OpenVPN
dhcp.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23#ifdef HAVE_CONFIG_H
24#include "config.h"
25#endif
26
27#include "syshead.h"
28
29#include "dhcp.h"
30#include "socket_util.h"
31#include "error.h"
32
33#include "memdbg.h"
34
35static int
36get_dhcp_message_type(const struct dhcp *dhcp, const int optlen)
37{
38 const uint8_t *p = (uint8_t *)(dhcp + 1);
39 int i;
40
41 for (i = 0; i < optlen; ++i)
42 {
43 const uint8_t type = p[i];
44 const int room = optlen - i;
45 if (type == DHCP_END) /* didn't find what we were looking for */
46 {
47 return -1;
48 }
49 else if (type == DHCP_PAD) /* no-operation */
50 {
51 }
52 else if (type == DHCP_MSG_TYPE) /* what we are looking for */
53 {
54 if (room >= 3)
55 {
56 if (p[i + 1] == 1) /* option length should be 1 */
57 {
58 return p[i + 2]; /* return message type */
59 }
60 }
61 return -1;
62 }
63 else /* some other option */
64 {
65 if (room >= 2)
66 {
67 const int len = p[i + 1]; /* get option length */
68 i += (len + 1); /* advance to next option */
69 }
70 }
71 }
72 return -1;
73}
74
75static in_addr_t
76do_extract(struct dhcp *dhcp, int optlen)
77{
78 uint8_t *p = (uint8_t *)(dhcp + 1);
79 int i;
80 in_addr_t ret = 0;
81
82 for (i = 0; i < optlen;)
83 {
84 const uint8_t type = p[i];
85 const int room = optlen - i;
86 if (type == DHCP_END)
87 {
88 break;
89 }
90 else if (type == DHCP_PAD)
91 {
92 ++i;
93 }
94 else if (type == DHCP_ROUTER)
95 {
96 if (room >= 2)
97 {
98 const int len = p[i + 1]; /* get option length */
99 if (len <= (room - 2))
100 {
101 /* get router IP address */
102 if (!ret && len >= 4 && (len & 3) == 0)
103 {
104 memcpy(&ret, p + i + 2, 4);
105 ret = ntohl(ret);
106 }
107 {
108 /* delete the router option */
109 uint8_t *dest = p + i;
110 const int owlen = len + 2; /* len of data to overwrite */
111 uint8_t *src = dest + owlen;
112 uint8_t *end = p + optlen;
113 const int movlen = end - src;
114 if (movlen > 0)
115 {
116 memmove(dest, src, movlen); /* overwrite router option */
117 }
118 memset(end - owlen, DHCP_PAD, owlen); /* pad tail */
119 }
120 }
121 else
122 {
123 break;
124 }
125 }
126 else
127 {
128 break;
129 }
130 }
131 else /* some other option */
132 {
133 if (room >= 2)
134 {
135 const int len = p[i + 1]; /* get option length */
136 i += (len + 2); /* advance to next option */
137 }
138 else
139 {
140 break;
141 }
142 }
143 }
144 return ret;
145}
146
147in_addr_t
149{
150 struct dhcp_full *df = (struct dhcp_full *)BPTR(ipbuf);
151 const int optlen =
152 BLEN(ipbuf)
153 - (sizeof(struct openvpn_iphdr) + sizeof(struct openvpn_udphdr) + sizeof(struct dhcp));
154
155 if (optlen >= 0 && df->ip.protocol == OPENVPN_IPPROTO_UDP
156 && df->udp.source == htons(BOOTPS_PORT) && df->udp.dest == htons(BOOTPC_PORT)
157 && df->dhcp.op == BOOTREPLY)
158 {
159 const int message_type = get_dhcp_message_type(&df->dhcp, optlen);
160 if (message_type == DHCPACK || message_type == DHCPOFFER)
161 {
162 /* get the router IP address while padding out all DHCP router options */
163 const in_addr_t ret = do_extract(&df->dhcp, optlen);
164
165 /* recompute the UDP checksum */
166 df->udp.check = 0;
167 df->udp.check = htons(ip_checksum(
168 AF_INET, (uint8_t *)&df->udp,
169 sizeof(struct openvpn_udphdr) + sizeof(struct dhcp) + optlen,
170 (uint8_t *)&df->ip.saddr, (uint8_t *)&df->ip.daddr, OPENVPN_IPPROTO_UDP));
171
172 /* only return the extracted Router address if DHCPACK */
173 if (message_type == DHCPACK)
174 {
175 if (ret)
176 {
177 struct gc_arena gc = gc_new();
178 msg(D_ROUTE, "Extracted DHCP router address: %s", print_in_addr_t(ret, 0, &gc));
179 gc_free(&gc);
180 }
181
182 return ret;
183 }
184 }
185 }
186 return 0;
187}
#define BPTR(buf)
Definition buffer.h:123
#define BLEN(buf)
Definition buffer.h:126
static void gc_free(struct gc_arena *a)
Definition buffer.h:1015
static struct gc_arena gc_new(void)
Definition buffer.h:1007
in_addr_t dhcp_extract_router_msg(struct buffer *ipbuf)
Definition dhcp.c:148
static in_addr_t do_extract(struct dhcp *dhcp, int optlen)
Definition dhcp.c:76
static int get_dhcp_message_type(const struct dhcp *dhcp, const int optlen)
Definition dhcp.c:36
#define DHCP_PAD
Definition dhcp.h:33
#define DHCP_ROUTER
Definition dhcp.h:34
#define DHCP_MSG_TYPE
Definition dhcp.h:35
#define DHCPACK
Definition dhcp.h:43
#define BOOTPS_PORT
Definition dhcp.h:49
#define BOOTPC_PORT
Definition dhcp.h:50
#define BOOTREPLY
Definition dhcp.h:55
#define DHCPOFFER
Definition dhcp.h:40
#define DHCP_END
Definition dhcp.h:36
#define D_ROUTE
Definition errlevel.h:79
#define msg(flags,...)
Definition error.h:150
uint16_t ip_checksum(const sa_family_t af, const uint8_t *payload, const int len_payload, const uint8_t *src_addr, const uint8_t *dest_addr, const int proto)
Calculates an IP or IPv6 checksum with a pseudo header as required by TCP, UDP and ICMPv6.
Definition proto.c:120
#define OPENVPN_IPPROTO_UDP
Definition proto.h:106
const char * print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
struct openvpn_udphdr udp
Definition dhcp.h:77
struct dhcp dhcp
Definition dhcp.h:78
struct openvpn_iphdr ip
Definition dhcp.h:76
Definition dhcp.h:53
uint8_t op
Definition dhcp.h:56
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
uint32_t saddr
Definition proto.h:111
uint32_t daddr
Definition proto.h:112
uint8_t protocol
Definition proto.h:108
uint16_t check
Definition proto.h:159
uint16_t source
Definition proto.h:156
uint16_t dest
Definition proto.h:157
struct gc_arena gc
Definition test_ssl.c:154