public
/
dhcp_protect
Suivre 1
Ajouter aux favoris 0
Bifurcation 0
Code Tickets 0 Demandes d'ajout 0 Versions 2 Wiki Activité
A userspace application that filters DHCP floods to protect a DHCP server. It uses the Netfilter userspace packet queuing API.
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
31 Révisions
1 Branche
Aborescence: d3dcaaa59b
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de 'd3dcaaa59b'
${ noResults }
dhcp_protect/src/dp_dhcpv4.c

dp_dhcpv4.c 2.2KB
Brut Annotations Historique

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100 
  1. #include <stdio.h>

  2. #include <stdint.h>

  3. 

  4. #include "dp_dhcpv4.h"

  5. #include "dp_helpers.h"

  6. 

  7. void dp_dhcpv4_check(dp_conf *conf, unsigned char *pkt, int pktlen, int offset, unsigned char **remoteid, int *remoteidlen) {

  8. 	int hwaddrpos = offset + 28; // remember where the hw addr is if we need to fallback to it

  9. 	int hwlenpos = offset + 2;   // remember where the hw addr len is if we need to fallback to it

  10. 

  11. 	// jump DHCP header

  12. 	offset += 28 + 16 + 64 + 128;

  13. 

  14. 	// minimum packet size, fixed header + magic cookie (4 octets)

  15. 	if ( pktlen < offset + 4 ) {

  16. 		if ( conf->debug ) printf("packet too small\n");

  17. 		return;

  18. 	}

  19. 

  20. 	// check magic cookie

  21. 	if ( pkt[offset] != 99 || pkt[offset+1] != 130 || pkt[offset+2] != 83 || pkt[offset+3] != 99 ) {

  22. 		if ( conf->debug )

  23. 			printf(

  24. 				"invalid magic cookie %02x%02x%02x%02x\n",

  25. 				pkt[offset], pkt[offset+1],

  26. 				pkt[offset+2], pkt[offset+3]);

  27. 		return;

  28. 	}

  29. 	offset+=4;

  30. 

  31. 

  32. 	// parse TLV options

  33. 	while(offset<pktlen && remoteidlen==0) {

  34. 		uint8_t type = pkt[offset];

  35. 		uint8_t len;

  36. 

  37. 		offset++;

  38. 

  39. 		// padding of 1 octet

  40. 		if ( type == 0 ) {

  41. 			continue;

  42. 		}

  43. 

  44. 		// end of options

  45. 		if ( type == 255 )

  46. 			break;

  47. 

  48. 		// make sure we can read len

  49. 		if ( offset>=pktlen )

  50. 			break;

  51. 

  52. 		len = pkt[offset];

  53. 		offset++;

  54. 

  55. 		// can the value be read

  56. 		if ( offset+len>pktlen )

  57. 			break;

  58. 

  59. 		// option 82 parser

  60. 		if ( type == 82 ) {

  61. 			unsigned char *o82 = pkt+offset;

  62. 			int o82off = 0;

  63. 

  64. 			// loop until the end, +2 to ensure we can read type and length

  65. 			while(o82off+2<len && remoteidlen==0) {

  66. 				uint8_t otype = o82[o82off];

  67. 				uint8_t olen  = o82[o82off+1];

  68. 				o82off+=2;

  69. 

  70. 				// printf("o82 type=%i len=%i\n", otype, olen);

  71. 

  72. 				// remoteid

  73. 				if ( otype == 2 ) {

  74. 					// make sure we don't overflow and can read all data

  75. 					if ( o82off + olen > len ) {

  76. 						if ( conf->debug) printf("option 82.2 data too long\n");

  77. 						break;

  78. 					}

  79. 					else {

  80. 						*remoteid = o82 + o82off;

  81. 						*remoteidlen = olen;

  82. 					}

  83. 				}

  84. 

  85. 				o82off+=olen;

  86. 			}

  87. 		}

  88. 

  89. 		offset+=len;

  90. 	}

  91. 

  92. 	// if we didn't find opt82.2, we fallback to the hw addr

  93. 	if ( *remoteidlen == 0 ) {

  94. 		// nope, we won't overflow

  95. 		if ( (uint8_t)pkt[hwlenpos] <= 16 ) {

  96. 			*remoteid = pkt+hwaddrpos;

  97. 			*remoteidlen = (uint8_t)pkt[hwlenpos];

  98. 		}

  99. 	}

  100. }