Commit Graph

235 Commits

Author SHA1 Message Date
Nicholas J. Kain
8b27b41c0c Enable active defense of IP address / lease, as described in RFC5227. 2011-07-05 13:03:55 -04:00
Nicholas J. Kain
74a79314d7 Document the --vendorid and --leasefile options in --help. 2011-07-05 11:18:28 -04:00
Nicholas J. Kain
f9809d74a4 Remove the -H alias for --hostname. 2011-07-05 11:14:35 -04:00
Nicholas J. Kain
f1fcd4dc16 Perform timeout-based ARP retransmission for AS_GW_CHECK and AS_GW_QUERY. 2011-07-05 11:07:42 -04:00
Nicholas J. Kain
a9c807c1df Rename DS_ARP_CHECK to the less confusing DS_COLLISION_CHECK.
Call arp_reopen_fd() if reading from the arp fd fails in any state other
than AS_COLLISION_CHECK or AS_GW_CHECK.
2011-07-04 22:59:07 -04:00
Nicholas J. Kain
b3acad9166 Use reinit_selecting() in arp.c. 2011-07-04 22:52:53 -04:00
Nicholas J. Kain
c79c65454c If sending on the arp fd fails, then re-open the arp fd and restore arp
state to what it was before closing the fd.  It may allow the client to
continue working in the face of error, as arp functionality is not critical
for simply holding a lease.
2011-07-04 22:35:53 -04:00
Nicholas J. Kain
4453391154 Move dhcp state handling code out of netlink.c and into state.c. netlink.c
now just calls hooks exposed by state.c, just like the dhcp packet,
poll timeout, and signal code.

Make ifchange_deconfig() idempotent.
2011-07-04 22:10:14 -04:00
Nicholas J. Kain
88804e0102 Cache the last configured dhcp packet in ifchange.c. Only send updates that
differ from what already existed.
2011-07-04 21:40:32 -04:00
Nicholas J. Kain
9ef66af020 Simplify the ifchange API. 2011-07-04 20:51:27 -04:00
Nicholas J. Kain
bb83b14237 Refactor the common ARP structure fields between arp sending functions
into the BASE_ARPMSG() macro to make it more obvious what is shared.

Resequence the gateway arp address print and the arp state change to
AS_DEFENSE so that the debug prints are less confusing.  No other change.
2011-07-04 20:19:30 -04:00
Nicholas J. Kain
dca662cd27 Massive overhaul to arp.c in preparation for adding address defense:
Use a separate state machine for the arp handling.  It's loosely coupled to
the dhcp code, and is thus much easier to reason about than the previous
approach that made the arp code use the dhcp state.

Add a BPF and C emulation of the BPF for RFC5227-style address defense.  Allow
switchable BPF filters for the arp socket.

Fix a regression introduced in the arp announcement commit.  Contrary to
RFC5227, the 'h_dest' field in the ARP packet should be set to all 0xff
for wildcard semantics, not all 0x00.

Keep track of the millisecond timestamp of the most recent ARP packet that has
been sent as well as the total number of packets that have been sent in
the current ARP state.  Use these values to implement time-based ARP
retransmit.

When querying the default gateway/router, use ARP packets that have the
source IP set to the client lease IP rather than 0.0.0.0.

Combine common code in the arp sending functions into arp_send().

Resequence the arp_announcement() in arp_success() so that it happens after
the interface is configured by ifchange() / ifchd.

Get rid of layering hack in ifchange.c to set the router address in the
client state.  Do it in the proper place in arp.c.

Add an early exit before ifchd_cmd() in ifchange.c.  This change prevents
sending a ':' to ifchd for a string type option with no string content.
2011-07-04 20:07:16 -04:00
Nicholas J. Kain
be44bf0a04 Resequence operations in selecting_timeout() so that two packets are sent with
corresponding waits for responses rather than sending two packets and
immediately backgrounding or failing after the second is sent without waiting
for a response.

Set sll_pkttype = PACKET_BROADCAST on outgoing raw dhcp packets.

Condense arguments for send_dhcp_cooked().
2011-07-03 18:56:57 -04:00
Nicholas J. Kain
e4ff1e9261 Remove the ugly hack for forcing nl_getifdata() to be synchronous. It now
properly performs a synchronous wait using poll().
2011-07-03 18:10:00 -04:00
Nicholas J. Kain
01c4731403 Make sure that the netlink socket will never block after program
initialization.  Fetching if/address/index/mac mappings is done only once at
program init, so it is done synchronously as an exception to this rule.

Rewrite the netlink handling.  Now uses NIH code that should be safe, small,
and correct.  No external deps FTW.
2011-07-03 17:30:55 -04:00
Nicholas J. Kain
2c2cc1cf22 Don't send host name option on DHCP decline or release packets. 2011-07-03 06:03:54 -04:00
Nicholas J. Kain
aa61d71f7d Autodetect if the clientid parameter is a valid mac address and treat it
accordingly.  Don't require an explicit parameter for it.
2011-07-03 05:45:05 -04:00
Nicholas J. Kain
f08c174725 Add clientid-mac option for sending a MAC address as a client identifier
other than our own.
2011-07-03 05:36:47 -04:00
Nicholas J. Kain
f84cdbde1e Fix regression:
Make the clientid to attach the ethernet type byte prefix to the option.
2011-07-03 04:33:16 -04:00
Nicholas J. Kain
801ec356f4 Convert DHCP option code numbers to an enum.
Convert many remaining /**/ comments to // where it makes for less visual
clutter.
2011-07-02 06:31:57 -04:00
Nicholas J. Kain
9224374d98 Send an ARP announcement after getting a new lease. 2011-07-02 05:48:24 -04:00
Nicholas J. Kain
d304fb6b38 Only bring down the interface at startup time if it is not already up and
running.  ndhc does its job entirely with raw sockets before a lease is
established, so it will work just fine, and this change allows for the dhcp
client to be re-run without causing downtime on an interface.
2011-07-02 04:58:58 -04:00
Nicholas J. Kain
46ed7f5998 Enforce stronger type checking on DHCP option values. Fix some endianness
issues as well.
2011-07-02 04:45:11 -04:00
Nicholas J. Kain
cfd9822252 Rename packet.[ch] to dhcp.[ch]. 2011-07-02 03:51:44 -04:00
Nicholas J. Kain
d9571c62cf Don't use malloc in ndhc. The only place it was used is in the options code.
Allow the user to specify the vendor identification option value using the
-V switch.  The default value is still "ndhc".
2011-07-02 03:48:08 -04:00
Nicholas J. Kain
7104b56ab9 Change netlink event handling so that the DHCP client will sleep if the
interface carrier is lost or the interface is deconfigured but still exists,
eg via ifconfig down.  If the hardware is removed, then ndhcp will exit.
2011-07-02 01:51:32 -04:00
Nicholas J. Kain
17570e9a38 Rewrite the netlink handling code to use libmnl. The size cost is very small,
and it is hard to do netlink completely correctly as it is poorly documented.
2011-07-02 01:34:50 -04:00
Nicholas J. Kain
38ad2399ed Clean up the DHCP packet sending functions and make them more RFC-compliant.
Rename cs->requestedIP to cs->clientAddr.
Move the IFS_* defines into netlink.c.
Cosmetic cleanups.
2011-07-01 11:37:13 -04:00
Nicholas J. Kain
a68c8cb64c Make the log prints less debug-like and more sysadmin-friendly. 2011-07-01 05:49:39 -04:00
Nicholas J. Kain
e1262cd563 Cosmetic cleanup of create_udp_listen_socket() to eliminate invariant
arguments.
2011-07-01 05:35:38 -04:00
Nicholas J. Kain
9974cc2f51 Separate out dhcp packet validation into validate_dhcp_packet(). 2011-07-01 05:33:12 -04:00
Nicholas J. Kain
09b5c08b5b Cosmetic cleanups in packet.c. 2011-07-01 04:38:38 -04:00
Nicholas J. Kain
42f81ecd33 Make the DHCP BPF perform stricter checks. Now packets that have IP options
are discarded, and the UDP length, IP length, and IP header size fields are
validated for consistency.

Keep track of whether the DHCP BPF has been successfully installed.  If it has,
then don't perform redundant checks in DHCP validation.
2011-07-01 04:14:10 -04:00
Nicholas J. Kain
7a2585d2bf Keep track of whether the ARP BPF has been successfully installed. If it has,
then don't perform redundant checks in ARP validation.
2011-07-01 03:01:29 -04:00
Nicholas J. Kain
0e55bfd4fd Optimize the ARP BPF bytecode to use fewer instructions. 2011-07-01 02:49:19 -04:00
Nicholas J. Kain
927e2590a2 BPF's load instructions automatically convert the loaded argument from host
to network byte order, thus BPF is endian independent.

Make the ARP BPF static const again.
2011-07-01 02:37:19 -04:00
Nicholas J. Kain
9ddfab5085 Define a BPF for ARP-listening raw sockets that discriminates by ethernet
frame protocol type field, ARP hardware type field, ARP protocol type field,
ARP hardware address length field, and ARP protocol address length field.
2011-07-01 00:55:35 -04:00
Nicholas J. Kain
3e3ecc816f Define a BPF for DHCP-listening raw sockets that discriminates by IP
version field, IP protocol number field, and UDP client and server port
fields and passes the number of octets specified in the IP total length
field.
2011-07-01 00:12:03 -04:00
Nicholas J. Kain
f704abe50f C99 designated initializers guarantee zero-init of unspecified members.
Take advantage of that feature in ndhc.c when initializing the state
and config structures.

Fix some seriously stupid typos in the commit before the previous one.
2011-06-30 22:02:28 -04:00
Nicholas J. Kain
1f514cbb50 Hide details of the listen mode implementation in packet.c. 2011-06-30 21:33:38 -04:00
Nicholas J. Kain
5c2398857d Cosmetic cleanups to packet.c. 2011-06-30 20:48:09 -04:00
Nicholas J. Kain
6f2986803f Fix a dumb error in delay_timeout(). Return value should be ms, not s. 2011-06-30 04:12:59 -04:00
Nicholas J. Kain
e77190e2e9 Make frenew() less insane. It was most likely subtly buggy before depending
on state.
2011-06-30 03:43:09 -04:00
Nicholas J. Kain
3a81f1ea6c Use an RFC2131-compliant exponential backoff delay. 2011-06-30 03:27:57 -04:00
Nicholas J. Kain
339804856b Make the renew and rebind timeouts more strictly rfc compliant, and also
take into account the possiblity of renew times being ridiculously deferred
such that the current time is within lease expiration time.
2011-06-30 02:48:58 -04:00
Nicholas J. Kain
8fffc5721f Calculate the renewTime timeout more accurately: take the delay in ARP
checking into account.

Rename t1 and t2 to renewTime and rebindTime.
2011-06-30 01:50:50 -04:00
Nicholas J. Kain
d89e9f89c2 Rename ARP_GW_CHECK to BOUND_GW_CHECK and call anfrelease() rather than
frelease() for this state.
2011-06-30 00:39:17 -04:00
Nicholas J. Kain
3f6aafe809 Remove the DS_RENEW_REQUESTED state. 2011-06-30 00:19:59 -04:00
Nicholas J. Kain
d6fcb35903 Fold renew_requested_timeout() into requesting_timeout(). 2011-06-30 00:11:43 -04:00
Nicholas J. Kain
6ea5ac0d5d Don't special case DS_ARP_CHECK in nfrelease(). 2011-06-30 00:01:02 -04:00