Google Git
Sign in
coral / busybox / 7c443d110d4dc51ba48bad8ed1427716b754bf2e / . / networking / zcip.c
blob: 134dfb2df1f5c24ef1a4a0b67c859d4c00f5fba1 [file] [log] [blame]
/* vi: set sw=4 ts=4: */
/*
* RFC3927 ZeroConf IPv4 Link-Local addressing
* (see <http://www.zeroconf.org/>)
*
* Copyright (C) 2003 by Arthur van Hoff (avh@strangeberry.com)
* Copyright (C) 2004 by David Brownell
*
* Licensed under GPLv2 or later, see file LICENSE in this source tree.
*/
/*
* ZCIP just manages the 169.254.*.* addresses. That network is not
* routed at the IP level, though various proxies or bridges can
* certainly be used. Its naming is built over multicast DNS.
*/
//config:config ZCIP
//config: bool "zcip (8.4 kb)"
//config: default y
//config: select PLATFORM_LINUX
//config: select FEATURE_SYSLOG
//config: help
//config: ZCIP provides ZeroConf IPv4 address selection, according to RFC 3927.
//config: It's a daemon that allocates and defends a dynamically assigned
//config: address on the 169.254/16 network, requiring no system administrator.
//config:
//config: See http://www.zeroconf.org for further details, and "zcip.script"
//config: in the busybox examples.
//applet:IF_ZCIP(APPLET(zcip, BB_DIR_SBIN, BB_SUID_DROP))
//kbuild:lib-$(CONFIG_ZCIP) += zcip.o
//#define DEBUG
// TODO:
// - more real-world usage/testing, especially daemon mode
// - kernel packet filters to reduce scheduling noise
// - avoid silent script failures, especially under load...
// - link status monitoring (restart on link-up; stop on link-down)
//usage:#define zcip_trivial_usage
//usage: "[OPTIONS] IFACE SCRIPT"
//usage:#define zcip_full_usage "\n\n"
//usage: "Manage a ZeroConf IPv4 link-local address\n"
//usage: "\n -f Run in foreground"
//usage: "\n -q Quit after obtaining address"
//usage: "\n -r 169.254.x.x Request this address first"
//usage: "\n -l x.x.0.0 Use this range instead of 169.254"
//usage: "\n -v Verbose"
//usage: "\n"
//usage: "\n$LOGGING=none Suppress logging"
//usage: "\n$LOGGING=syslog Log to syslog"
//usage: "\n"
//usage: "\nWith no -q, runs continuously monitoring for ARP conflicts,"
//usage: "\nexits only on I/O errors (link down etc)"
#include "libbb.h"
#include "common_bufsiz.h"
#include <netinet/ether.h>
#include <net/if.h>
#include <net/if_arp.h>
#include <linux/sockios.h>
#include <syslog.h>
/* We don't need more than 32 bits of the counter */
#define MONOTONIC_US() ((unsigned)monotonic_us())
struct arp_packet {
struct ether_header eth;
struct ether_arp arp;
} PACKED;
enum {
/* 0-1 seconds before sending 1st probe */
PROBE_WAIT = 1,
/* 1-2 seconds between probes */
PROBE_MIN = 1,
PROBE_MAX = 2,
PROBE_NUM = 3, /* total probes to send */
ANNOUNCE_INTERVAL = 2, /* 2 seconds between announces */
ANNOUNCE_NUM = 3, /* announces to send */
/* if probe/announce sees a conflict, multiply RANDOM(NUM_CONFLICT) by... */
CONFLICT_MULTIPLIER = 2,
/* if we monitor and see a conflict, how long is defend state? */
DEFEND_INTERVAL = 10,
};
/* States during the configuration process. */
enum {
PROBE = 0,
ANNOUNCE,
MONITOR,
DEFEND
};
#define VDBG(...) do { } while (0)
enum {
sock_fd = 3
};
struct globals {
struct sockaddr iface_sockaddr;
struct ether_addr our_ethaddr;
uint32_t localnet_ip;
} FIX_ALIASING;
#define G (*(struct globals*)bb_common_bufsiz1)
#define INIT_G() do { setup_common_bufsiz(); } while (0)
/**
* Pick a random link local IP address on 169.254/16, except that
* the first and last 256 addresses are reserved.
*/
static uint32_t pick_nip(void)
{
unsigned tmp;
do {
tmp = rand() & IN_CLASSB_HOST;
} while (tmp > (IN_CLASSB_HOST - 0x0200));
return htonl((G.localnet_ip + 0x0100) + tmp);
}
static const char *nip_to_a(uint32_t nip)
{
struct in_addr in;
in.s_addr = nip;
return inet_ntoa(in);
}
/**
* Broadcast an ARP packet.
*/
static void send_arp_request(
/* int op, - always ARPOP_REQUEST */
/* const struct ether_addr *source_eth, - always &G.our_ethaddr */
uint32_t source_nip,
const struct ether_addr *target_eth, uint32_t target_nip)
{
enum { op = ARPOP_REQUEST };
#define source_eth (&G.our_ethaddr)
struct arp_packet p;
memset(&p, 0, sizeof(p));
// ether header
p.eth.ether_type = htons(ETHERTYPE_ARP);
memcpy(p.eth.ether_shost, source_eth, ETH_ALEN);
memset(p.eth.ether_dhost, 0xff, ETH_ALEN);
// arp request
p.arp.arp_hrd = htons(ARPHRD_ETHER);
p.arp.arp_pro = htons(ETHERTYPE_IP);
p.arp.arp_hln = ETH_ALEN;
p.arp.arp_pln = 4;
p.arp.arp_op = htons(op);
memcpy(&p.arp.arp_sha, source_eth, ETH_ALEN);
memcpy(&p.arp.arp_spa, &source_nip, 4);
memcpy(&p.arp.arp_tha, target_eth, ETH_ALEN);
memcpy(&p.arp.arp_tpa, &target_nip, 4);
// send it
// Even though sock_fd is already bound to G.iface_sockaddr, just send()
// won't work, because "socket is not connected"
// (and connect() won't fix that, "operation not supported").
// Thus we sendto() to G.iface_sockaddr. I wonder which sockaddr
// (from bind() or from sendto()?) kernel actually uses
// to determine iface to emit the packet from...
xsendto(sock_fd, &p, sizeof(p), &G.iface_sockaddr, sizeof(G.iface_sockaddr));
#undef source_eth
}
/**
* Run a script.
* argv[0]:intf argv[1]:script_name argv[2]:junk argv[3]:NULL
*/
static int run(char *argv[3], const char *param, uint32_t nip)
{
int status;
const char *addr = addr; /* for gcc */
const char *fmt = "%s %s %s" + 3;
char *env_ip = env_ip;
argv[2] = (char*)param;
VDBG("%s run %s %s\n", argv[0], argv[1], argv[2]);
if (nip != 0) {
addr = nip_to_a(nip);
/* Must not use setenv() repeatedly, it leaks memory. Use putenv() */
env_ip = xasprintf("ip=%s", addr);
putenv(env_ip);
fmt -= 3;
}
bb_info_msg(fmt, argv[2], argv[0], addr);
status = spawn_and_wait(argv + 1);
if (nip != 0)
bb_unsetenv_and_free(env_ip);
if (status < 0) {
bb_perror_msg("%s %s %s" + 3, argv[2], argv[0]);
return -errno;
}
if (status != 0)
bb_error_msg("script %s %s failed, exitcode=%d", argv[1], argv[2], status & 0xff);
return status;
}
/**
* Return milliseconds of random delay, up to "secs" seconds.
*/
static ALWAYS_INLINE unsigned random_delay_ms(unsigned secs)
{
return (unsigned)rand() % (secs * 1000);
}
/**
* main program
*/
int zcip_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
int zcip_main(int argc UNUSED_PARAM, char **argv)
{
char *r_opt;
const char *l_opt = "169.254.0.0";
int state;
int nsent;
unsigned opts;
// Ugly trick, but I want these zeroed in one go
struct {
const struct ether_addr null_ethaddr;
struct ifreq ifr;
uint32_t chosen_nip;
int conflicts;
int timeout_ms; // must be signed
int verbose;
} L;
#define null_ethaddr (L.null_ethaddr)
#define ifr (L.ifr )
#define chosen_nip (L.chosen_nip )
#define conflicts (L.conflicts )
#define timeout_ms (L.timeout_ms )
#define verbose (L.verbose )
memset(&L, 0, sizeof(L));
INIT_G();
#define FOREGROUND (opts & 1)
#define QUIT (opts & 2)
// Parse commandline: prog [options] ifname script
// exactly 2 args; -v accumulates and implies -f
opts = getopt32(argv, "^" "fqr:l:v" "\0" "=2:vv:vf",
&r_opt, &l_opt, &verbose
);
#if !BB_MMU
// on NOMMU reexec early (or else we will rerun things twice)
if (!FOREGROUND)
bb_daemonize_or_rexec(0 /*was: DAEMON_CHDIR_ROOT*/, argv);
#endif
// Open an ARP socket
// (need to do it before openlog to prevent openlog from taking
// fd 3 (sock_fd==3))
xmove_fd(xsocket(AF_PACKET, SOCK_PACKET, htons(ETH_P_ARP)), sock_fd);
if (!FOREGROUND) {
// do it before all bb_xx_msg calls
openlog(applet_name, 0, LOG_DAEMON);
logmode |= LOGMODE_SYSLOG;
}
bb_logenv_override();
{ // -l n.n.n.n
struct in_addr net;
if (inet_aton(l_opt, &net) == 0
|| (net.s_addr & htonl(IN_CLASSB_NET)) != net.s_addr
) {
bb_simple_error_msg_and_die("invalid network address");
}
G.localnet_ip = ntohl(net.s_addr);
}
if (opts & 4) { // -r n.n.n.n
struct in_addr ip;
if (inet_aton(r_opt, &ip) == 0
|| (ntohl(ip.s_addr) & IN_CLASSB_NET) != G.localnet_ip
) {
bb_simple_error_msg_and_die("invalid link address");
}
chosen_nip = ip.s_addr;
}
argv += optind - 1;
/* Now: argv[0]:junk argv[1]:intf argv[2]:script argv[3]:NULL */
/* We need to make space for script argument: */
argv[0] = argv[1];
argv[1] = argv[2];
/* Now: argv[0]:intf argv[1]:script argv[2]:junk argv[3]:NULL */
#define argv_intf (argv[0])
xsetenv("interface", argv_intf);
// Initialize the interface (modprobe, ifup, etc)
if (run(argv, "init", 0))
return EXIT_FAILURE;
// Initialize G.iface_sockaddr
// G.iface_sockaddr is: { u16 sa_family; u8 sa_data[14]; }
//memset(&G.iface_sockaddr, 0, sizeof(G.iface_sockaddr));
//TODO: are we leaving sa_family == 0 (AF_UNSPEC)?!
safe_strncpy(G.iface_sockaddr.sa_data, argv_intf, sizeof(G.iface_sockaddr.sa_data));
// Bind to the interface's ARP socket
xbind(sock_fd, &G.iface_sockaddr, sizeof(G.iface_sockaddr));
// Get the interface's ethernet address
//memset(&ifr, 0, sizeof(ifr));
strncpy_IFNAMSIZ(ifr.ifr_name, argv_intf);
xioctl(sock_fd, SIOCGIFHWADDR, &ifr);
memcpy(&G.our_ethaddr, &ifr.ifr_hwaddr.sa_data, ETH_ALEN);
// Start with some stable ip address, either a function of
// the hardware address or else the last address we used.
// we are taking low-order four bytes, as top-order ones
// aren't random enough.
// NOTE: the sequence of addresses we try changes only
// depending on when we detect conflicts.
{
uint32_t t;
move_from_unaligned32(t, ((char *)&G.our_ethaddr + 2));
srand(t);
}
// FIXME cases to handle:
// - zcip already running!
// - link already has local address... just defend/update
// Daemonize now; don't delay system startup
if (!FOREGROUND) {
#if BB_MMU
bb_daemonize(0 /*was: DAEMON_CHDIR_ROOT*/);
#endif
bb_info_msg("start, interface %s", argv_intf);
}
// Run the dynamic address negotiation protocol,
// restarting after address conflicts:
// - start with some address we want to try
// - short random delay
// - arp probes to see if another host uses it
// 00:04:e2:64:23:c2 > ff:ff:ff:ff:ff:ff arp who-has 169.254.194.171 tell 0.0.0.0
// - arp announcements that we're claiming it
// 00:04:e2:64:23:c2 > ff:ff:ff:ff:ff:ff arp who-has 169.254.194.171 (00:04:e2:64:23:c2) tell 169.254.194.171
// - use it
// - defend it, within limits
// exit if:
// - address is successfully obtained and -q was given:
// run "<script> config", then exit with exitcode 0
// - poll error (when does this happen?)
// - read error (when does this happen?)
// - sendto error (in send_arp_request()) (when does this happen?)
// - revents & POLLERR (link down). run "<script> deconfig" first
if (chosen_nip == 0) {
new_nip_and_PROBE:
chosen_nip = pick_nip();
}
nsent = 0;
state = PROBE;
while (1) {
struct pollfd fds[1];
unsigned deadline_us = deadline_us;
struct arp_packet p;
int ip_conflict;
int n;
fds[0].fd = sock_fd;
fds[0].events = POLLIN;
fds[0].revents = 0;
// Poll, being ready to adjust current timeout
if (!timeout_ms) {
timeout_ms = random_delay_ms(PROBE_WAIT);
// FIXME setsockopt(sock_fd, SO_ATTACH_FILTER, ...) to
// make the kernel filter out all packets except
// ones we'd care about.
}
if (timeout_ms >= 0) {
// Set deadline_us to the point in time when we timeout
deadline_us = MONOTONIC_US() + timeout_ms * 1000;
}
VDBG("...wait %d %s nsent=%u\n",
timeout_ms, argv_intf, nsent);
n = safe_poll(fds, 1, timeout_ms);
if (n < 0) {
//bb_perror_msg("poll"); - done in safe_poll
return EXIT_FAILURE;
}
if (n == 0) { // timed out?
VDBG("state:%d\n", state);
switch (state) {
case PROBE:
// No conflicting ARP packets were seen:
// we can progress through the states
if (nsent < PROBE_NUM) {
nsent++;
VDBG("probe/%u %s@%s\n",
nsent, argv_intf, nip_to_a(chosen_nip));
timeout_ms = PROBE_MIN * 1000;
timeout_ms += random_delay_ms(PROBE_MAX - PROBE_MIN);
send_arp_request(0, &null_ethaddr, chosen_nip);
continue;
}
// Switch to announce state
nsent = 0;
state = ANNOUNCE;
goto send_announce;
case ANNOUNCE:
// No conflicting ARP packets were seen:
// we can progress through the states
if (nsent < ANNOUNCE_NUM) {
send_announce:
nsent++;
VDBG("announce/%u %s@%s\n",
nsent, argv_intf, nip_to_a(chosen_nip));
timeout_ms = ANNOUNCE_INTERVAL * 1000;
send_arp_request(chosen_nip, &G.our_ethaddr, chosen_nip);
continue;
}
// Switch to monitor state
// FIXME update filters
run(argv, "config", chosen_nip);
// NOTE: all other exit paths should deconfig...
if (QUIT)
return EXIT_SUCCESS;
// fall through: switch to MONITOR
default:
// case DEFEND:
// case MONITOR: (shouldn't happen, MONITOR timeout is infinite)
// Defend period ended with no ARP replies - we won
timeout_ms = -1; // never timeout in monitor state
state = MONITOR;
continue;
}
}
// Packet arrived, or link went down.
// We need to adjust the timeout in case we didn't receive
// a conflicting packet.
if (timeout_ms > 0) {
unsigned diff = deadline_us - MONOTONIC_US();
if ((int)(diff) < 0) {
// Current time is greater than the expected timeout time.
diff = 0;
}
VDBG("adjusting timeout\n");
timeout_ms = (diff / 1000) | 1; // never 0
}
if ((fds[0].revents & POLLIN) == 0) {
if (fds[0].revents & POLLERR) {
// FIXME: links routinely go down;
// this shouldn't necessarily exit.
bb_error_msg("iface %s is down", argv_intf);
if (state >= MONITOR) {
// Only if we are in MONITOR or DEFEND
run(argv, "deconfig", chosen_nip);
}
return EXIT_FAILURE;
}
continue;
}
// Read ARP packet
if (safe_read(sock_fd, &p, sizeof(p)) < 0) {
bb_simple_perror_msg_and_die(bb_msg_read_error);
}
if (p.eth.ether_type != htons(ETHERTYPE_ARP))
continue;
if (p.arp.arp_op != htons(ARPOP_REQUEST)
&& p.arp.arp_op != htons(ARPOP_REPLY)
) {
continue;
}
#ifdef DEBUG
{
struct ether_addr *sha = (struct ether_addr *) p.arp.arp_sha;
struct ether_addr *tha = (struct ether_addr *) p.arp.arp_tha;
struct in_addr *spa = (struct in_addr *) p.arp.arp_spa;
struct in_addr *tpa = (struct in_addr *) p.arp.arp_tpa;
VDBG("source=%s %s\n", ether_ntoa(sha), inet_ntoa(*spa));
VDBG("target=%s %s\n", ether_ntoa(tha), inet_ntoa(*tpa));
}
#endif
ip_conflict = 0;
if (memcmp(&p.arp.arp_sha, &G.our_ethaddr, ETH_ALEN) != 0) {
if (memcmp(p.arp.arp_spa, &chosen_nip, 4) == 0) {
// A probe or reply with source_ip == chosen ip
ip_conflict = 1;
}
if (p.arp.arp_op == htons(ARPOP_REQUEST)
&& memcmp(p.arp.arp_spa, &const_int_0, 4) == 0
&& memcmp(p.arp.arp_tpa, &chosen_nip, 4) == 0
) {
// A probe with source_ip == 0.0.0.0, target_ip == chosen ip:
// another host trying to claim this ip!
ip_conflict |= 2;
}
}
VDBG("state:%d ip_conflict:%d\n", state, ip_conflict);
if (!ip_conflict)
continue;
// Either src or target IP conflict exists
if (state <= ANNOUNCE) {
// PROBE or ANNOUNCE
conflicts++;
timeout_ms = PROBE_MIN * 1000
+ CONFLICT_MULTIPLIER * random_delay_ms(conflicts);
goto new_nip_and_PROBE;
}
// MONITOR or DEFEND: only src IP conflict is a problem
if (ip_conflict & 1) {
if (state == MONITOR) {
// Src IP conflict, defend with a single ARP probe
VDBG("monitor conflict - defending\n");
timeout_ms = DEFEND_INTERVAL * 1000;
state = DEFEND;
send_arp_request(chosen_nip, &G.our_ethaddr, chosen_nip);
continue;
}
// state == DEFEND
// Another src IP conflict, start over
VDBG("defend conflict - starting over\n");
run(argv, "deconfig", chosen_nip);
conflicts = 0;
timeout_ms = 0;
goto new_nip_and_PROBE;
}
// Note: if we only have a target IP conflict here (ip_conflict & 2),
// IOW: if we just saw this sort of ARP packet:
// aa:bb:cc:dd:ee:ff > xx:xx:xx:xx:xx:xx arp who-has <chosen_nip> tell 0.0.0.0
// we expect _kernel_ to respond to that, because <chosen_nip>
// is (expected to be) configured on this iface.
} // while (1)
#undef argv_intf
}