188 lines
5.8 KiB
C
188 lines
5.8 KiB
C
/* $OpenBSD: bpf.c,v 1.2 2021/03/02 19:20:13 florian Exp $ */
|
|
|
|
/* BPF socket interface code, originally contributed by Archie Cobbs. */
|
|
|
|
/*
|
|
* Copyright (c) 1995, 1996, 1998, 1999
|
|
* The Internet Software Consortium. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
*
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. Neither the name of The Internet Software Consortium nor the names
|
|
* of its contributors may be used to endorse or promote products derived
|
|
* from this software without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
|
|
* CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
|
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
* DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
|
|
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
|
|
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
|
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
|
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
|
|
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*
|
|
* This software has been written for the Internet Software Consortium
|
|
* by Ted Lemon <mellon@fugue.com> in cooperation with Vixie
|
|
* Enterprises. To learn more about the Internet Software Consortium,
|
|
* see ``http://www.vix.com/isc''. To learn more about Vixie
|
|
* Enterprises, see ``http://www.vix.com''.
|
|
*/
|
|
|
|
#include <sys/types.h>
|
|
#include <sys/ioctl.h>
|
|
|
|
#include <net/bpf.h>
|
|
#include <net/if.h>
|
|
#include <net/ethertypes.h>
|
|
#include <netinet/in.h>
|
|
#include <netinet/ip.h>
|
|
|
|
#include <fcntl.h>
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
|
|
#include "bpf.h"
|
|
#include "log.h"
|
|
|
|
#define CLIENT_PORT 68
|
|
|
|
/*
|
|
* Packet filter program.
|
|
*/
|
|
struct bpf_insn dhcp_bpf_filter[] = {
|
|
/* Make sure this is an IP packet. */
|
|
BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 12),
|
|
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETHERTYPE_IP, 0, 8),
|
|
|
|
/* Make sure it's a UDP packet. */
|
|
BPF_STMT(BPF_LD + BPF_B + BPF_ABS, 23),
|
|
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 6),
|
|
|
|
/* Make sure this isn't a fragment. */
|
|
BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 20),
|
|
BPF_JUMP(BPF_JMP + BPF_JSET + BPF_K, 0x1fff, 4, 0),
|
|
|
|
/* Get the IP header length. */
|
|
BPF_STMT(BPF_LDX + BPF_B + BPF_MSH, 14),
|
|
|
|
/* Make sure it's to the right port. */
|
|
BPF_STMT(BPF_LD + BPF_H + BPF_IND, 16),
|
|
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, CLIENT_PORT, 0, 1),
|
|
|
|
/* If we passed all the tests, ask for the whole packet. */
|
|
BPF_STMT(BPF_RET+BPF_K, (unsigned int)-1),
|
|
|
|
/* Otherwise, drop it. */
|
|
BPF_STMT(BPF_RET+BPF_K, 0),
|
|
};
|
|
|
|
/*
|
|
* Packet write filter program:
|
|
* 'ip and udp and src port bootpc and dst port bootps'
|
|
*/
|
|
struct bpf_insn dhcp_bpf_wfilter[] = {
|
|
BPF_STMT(BPF_LD + BPF_B + BPF_IND, 14),
|
|
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, (IPVERSION << 4) + 5, 0, 12),
|
|
|
|
/* Make sure this is an IP packet. */
|
|
BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 12),
|
|
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETHERTYPE_IP, 0, 10),
|
|
|
|
/* Make sure it's a UDP packet. */
|
|
BPF_STMT(BPF_LD + BPF_B + BPF_ABS, 23),
|
|
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 8),
|
|
|
|
/* Make sure this isn't a fragment. */
|
|
BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 20),
|
|
BPF_JUMP(BPF_JMP + BPF_JSET + BPF_K, 0x1fff, 6, 0), /* patched */
|
|
|
|
/* Get the IP header length. */
|
|
BPF_STMT(BPF_LDX + BPF_B + BPF_MSH, 14),
|
|
|
|
/* Make sure it's from the right port. */
|
|
BPF_STMT(BPF_LD + BPF_H + BPF_IND, 14),
|
|
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 68, 0, 3),
|
|
|
|
/* Make sure it is to the right ports. */
|
|
BPF_STMT(BPF_LD + BPF_H + BPF_IND, 16),
|
|
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 67, 0, 1),
|
|
|
|
/* If we passed all the tests, ask for the whole packet. */
|
|
BPF_STMT(BPF_RET+BPF_K, (unsigned int)-1),
|
|
|
|
/* Otherwise, drop it. */
|
|
BPF_STMT(BPF_RET+BPF_K, 0),
|
|
};
|
|
|
|
int
|
|
get_bpf_sock(const char *name)
|
|
{
|
|
struct bpf_program p;
|
|
struct ifreq ifr;
|
|
u_int sz;
|
|
int flag = 1, fildrop = BPF_FILDROP_CAPTURE;
|
|
int bpffd;
|
|
|
|
if ((bpffd = open("/dev/bpf", O_RDWR | O_CLOEXEC | O_NONBLOCK)) == -1)
|
|
fatal("open(/dev/bpf)");
|
|
|
|
sz = BPFLEN;
|
|
/* Set the BPF buffer length. */
|
|
if (ioctl(bpffd, BIOCSBLEN, &sz) == -1)
|
|
fatal("BIOCSBLEN");
|
|
if (sz != BPFLEN)
|
|
fatal("BIOCSBLEN, expected %u, got %u", BPFLEN, sz);
|
|
|
|
/*
|
|
* Set immediate mode so that reads return as soon as a packet
|
|
* comes in, rather than waiting for the input buffer to fill
|
|
* with packets.
|
|
*/
|
|
if (ioctl(bpffd, BIOCIMMEDIATE, &flag) == -1)
|
|
fatal("BIOCIMMEDIATE");
|
|
|
|
if (ioctl(bpffd, BIOCSFILDROP, &fildrop) == -1)
|
|
fatal("BIOCSFILDROP");
|
|
|
|
/* Set up the bpf filter program structure. */
|
|
p.bf_len = sizeof(dhcp_bpf_filter) / sizeof(struct bpf_insn);
|
|
p.bf_insns = dhcp_bpf_filter;
|
|
|
|
if (ioctl(bpffd, BIOCSETF, &p) == -1)
|
|
fatal("BIOCSETF");
|
|
|
|
/* Set up the bpf write filter program structure. */
|
|
p.bf_len = sizeof(dhcp_bpf_wfilter) / sizeof(struct bpf_insn);
|
|
p.bf_insns = dhcp_bpf_wfilter;
|
|
|
|
if (dhcp_bpf_wfilter[7].k == 0x1fff)
|
|
dhcp_bpf_wfilter[7].k = htons(IP_MF|IP_OFFMASK);
|
|
|
|
if (ioctl(bpffd, BIOCSETWF, &p) == -1)
|
|
fatal("BIOCSETWF");
|
|
|
|
strlcpy(ifr.ifr_name, name, IFNAMSIZ);
|
|
if (ioctl(bpffd, BIOCSETIF, &ifr) == -1) {
|
|
log_warn("BIOCSETIF"); /* interface might have disappeared */
|
|
close(bpffd);
|
|
return -1;
|
|
}
|
|
|
|
if (ioctl(bpffd, BIOCLOCK, NULL) == -1)
|
|
fatal("BIOCLOCK");
|
|
|
|
return bpffd;
|
|
}
|