1 | /* SPDX-License-Identifier: MIT */ |
2 | /* |
3 | * QEMU BOOTP/DHCP server |
4 | * |
5 | * Copyright (c) 2004 Fabrice Bellard |
6 | * |
7 | * Permission is hereby granted, free of charge, to any person obtaining a copy |
8 | * of this software and associated documentation files (the "Software"), to deal |
9 | * in the Software without restriction, including without limitation the rights |
10 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
11 | * copies of the Software, and to permit persons to whom the Software is |
12 | * furnished to do so, subject to the following conditions: |
13 | * |
14 | * The above copyright notice and this permission notice shall be included in |
15 | * all copies or substantial portions of the Software. |
16 | * |
17 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
18 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
19 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL |
20 | * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
21 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
22 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN |
23 | * THE SOFTWARE. |
24 | */ |
25 | #include "slirp.h" |
26 | |
27 | #if defined(_WIN32) |
28 | /* Windows ntohl() returns an u_long value. |
29 | * Add a type cast to match the format strings. */ |
30 | #define ntohl(n) ((uint32_t)ntohl(n)) |
31 | #endif |
32 | |
33 | /* XXX: only DHCP is supported */ |
34 | |
35 | #define LEASE_TIME (24 * 3600) |
36 | |
37 | static const uint8_t rfc1533_cookie[] = { RFC1533_COOKIE }; |
38 | |
39 | #define DPRINTF(fmt, ...) DEBUG_CALL(fmt, ##__VA_ARGS__) |
40 | |
41 | static BOOTPClient *get_new_addr(Slirp *slirp, struct in_addr *paddr, |
42 | const uint8_t *macaddr) |
43 | { |
44 | BOOTPClient *bc; |
45 | int i; |
46 | |
47 | for (i = 0; i < NB_BOOTP_CLIENTS; i++) { |
48 | bc = &slirp->bootp_clients[i]; |
49 | if (!bc->allocated || !memcmp(macaddr, bc->macaddr, 6)) |
50 | goto found; |
51 | } |
52 | return NULL; |
53 | found: |
54 | bc = &slirp->bootp_clients[i]; |
55 | bc->allocated = 1; |
56 | paddr->s_addr = slirp->vdhcp_startaddr.s_addr + htonl(i); |
57 | return bc; |
58 | } |
59 | |
60 | static BOOTPClient *request_addr(Slirp *slirp, const struct in_addr *paddr, |
61 | const uint8_t *macaddr) |
62 | { |
63 | uint32_t req_addr = ntohl(paddr->s_addr); |
64 | uint32_t dhcp_addr = ntohl(slirp->vdhcp_startaddr.s_addr); |
65 | BOOTPClient *bc; |
66 | |
67 | if (req_addr >= dhcp_addr && req_addr < (dhcp_addr + NB_BOOTP_CLIENTS)) { |
68 | bc = &slirp->bootp_clients[req_addr - dhcp_addr]; |
69 | if (!bc->allocated || !memcmp(macaddr, bc->macaddr, 6)) { |
70 | bc->allocated = 1; |
71 | return bc; |
72 | } |
73 | } |
74 | return NULL; |
75 | } |
76 | |
77 | static BOOTPClient *find_addr(Slirp *slirp, struct in_addr *paddr, |
78 | const uint8_t *macaddr) |
79 | { |
80 | BOOTPClient *bc; |
81 | int i; |
82 | |
83 | for (i = 0; i < NB_BOOTP_CLIENTS; i++) { |
84 | if (!memcmp(macaddr, slirp->bootp_clients[i].macaddr, 6)) |
85 | goto found; |
86 | } |
87 | return NULL; |
88 | found: |
89 | bc = &slirp->bootp_clients[i]; |
90 | bc->allocated = 1; |
91 | paddr->s_addr = slirp->vdhcp_startaddr.s_addr + htonl(i); |
92 | return bc; |
93 | } |
94 | |
95 | static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type, |
96 | struct in_addr *preq_addr) |
97 | { |
98 | const uint8_t *p, *p_end; |
99 | int len, tag; |
100 | |
101 | *pmsg_type = 0; |
102 | preq_addr->s_addr = htonl(0L); |
103 | |
104 | p = bp->bp_vend; |
105 | p_end = p + DHCP_OPT_LEN; |
106 | if (memcmp(p, rfc1533_cookie, 4) != 0) |
107 | return; |
108 | p += 4; |
109 | while (p < p_end) { |
110 | tag = p[0]; |
111 | if (tag == RFC1533_PAD) { |
112 | p++; |
113 | } else if (tag == RFC1533_END) { |
114 | break; |
115 | } else { |
116 | p++; |
117 | if (p >= p_end) |
118 | break; |
119 | len = *p++; |
120 | if (p + len > p_end) { |
121 | break; |
122 | } |
123 | DPRINTF("dhcp: tag=%d len=%d\n" , tag, len); |
124 | |
125 | switch (tag) { |
126 | case RFC2132_MSG_TYPE: |
127 | if (len >= 1) |
128 | *pmsg_type = p[0]; |
129 | break; |
130 | case RFC2132_REQ_ADDR: |
131 | if (len >= 4) { |
132 | memcpy(&(preq_addr->s_addr), p, 4); |
133 | } |
134 | break; |
135 | default: |
136 | break; |
137 | } |
138 | p += len; |
139 | } |
140 | } |
141 | if (*pmsg_type == DHCPREQUEST && preq_addr->s_addr == htonl(0L) && |
142 | bp->bp_ciaddr.s_addr) { |
143 | memcpy(&(preq_addr->s_addr), &bp->bp_ciaddr, 4); |
144 | } |
145 | } |
146 | |
147 | static void bootp_reply(Slirp *slirp, const struct bootp_t *bp) |
148 | { |
149 | BOOTPClient *bc = NULL; |
150 | struct mbuf *m; |
151 | struct bootp_t *rbp; |
152 | struct sockaddr_in saddr, daddr; |
153 | struct in_addr preq_addr; |
154 | int dhcp_msg_type, val; |
155 | uint8_t *q; |
156 | uint8_t *end; |
157 | uint8_t client_ethaddr[ETH_ALEN]; |
158 | |
159 | /* extract exact DHCP msg type */ |
160 | dhcp_decode(bp, &dhcp_msg_type, &preq_addr); |
161 | DPRINTF("bootp packet op=%d msgtype=%d" , bp->bp_op, dhcp_msg_type); |
162 | if (preq_addr.s_addr != htonl(0L)) |
163 | DPRINTF(" req_addr=%08" PRIx32 "\n" , ntohl(preq_addr.s_addr)); |
164 | else { |
165 | DPRINTF("\n" ); |
166 | } |
167 | |
168 | if (dhcp_msg_type == 0) |
169 | dhcp_msg_type = DHCPREQUEST; /* Force reply for old BOOTP clients */ |
170 | |
171 | if (dhcp_msg_type != DHCPDISCOVER && dhcp_msg_type != DHCPREQUEST) |
172 | return; |
173 | |
174 | /* Get client's hardware address from bootp request */ |
175 | memcpy(client_ethaddr, bp->bp_hwaddr, ETH_ALEN); |
176 | |
177 | m = m_get(slirp); |
178 | if (!m) { |
179 | return; |
180 | } |
181 | m->m_data += IF_MAXLINKHDR; |
182 | rbp = (struct bootp_t *)m->m_data; |
183 | m->m_data += sizeof(struct udpiphdr); |
184 | memset(rbp, 0, sizeof(struct bootp_t)); |
185 | |
186 | if (dhcp_msg_type == DHCPDISCOVER) { |
187 | if (preq_addr.s_addr != htonl(0L)) { |
188 | bc = request_addr(slirp, &preq_addr, client_ethaddr); |
189 | if (bc) { |
190 | daddr.sin_addr = preq_addr; |
191 | } |
192 | } |
193 | if (!bc) { |
194 | new_addr: |
195 | bc = get_new_addr(slirp, &daddr.sin_addr, client_ethaddr); |
196 | if (!bc) { |
197 | DPRINTF("no address left\n" ); |
198 | return; |
199 | } |
200 | } |
201 | memcpy(bc->macaddr, client_ethaddr, ETH_ALEN); |
202 | } else if (preq_addr.s_addr != htonl(0L)) { |
203 | bc = request_addr(slirp, &preq_addr, client_ethaddr); |
204 | if (bc) { |
205 | daddr.sin_addr = preq_addr; |
206 | memcpy(bc->macaddr, client_ethaddr, ETH_ALEN); |
207 | } else { |
208 | /* DHCPNAKs should be sent to broadcast */ |
209 | daddr.sin_addr.s_addr = 0xffffffff; |
210 | } |
211 | } else { |
212 | bc = find_addr(slirp, &daddr.sin_addr, bp->bp_hwaddr); |
213 | if (!bc) { |
214 | /* if never assigned, behaves as if it was already |
215 | assigned (windows fix because it remembers its address) */ |
216 | goto new_addr; |
217 | } |
218 | } |
219 | |
220 | /* Update ARP table for this IP address */ |
221 | arp_table_add(slirp, daddr.sin_addr.s_addr, client_ethaddr); |
222 | |
223 | saddr.sin_addr = slirp->vhost_addr; |
224 | saddr.sin_port = htons(BOOTP_SERVER); |
225 | |
226 | daddr.sin_port = htons(BOOTP_CLIENT); |
227 | |
228 | rbp->bp_op = BOOTP_REPLY; |
229 | rbp->bp_xid = bp->bp_xid; |
230 | rbp->bp_htype = 1; |
231 | rbp->bp_hlen = 6; |
232 | memcpy(rbp->bp_hwaddr, bp->bp_hwaddr, ETH_ALEN); |
233 | |
234 | rbp->bp_yiaddr = daddr.sin_addr; /* Client IP address */ |
235 | rbp->bp_siaddr = saddr.sin_addr; /* Server IP address */ |
236 | |
237 | q = rbp->bp_vend; |
238 | end = (uint8_t *)&rbp[1]; |
239 | memcpy(q, rfc1533_cookie, 4); |
240 | q += 4; |
241 | |
242 | if (bc) { |
243 | DPRINTF("%s addr=%08" PRIx32 "\n" , |
244 | (dhcp_msg_type == DHCPDISCOVER) ? "offered" : "ack'ed" , |
245 | ntohl(daddr.sin_addr.s_addr)); |
246 | |
247 | if (dhcp_msg_type == DHCPDISCOVER) { |
248 | *q++ = RFC2132_MSG_TYPE; |
249 | *q++ = 1; |
250 | *q++ = DHCPOFFER; |
251 | } else /* DHCPREQUEST */ { |
252 | *q++ = RFC2132_MSG_TYPE; |
253 | *q++ = 1; |
254 | *q++ = DHCPACK; |
255 | } |
256 | |
257 | if (slirp->bootp_filename) |
258 | snprintf((char *)rbp->bp_file, sizeof(rbp->bp_file), "%s" , |
259 | slirp->bootp_filename); |
260 | |
261 | *q++ = RFC2132_SRV_ID; |
262 | *q++ = 4; |
263 | memcpy(q, &saddr.sin_addr, 4); |
264 | q += 4; |
265 | |
266 | *q++ = RFC1533_NETMASK; |
267 | *q++ = 4; |
268 | memcpy(q, &slirp->vnetwork_mask, 4); |
269 | q += 4; |
270 | |
271 | if (!slirp->restricted) { |
272 | *q++ = RFC1533_GATEWAY; |
273 | *q++ = 4; |
274 | memcpy(q, &saddr.sin_addr, 4); |
275 | q += 4; |
276 | |
277 | *q++ = RFC1533_DNS; |
278 | *q++ = 4; |
279 | memcpy(q, &slirp->vnameserver_addr, 4); |
280 | q += 4; |
281 | } |
282 | |
283 | *q++ = RFC2132_LEASE_TIME; |
284 | *q++ = 4; |
285 | val = htonl(LEASE_TIME); |
286 | memcpy(q, &val, 4); |
287 | q += 4; |
288 | |
289 | if (*slirp->client_hostname) { |
290 | val = strlen(slirp->client_hostname); |
291 | if (q + val + 2 >= end) { |
292 | g_warning("DHCP packet size exceeded, " |
293 | "omitting host name option." ); |
294 | } else { |
295 | *q++ = RFC1533_HOSTNAME; |
296 | *q++ = val; |
297 | memcpy(q, slirp->client_hostname, val); |
298 | q += val; |
299 | } |
300 | } |
301 | |
302 | if (slirp->vdomainname) { |
303 | val = strlen(slirp->vdomainname); |
304 | if (q + val + 2 >= end) { |
305 | g_warning("DHCP packet size exceeded, " |
306 | "omitting domain name option." ); |
307 | } else { |
308 | *q++ = RFC1533_DOMAINNAME; |
309 | *q++ = val; |
310 | memcpy(q, slirp->vdomainname, val); |
311 | q += val; |
312 | } |
313 | } |
314 | |
315 | if (slirp->tftp_server_name) { |
316 | val = strlen(slirp->tftp_server_name); |
317 | if (q + val + 2 >= end) { |
318 | g_warning("DHCP packet size exceeded, " |
319 | "omitting tftp-server-name option." ); |
320 | } else { |
321 | *q++ = RFC2132_TFTP_SERVER_NAME; |
322 | *q++ = val; |
323 | memcpy(q, slirp->tftp_server_name, val); |
324 | q += val; |
325 | } |
326 | } |
327 | |
328 | if (slirp->vdnssearch) { |
329 | val = slirp->vdnssearch_len; |
330 | if (q + val >= end) { |
331 | g_warning("DHCP packet size exceeded, " |
332 | "omitting domain-search option." ); |
333 | } else { |
334 | memcpy(q, slirp->vdnssearch, val); |
335 | q += val; |
336 | } |
337 | } |
338 | } else { |
339 | static const char nak_msg[] = "requested address not available" ; |
340 | |
341 | DPRINTF("nak'ed addr=%08" PRIx32 "\n" , ntohl(preq_addr.s_addr)); |
342 | |
343 | *q++ = RFC2132_MSG_TYPE; |
344 | *q++ = 1; |
345 | *q++ = DHCPNAK; |
346 | |
347 | *q++ = RFC2132_MESSAGE; |
348 | *q++ = sizeof(nak_msg) - 1; |
349 | memcpy(q, nak_msg, sizeof(nak_msg) - 1); |
350 | q += sizeof(nak_msg) - 1; |
351 | } |
352 | assert(q < end); |
353 | *q = |
354 | RFC1533_END |
355 | ; |
356 | |
357 | daddr.sin_addr.s_addr = 0xffffffffu; |
358 | |
359 | m->m_len = sizeof(struct bootp_t) - sizeof(struct ip) - sizeof(struct udphdr); |
360 | udp_output(NULL, m, &saddr, &daddr, IPTOS_LOWDELAY); |
361 | } |
362 | |
363 | void bootp_input(struct mbuf *m) |
364 | { |
365 | struct bootp_t *bp = mtod(m, struct bootp_t *); |
366 | |
367 | if (bp->bp_op == BOOTP_REQUEST) { |
368 | bootp_reply(m->slirp, bp); |
369 | } |
370 | } |
371 | |