1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2 /***
3 Copyright © 2014 Axis Communications AB. All rights reserved.
4 ***/
5
6 #include <arpa/inet.h>
7 #include <errno.h>
8 #include <netinet/if_ether.h>
9 #include <stdio.h>
10 #include <stdlib.h>
11
12 #include "sd-ipv4acd.h"
13
14 #include "alloc-util.h"
15 #include "arp-util.h"
16 #include "ether-addr-util.h"
17 #include "event-util.h"
18 #include "fd-util.h"
19 #include "in-addr-util.h"
20 #include "memory-util.h"
21 #include "network-common.h"
22 #include "random-util.h"
23 #include "siphash24.h"
24 #include "string-table.h"
25 #include "string-util.h"
26 #include "time-util.h"
27
28 /* Constants from the RFC */
29 #define PROBE_WAIT_USEC (1U * USEC_PER_SEC)
30 #define PROBE_NUM 3U
31 #define PROBE_MIN_USEC (1U * USEC_PER_SEC)
32 #define PROBE_MAX_USEC (2U * USEC_PER_SEC)
33 #define ANNOUNCE_WAIT_USEC (2U * USEC_PER_SEC)
34 #define ANNOUNCE_NUM 2U
35 #define ANNOUNCE_INTERVAL_USEC (2U * USEC_PER_SEC)
36 #define MAX_CONFLICTS 10U
37 #define RATE_LIMIT_INTERVAL_USEC (60U * USEC_PER_SEC)
38 #define DEFEND_INTERVAL_USEC (10U * USEC_PER_SEC)
39
40 typedef enum IPv4ACDState {
41 IPV4ACD_STATE_INIT,
42 IPV4ACD_STATE_STARTED,
43 IPV4ACD_STATE_WAITING_PROBE,
44 IPV4ACD_STATE_PROBING,
45 IPV4ACD_STATE_WAITING_ANNOUNCE,
46 IPV4ACD_STATE_ANNOUNCING,
47 IPV4ACD_STATE_RUNNING,
48 _IPV4ACD_STATE_MAX,
49 _IPV4ACD_STATE_INVALID = -EINVAL,
50 } IPv4ACDState;
51
52 struct sd_ipv4acd {
53 unsigned n_ref;
54
55 IPv4ACDState state;
56 int ifindex;
57 int fd;
58
59 char *ifname;
60 unsigned n_iteration;
61 unsigned n_conflict;
62
63 sd_event_source *receive_message_event_source;
64 sd_event_source *timer_event_source;
65
66 usec_t defend_window;
67 struct in_addr address;
68
69 /* External */
70 struct ether_addr mac_addr;
71
72 sd_event *event;
73 int event_priority;
74 sd_ipv4acd_callback_t callback;
75 void *userdata;
76 sd_ipv4acd_check_mac_callback_t check_mac_callback;
77 void *check_mac_userdata;
78 };
79
80 #define log_ipv4acd_errno(acd, error, fmt, ...) \
81 log_interface_prefix_full_errno( \
82 "IPv4ACD: ", \
83 sd_ipv4acd, acd, \
84 error, fmt, ##__VA_ARGS__)
85 #define log_ipv4acd(acd, fmt, ...) \
86 log_interface_prefix_full_errno_zerook( \
87 "IPv4ACD: ", \
88 sd_ipv4acd, acd, \
89 0, fmt, ##__VA_ARGS__)
90
91 static const char * const ipv4acd_state_table[_IPV4ACD_STATE_MAX] = {
92 [IPV4ACD_STATE_INIT] = "init",
93 [IPV4ACD_STATE_STARTED] = "started",
94 [IPV4ACD_STATE_WAITING_PROBE] = "waiting-probe",
95 [IPV4ACD_STATE_PROBING] = "probing",
96 [IPV4ACD_STATE_WAITING_ANNOUNCE] = "waiting-announce",
97 [IPV4ACD_STATE_ANNOUNCING] = "announcing",
98 [IPV4ACD_STATE_RUNNING] = "running",
99 };
100
101 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(ipv4acd_state, IPv4ACDState);
102
ipv4acd_set_state(sd_ipv4acd * acd,IPv4ACDState st,bool reset_counter)103 static void ipv4acd_set_state(sd_ipv4acd *acd, IPv4ACDState st, bool reset_counter) {
104 assert(acd);
105 assert(st < _IPV4ACD_STATE_MAX);
106
107 if (st != acd->state)
108 log_ipv4acd(acd, "%s -> %s", ipv4acd_state_to_string(acd->state), ipv4acd_state_to_string(st));
109
110 if (st == acd->state && !reset_counter)
111 acd->n_iteration++;
112 else {
113 acd->state = st;
114 acd->n_iteration = 0;
115 }
116 }
117
ipv4acd_reset(sd_ipv4acd * acd)118 static void ipv4acd_reset(sd_ipv4acd *acd) {
119 assert(acd);
120
121 (void) event_source_disable(acd->timer_event_source);
122 acd->receive_message_event_source = sd_event_source_disable_unref(acd->receive_message_event_source);
123
124 acd->fd = safe_close(acd->fd);
125
126 ipv4acd_set_state(acd, IPV4ACD_STATE_INIT, true);
127 }
128
ipv4acd_free(sd_ipv4acd * acd)129 static sd_ipv4acd *ipv4acd_free(sd_ipv4acd *acd) {
130 assert(acd);
131
132 ipv4acd_reset(acd);
133 sd_event_source_unref(acd->timer_event_source);
134 sd_ipv4acd_detach_event(acd);
135 free(acd->ifname);
136 return mfree(acd);
137 }
138
139 DEFINE_TRIVIAL_REF_UNREF_FUNC(sd_ipv4acd, sd_ipv4acd, ipv4acd_free);
140
sd_ipv4acd_new(sd_ipv4acd ** ret)141 int sd_ipv4acd_new(sd_ipv4acd **ret) {
142 _cleanup_(sd_ipv4acd_unrefp) sd_ipv4acd *acd = NULL;
143
144 assert_return(ret, -EINVAL);
145
146 acd = new(sd_ipv4acd, 1);
147 if (!acd)
148 return -ENOMEM;
149
150 *acd = (sd_ipv4acd) {
151 .n_ref = 1,
152 .state = IPV4ACD_STATE_INIT,
153 .ifindex = -1,
154 .fd = -1,
155 };
156
157 *ret = TAKE_PTR(acd);
158
159 return 0;
160 }
161
ipv4acd_client_notify(sd_ipv4acd * acd,int event)162 static void ipv4acd_client_notify(sd_ipv4acd *acd, int event) {
163 assert(acd);
164
165 if (!acd->callback)
166 return;
167
168 acd->callback(acd, event, acd->userdata);
169 }
170
sd_ipv4acd_stop(sd_ipv4acd * acd)171 int sd_ipv4acd_stop(sd_ipv4acd *acd) {
172 IPv4ACDState old_state;
173
174 if (!acd)
175 return 0;
176
177 old_state = acd->state;
178
179 ipv4acd_reset(acd);
180
181 if (old_state == IPV4ACD_STATE_INIT)
182 return 0;
183
184 log_ipv4acd(acd, "STOPPED");
185
186 ipv4acd_client_notify(acd, SD_IPV4ACD_EVENT_STOP);
187
188 return 0;
189 }
190
191 static int ipv4acd_on_timeout(sd_event_source *s, uint64_t usec, void *userdata);
192
ipv4acd_set_next_wakeup(sd_ipv4acd * acd,usec_t usec,usec_t random_usec)193 static int ipv4acd_set_next_wakeup(sd_ipv4acd *acd, usec_t usec, usec_t random_usec) {
194 usec_t next_timeout, time_now;
195
196 assert(acd);
197
198 next_timeout = usec;
199
200 if (random_usec > 0)
201 next_timeout += (usec_t) random_u64() % random_usec;
202
203 assert_se(sd_event_now(acd->event, CLOCK_BOOTTIME, &time_now) >= 0);
204
205 return event_reset_time(acd->event, &acd->timer_event_source,
206 CLOCK_BOOTTIME,
207 time_now + next_timeout, 0,
208 ipv4acd_on_timeout, acd,
209 acd->event_priority, "ipv4acd-timer", true);
210 }
211
ipv4acd_on_timeout(sd_event_source * s,uint64_t usec,void * userdata)212 static int ipv4acd_on_timeout(sd_event_source *s, uint64_t usec, void *userdata) {
213 sd_ipv4acd *acd = userdata;
214 int r = 0;
215
216 assert(acd);
217
218 switch (acd->state) {
219
220 case IPV4ACD_STATE_STARTED:
221 acd->defend_window = 0;
222
223 ipv4acd_set_state(acd, IPV4ACD_STATE_WAITING_PROBE, true);
224
225 if (acd->n_conflict >= MAX_CONFLICTS) {
226 log_ipv4acd(acd, "Max conflicts reached, delaying by %s",
227 FORMAT_TIMESPAN(RATE_LIMIT_INTERVAL_USEC, 0));
228 r = ipv4acd_set_next_wakeup(acd, RATE_LIMIT_INTERVAL_USEC, PROBE_WAIT_USEC);
229 } else
230 r = ipv4acd_set_next_wakeup(acd, 0, PROBE_WAIT_USEC);
231 if (r < 0)
232 goto fail;
233
234 break;
235
236 case IPV4ACD_STATE_WAITING_PROBE:
237 case IPV4ACD_STATE_PROBING:
238 /* Send a probe */
239 r = arp_send_probe(acd->fd, acd->ifindex, &acd->address, &acd->mac_addr);
240 if (r < 0) {
241 log_ipv4acd_errno(acd, r, "Failed to send ARP probe: %m");
242 goto fail;
243 }
244
245 log_ipv4acd(acd, "Probing "IPV4_ADDRESS_FMT_STR, IPV4_ADDRESS_FMT_VAL(acd->address));
246
247 if (acd->n_iteration < PROBE_NUM - 2) {
248 ipv4acd_set_state(acd, IPV4ACD_STATE_PROBING, false);
249
250 r = ipv4acd_set_next_wakeup(acd, PROBE_MIN_USEC, (PROBE_MAX_USEC-PROBE_MIN_USEC));
251 if (r < 0)
252 goto fail;
253 } else {
254 ipv4acd_set_state(acd, IPV4ACD_STATE_WAITING_ANNOUNCE, true);
255
256 r = ipv4acd_set_next_wakeup(acd, ANNOUNCE_WAIT_USEC, 0);
257 if (r < 0)
258 goto fail;
259 }
260
261 break;
262
263 case IPV4ACD_STATE_ANNOUNCING:
264 if (acd->n_iteration >= ANNOUNCE_NUM - 1) {
265 ipv4acd_set_state(acd, IPV4ACD_STATE_RUNNING, false);
266 break;
267 }
268
269 _fallthrough_;
270 case IPV4ACD_STATE_WAITING_ANNOUNCE:
271 /* Send announcement packet */
272 r = arp_send_announcement(acd->fd, acd->ifindex, &acd->address, &acd->mac_addr);
273 if (r < 0) {
274 log_ipv4acd_errno(acd, r, "Failed to send ARP announcement: %m");
275 goto fail;
276 }
277
278 log_ipv4acd(acd, "Announcing "IPV4_ADDRESS_FMT_STR, IPV4_ADDRESS_FMT_VAL(acd->address));
279
280 ipv4acd_set_state(acd, IPV4ACD_STATE_ANNOUNCING, false);
281
282 r = ipv4acd_set_next_wakeup(acd, ANNOUNCE_INTERVAL_USEC, 0);
283 if (r < 0)
284 goto fail;
285
286 if (acd->n_iteration == 0) {
287 acd->n_conflict = 0;
288 ipv4acd_client_notify(acd, SD_IPV4ACD_EVENT_BIND);
289 }
290
291 break;
292
293 default:
294 assert_not_reached();
295 }
296
297 return 0;
298
299 fail:
300 sd_ipv4acd_stop(acd);
301 return 0;
302 }
303
ipv4acd_arp_conflict(sd_ipv4acd * acd,const struct ether_arp * arp,bool announced)304 static bool ipv4acd_arp_conflict(sd_ipv4acd *acd, const struct ether_arp *arp, bool announced) {
305 assert(acd);
306 assert(arp);
307
308 /* RFC 5227 section 2.1.1.
309 * "the host receives any ARP packet (Request *or* Reply) on the interface where the probe is
310 * being performed, where the packet's 'sender IP address' is the address being probed for,
311 * then the host MUST treat this address as being in use by some other host" */
312 if (memcmp(arp->arp_spa, &acd->address, sizeof(struct in_addr)) == 0)
313 return true;
314
315 if (announced)
316 /* the TPA matched instead of SPA, this is not a conflict */
317 return false;
318
319 /* "any ARP Probe where the packet's 'target IP address' is the address being probed for, and
320 * the packet's 'sender hardware address' is not the hardware address of any of the host's
321 * interfaces, then the host SHOULD similarly treat this as an address conflict" */
322 if (arp->ea_hdr.ar_op != htobe16(ARPOP_REQUEST))
323 return false; /* not ARP Request, ignoring. */
324 if (memeqzero(arp->arp_spa, sizeof(struct in_addr)) == 0)
325 return false; /* not ARP Probe, ignoring. */
326 if (memcmp(arp->arp_tpa, &acd->address, sizeof(struct in_addr)) != 0)
327 return false; /* target IP address does not match, BPF code is broken? */
328
329 if (acd->check_mac_callback &&
330 acd->check_mac_callback(acd, (const struct ether_addr*) arp->arp_sha, acd->check_mac_userdata) > 0)
331 /* sender hardware is one of the host's interfaces, ignoring. */
332 return false;
333
334 return true; /* conflict! */
335 }
336
ipv4acd_on_conflict(sd_ipv4acd * acd)337 static void ipv4acd_on_conflict(sd_ipv4acd *acd) {
338 assert(acd);
339
340 acd->n_conflict++;
341
342 log_ipv4acd(acd, "Conflict on "IPV4_ADDRESS_FMT_STR" (%u)", IPV4_ADDRESS_FMT_VAL(acd->address), acd->n_conflict);
343
344 ipv4acd_reset(acd);
345 ipv4acd_client_notify(acd, SD_IPV4ACD_EVENT_CONFLICT);
346 }
347
ipv4acd_on_packet(sd_event_source * s,int fd,uint32_t revents,void * userdata)348 static int ipv4acd_on_packet(
349 sd_event_source *s,
350 int fd,
351 uint32_t revents,
352 void *userdata) {
353
354 sd_ipv4acd *acd = userdata;
355 struct ether_arp packet;
356 ssize_t n;
357 int r;
358
359 assert(s);
360 assert(acd);
361 assert(fd >= 0);
362
363 n = recv(fd, &packet, sizeof(struct ether_arp), 0);
364 if (n < 0) {
365 if (ERRNO_IS_TRANSIENT(errno) || ERRNO_IS_DISCONNECT(errno))
366 return 0;
367
368 log_ipv4acd_errno(acd, errno, "Failed to read ARP packet: %m");
369 goto fail;
370 }
371 if ((size_t) n != sizeof(struct ether_arp)) {
372 log_ipv4acd(acd, "Ignoring too short ARP packet.");
373 return 0;
374 }
375
376 switch (acd->state) {
377
378 case IPV4ACD_STATE_ANNOUNCING:
379 case IPV4ACD_STATE_RUNNING:
380
381 if (ipv4acd_arp_conflict(acd, &packet, true)) {
382 usec_t ts;
383
384 assert_se(sd_event_now(acd->event, CLOCK_BOOTTIME, &ts) >= 0);
385
386 /* Defend address */
387 if (ts > acd->defend_window) {
388 acd->defend_window = ts + DEFEND_INTERVAL_USEC;
389 r = arp_send_announcement(acd->fd, acd->ifindex, &acd->address, &acd->mac_addr);
390 if (r < 0) {
391 log_ipv4acd_errno(acd, r, "Failed to send ARP announcement: %m");
392 goto fail;
393 }
394
395 log_ipv4acd(acd, "Defending "IPV4_ADDRESS_FMT_STR, IPV4_ADDRESS_FMT_VAL(acd->address));
396
397 } else
398 ipv4acd_on_conflict(acd);
399 }
400 break;
401
402 case IPV4ACD_STATE_WAITING_PROBE:
403 case IPV4ACD_STATE_PROBING:
404 case IPV4ACD_STATE_WAITING_ANNOUNCE:
405 if (ipv4acd_arp_conflict(acd, &packet, false))
406 ipv4acd_on_conflict(acd);
407 break;
408
409 default:
410 assert_not_reached();
411 }
412
413 return 0;
414
415 fail:
416 sd_ipv4acd_stop(acd);
417 return 0;
418 }
419
sd_ipv4acd_set_ifindex(sd_ipv4acd * acd,int ifindex)420 int sd_ipv4acd_set_ifindex(sd_ipv4acd *acd, int ifindex) {
421 assert_return(acd, -EINVAL);
422 assert_return(ifindex > 0, -EINVAL);
423 assert_return(acd->state == IPV4ACD_STATE_INIT, -EBUSY);
424
425 acd->ifindex = ifindex;
426
427 return 0;
428 }
429
sd_ipv4acd_get_ifindex(sd_ipv4acd * acd)430 int sd_ipv4acd_get_ifindex(sd_ipv4acd *acd) {
431 if (!acd)
432 return -EINVAL;
433
434 return acd->ifindex;
435 }
436
sd_ipv4acd_set_ifname(sd_ipv4acd * acd,const char * ifname)437 int sd_ipv4acd_set_ifname(sd_ipv4acd *acd, const char *ifname) {
438 assert_return(acd, -EINVAL);
439 assert_return(ifname, -EINVAL);
440
441 if (!ifname_valid_full(ifname, IFNAME_VALID_ALTERNATIVE))
442 return -EINVAL;
443
444 return free_and_strdup(&acd->ifname, ifname);
445 }
446
sd_ipv4acd_get_ifname(sd_ipv4acd * acd,const char ** ret)447 int sd_ipv4acd_get_ifname(sd_ipv4acd *acd, const char **ret) {
448 int r;
449
450 assert_return(acd, -EINVAL);
451
452 r = get_ifname(acd->ifindex, &acd->ifname);
453 if (r < 0)
454 return r;
455
456 if (ret)
457 *ret = acd->ifname;
458
459 return 0;
460 }
461
sd_ipv4acd_set_mac(sd_ipv4acd * acd,const struct ether_addr * addr)462 int sd_ipv4acd_set_mac(sd_ipv4acd *acd, const struct ether_addr *addr) {
463 int r;
464
465 assert_return(acd, -EINVAL);
466 assert_return(addr, -EINVAL);
467 assert_return(!ether_addr_is_null(addr), -EINVAL);
468
469 acd->mac_addr = *addr;
470
471 if (!sd_ipv4acd_is_running(acd))
472 return 0;
473
474 assert(acd->fd >= 0);
475 r = arp_update_filter(acd->fd, &acd->address, &acd->mac_addr);
476 if (r < 0) {
477 ipv4acd_reset(acd);
478 return r;
479 }
480
481 return 0;
482 }
483
sd_ipv4acd_detach_event(sd_ipv4acd * acd)484 int sd_ipv4acd_detach_event(sd_ipv4acd *acd) {
485 assert_return(acd, -EINVAL);
486
487 acd->event = sd_event_unref(acd->event);
488
489 return 0;
490 }
491
sd_ipv4acd_attach_event(sd_ipv4acd * acd,sd_event * event,int64_t priority)492 int sd_ipv4acd_attach_event(sd_ipv4acd *acd, sd_event *event, int64_t priority) {
493 int r;
494
495 assert_return(acd, -EINVAL);
496 assert_return(!acd->event, -EBUSY);
497
498 if (event)
499 acd->event = sd_event_ref(event);
500 else {
501 r = sd_event_default(&acd->event);
502 if (r < 0)
503 return r;
504 }
505
506 acd->event_priority = priority;
507
508 return 0;
509 }
510
sd_ipv4acd_set_callback(sd_ipv4acd * acd,sd_ipv4acd_callback_t cb,void * userdata)511 int sd_ipv4acd_set_callback(sd_ipv4acd *acd, sd_ipv4acd_callback_t cb, void *userdata) {
512 assert_return(acd, -EINVAL);
513
514 acd->callback = cb;
515 acd->userdata = userdata;
516
517 return 0;
518 }
519
sd_ipv4acd_set_check_mac_callback(sd_ipv4acd * acd,sd_ipv4acd_check_mac_callback_t cb,void * userdata)520 int sd_ipv4acd_set_check_mac_callback(sd_ipv4acd *acd, sd_ipv4acd_check_mac_callback_t cb, void *userdata) {
521 assert_return(acd, -EINVAL);
522
523 acd->check_mac_callback = cb;
524 acd->check_mac_userdata = userdata;
525 return 0;
526 }
527
sd_ipv4acd_set_address(sd_ipv4acd * acd,const struct in_addr * address)528 int sd_ipv4acd_set_address(sd_ipv4acd *acd, const struct in_addr *address) {
529 int r;
530
531 assert_return(acd, -EINVAL);
532 assert_return(address, -EINVAL);
533 assert_return(in4_addr_is_set(address), -EINVAL);
534
535 if (in4_addr_equal(&acd->address, address))
536 return 0;
537
538 acd->address = *address;
539
540 if (!sd_ipv4acd_is_running(acd))
541 return 0;
542
543 assert(acd->fd >= 0);
544 r = arp_update_filter(acd->fd, &acd->address, &acd->mac_addr);
545 if (r < 0)
546 goto fail;
547
548 r = ipv4acd_set_next_wakeup(acd, 0, 0);
549 if (r < 0)
550 goto fail;
551
552 ipv4acd_set_state(acd, IPV4ACD_STATE_STARTED, true);
553 return 0;
554
555 fail:
556 ipv4acd_reset(acd);
557 return r;
558 }
559
sd_ipv4acd_get_address(sd_ipv4acd * acd,struct in_addr * address)560 int sd_ipv4acd_get_address(sd_ipv4acd *acd, struct in_addr *address) {
561 assert_return(acd, -EINVAL);
562 assert_return(address, -EINVAL);
563
564 *address = acd->address;
565
566 return 0;
567 }
568
sd_ipv4acd_is_running(sd_ipv4acd * acd)569 int sd_ipv4acd_is_running(sd_ipv4acd *acd) {
570 assert_return(acd, false);
571
572 return acd->state != IPV4ACD_STATE_INIT;
573 }
574
sd_ipv4acd_start(sd_ipv4acd * acd,bool reset_conflicts)575 int sd_ipv4acd_start(sd_ipv4acd *acd, bool reset_conflicts) {
576 int r;
577
578 assert_return(acd, -EINVAL);
579 assert_return(acd->event, -EINVAL);
580 assert_return(acd->ifindex > 0, -EINVAL);
581 assert_return(in4_addr_is_set(&acd->address), -EINVAL);
582 assert_return(!ether_addr_is_null(&acd->mac_addr), -EINVAL);
583 assert_return(acd->state == IPV4ACD_STATE_INIT, -EBUSY);
584
585 r = arp_network_bind_raw_socket(acd->ifindex, &acd->address, &acd->mac_addr);
586 if (r < 0)
587 return r;
588
589 CLOSE_AND_REPLACE(acd->fd, r);
590
591 if (reset_conflicts)
592 acd->n_conflict = 0;
593
594 r = sd_event_add_io(acd->event, &acd->receive_message_event_source, acd->fd, EPOLLIN, ipv4acd_on_packet, acd);
595 if (r < 0)
596 goto fail;
597
598 r = sd_event_source_set_priority(acd->receive_message_event_source, acd->event_priority);
599 if (r < 0)
600 goto fail;
601
602 (void) sd_event_source_set_description(acd->receive_message_event_source, "ipv4acd-receive-message");
603
604 r = ipv4acd_set_next_wakeup(acd, 0, 0);
605 if (r < 0)
606 goto fail;
607
608 ipv4acd_set_state(acd, IPV4ACD_STATE_STARTED, true);
609 return 0;
610
611 fail:
612 ipv4acd_reset(acd);
613 return r;
614 }
615