigned char tha[ETH_ALEN];
|
|
unsigned char tip[4];
|
|
} __attribute__((__packed__));
|
|
|
|
/**
|
|
* arp() - Check if this is an ARP message, reply as needed
|
|
* @c: Execution context
|
|
* @len: Total L2 packet length
|
|
* @eh: Packet buffer, Ethernet header
|
|
*
|
|
* Return: 0 if it's not an ARP message, 1 if handled, -1 on failure
|
|
*/
|
|
int arp(struct ctx *c, struct ethhdr *eh, size_t len)
|
|
{
|
|
struct arphdr *ah = (struct arphdr *)(eh + 1);
|
|
struct arpmsg *am = (struct arpmsg *)(ah + 1);
|
|
unsigned char swap[4];
|
|
|
|
if (eh->h_proto != htons(ETH_P_ARP))
|
|
return 0;
|
|
|
|
if (len < sizeof(*eh) + sizeof(*ah) + sizeof(*am))
|
|
return -1;
|
|
|
|
if (ah->ar_hrd != htons(ARPHRD_ETHER) ||
|
|
ah->ar_pro != htons(ETH_P_IP) ||
|
|
ah->ar_hln != ETH_ALEN || ah->ar_pln != 4 ||
|
|
ah->ar_op != htons(ARPOP_REQUEST))
|
|
return 1;
|
|
|
|
ah->ar_op = htons(ARPOP_REPLY);
|
|
memcpy(am->tha, am->sha, ETH_ALEN);
|
|
memcpy(am->sha, c->mac, ETH_ALEN);
|
|
|
|
memcpy(swap, am->tip, 4);
|
|
memcpy(am->tip, am->sip, 4);
|
|
memcpy(am->sip, swap, 4);
|
|
|
|
len = sizeof(*eh) + sizeof(*ah) + sizeof(*am);
|
|
memcpy(eh->h_dest, eh->h_source, ETH_ALEN);
|
|
/* HACK */
|
|
memcpy(c->mac_guest, eh->h_source, ETH_ALEN);
|
|
memcpy(eh->h_source, c->mac, ETH_ALEN);
|
|
|
|
if (tap_send(c->fd_unix, eh, len, 0) < 0)
|
|
perror("ARP: send");
|
|
|
|
return 1;
|
|
}
|