ndis(4): Avoid overflow.
[freebsd-src.git] / lib / libstand / arp.c
blobe6175325f31a5c174f3549e491802b814e51f05c
1 /* $NetBSD: arp.c,v 1.18 1997/07/07 15:52:49 drochner Exp $ */
3 /*
4 * Copyright (c) 1992 Regents of the University of California.
5 * All rights reserved.
7 * This software was developed by the Computer Systems Engineering group
8 * at Lawrence Berkeley Laboratory under DARPA contract BG 91-66 and
9 * contributed to Berkeley.
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 4. Neither the name of the University nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
35 * @(#) Header: arp.c,v 1.5 93/07/15 05:52:26 leres Exp (LBL)
38 #include <sys/cdefs.h>
39 __FBSDID("$FreeBSD$");
41 #include <sys/types.h>
42 #include <sys/socket.h>
43 #include <net/if.h>
44 #include <netinet/in.h>
45 #include <netinet/if_ether.h>
47 #include <netinet/in_systm.h>
49 #include <string.h>
51 #include "stand.h"
52 #include "net.h"
54 /* Cache stuff */
55 #define ARP_NUM 8 /* need at most 3 arp entries */
57 struct arp_list {
58 struct in_addr addr;
59 u_char ea[6];
60 } arp_list[ARP_NUM] = {
61 /* XXX - net order `INADDR_BROADCAST' must be a constant */
62 { {0xffffffff}, BA }
64 int arp_num = 1;
66 /* Local forwards */
67 static ssize_t arpsend(struct iodesc *, void *, size_t);
68 static ssize_t arprecv(struct iodesc *, void *, size_t, time_t);
70 /* Broadcast an ARP packet, asking who has addr on interface d */
71 u_char *
72 arpwhohas(d, addr)
73 struct iodesc *d;
74 struct in_addr addr;
76 int i;
77 struct ether_arp *ah;
78 struct arp_list *al;
79 struct {
80 struct ether_header eh;
81 struct {
82 struct ether_arp arp;
83 u_char pad[18]; /* 60 - sizeof(...) */
84 } data;
85 } wbuf;
86 struct {
87 struct ether_header eh;
88 struct {
89 struct ether_arp arp;
90 u_char pad[24]; /* extra space */
91 } data;
92 } rbuf;
94 /* Try for cached answer first */
95 for (i = 0, al = arp_list; i < arp_num; ++i, ++al)
96 if (addr.s_addr == al->addr.s_addr)
97 return (al->ea);
99 /* Don't overflow cache */
100 if (arp_num > ARP_NUM - 1) {
101 arp_num = 1; /* recycle */
102 printf("arpwhohas: overflowed arp_list!\n");
105 #ifdef ARP_DEBUG
106 if (debug)
107 printf("arpwhohas: send request for %s\n", inet_ntoa(addr));
108 #endif
110 bzero((char*)&wbuf.data, sizeof(wbuf.data));
111 ah = &wbuf.data.arp;
112 ah->arp_hrd = htons(ARPHRD_ETHER);
113 ah->arp_pro = htons(ETHERTYPE_IP);
114 ah->arp_hln = sizeof(ah->arp_sha); /* hardware address length */
115 ah->arp_pln = sizeof(ah->arp_spa); /* protocol address length */
116 ah->arp_op = htons(ARPOP_REQUEST);
117 MACPY(d->myea, ah->arp_sha);
118 bcopy(&d->myip, ah->arp_spa, sizeof(ah->arp_spa));
119 /* Leave zeros in arp_tha */
120 bcopy(&addr, ah->arp_tpa, sizeof(ah->arp_tpa));
122 /* Store ip address in cache (incomplete entry). */
123 al->addr = addr;
125 i = sendrecv(d,
126 arpsend, &wbuf.data, sizeof(wbuf.data),
127 arprecv, &rbuf.data, sizeof(rbuf.data));
128 if (i == -1) {
129 panic("arp: no response for %s\n",
130 inet_ntoa(addr));
133 /* Store ethernet address in cache */
134 ah = &rbuf.data.arp;
135 #ifdef ARP_DEBUG
136 if (debug) {
137 printf("arp: response from %s\n",
138 ether_sprintf(rbuf.eh.ether_shost));
139 printf("arp: cacheing %s --> %s\n",
140 inet_ntoa(addr), ether_sprintf(ah->arp_sha));
142 #endif
143 MACPY(ah->arp_sha, al->ea);
144 ++arp_num;
146 return (al->ea);
149 static ssize_t
150 arpsend(d, pkt, len)
151 struct iodesc *d;
152 void *pkt;
153 size_t len;
156 #ifdef ARP_DEBUG
157 if (debug)
158 printf("arpsend: called\n");
159 #endif
161 return (sendether(d, pkt, len, bcea, ETHERTYPE_ARP));
165 * Returns 0 if this is the packet we're waiting for
166 * else -1 (and errno == 0)
168 static ssize_t
169 arprecv(d, pkt, len, tleft)
170 struct iodesc *d;
171 void *pkt;
172 size_t len;
173 time_t tleft;
175 ssize_t n;
176 struct ether_arp *ah;
177 u_int16_t etype; /* host order */
179 #ifdef ARP_DEBUG
180 if (debug)
181 printf("arprecv: ");
182 #endif
184 n = readether(d, pkt, len, tleft, &etype);
185 errno = 0; /* XXX */
186 if (n == -1 || n < sizeof(struct ether_arp)) {
187 #ifdef ARP_DEBUG
188 if (debug)
189 printf("bad len=%d\n", n);
190 #endif
191 return (-1);
194 if (etype != ETHERTYPE_ARP) {
195 #ifdef ARP_DEBUG
196 if (debug)
197 printf("not arp type=%d\n", etype);
198 #endif
199 return (-1);
202 /* Ethernet address now checked in readether() */
204 ah = (struct ether_arp *)pkt;
205 if (ah->arp_hrd != htons(ARPHRD_ETHER) ||
206 ah->arp_pro != htons(ETHERTYPE_IP) ||
207 ah->arp_hln != sizeof(ah->arp_sha) ||
208 ah->arp_pln != sizeof(ah->arp_spa) )
210 #ifdef ARP_DEBUG
211 if (debug)
212 printf("bad hrd/pro/hln/pln\n");
213 #endif
214 return (-1);
217 if (ah->arp_op == htons(ARPOP_REQUEST)) {
218 #ifdef ARP_DEBUG
219 if (debug)
220 printf("is request\n");
221 #endif
222 arp_reply(d, ah);
223 return (-1);
226 if (ah->arp_op != htons(ARPOP_REPLY)) {
227 #ifdef ARP_DEBUG
228 if (debug)
229 printf("not ARP reply\n");
230 #endif
231 return (-1);
234 /* Is the reply from the source we want? */
235 if (bcmp(&arp_list[arp_num].addr,
236 ah->arp_spa, sizeof(ah->arp_spa)))
238 #ifdef ARP_DEBUG
239 if (debug)
240 printf("unwanted address\n");
241 #endif
242 return (-1);
244 /* We don't care who the reply was sent to. */
246 /* We have our answer. */
247 #ifdef ARP_DEBUG
248 if (debug)
249 printf("got it\n");
250 #endif
251 return (n);
255 * Convert an ARP request into a reply and send it.
256 * Notes: Re-uses buffer. Pad to length = 46.
258 void
259 arp_reply(d, pkt)
260 struct iodesc *d;
261 void *pkt; /* the request */
263 struct ether_arp *arp = pkt;
265 if (arp->arp_hrd != htons(ARPHRD_ETHER) ||
266 arp->arp_pro != htons(ETHERTYPE_IP) ||
267 arp->arp_hln != sizeof(arp->arp_sha) ||
268 arp->arp_pln != sizeof(arp->arp_spa) )
270 #ifdef ARP_DEBUG
271 if (debug)
272 printf("arp_reply: bad hrd/pro/hln/pln\n");
273 #endif
274 return;
277 if (arp->arp_op != htons(ARPOP_REQUEST)) {
278 #ifdef ARP_DEBUG
279 if (debug)
280 printf("arp_reply: not request!\n");
281 #endif
282 return;
285 /* If we are not the target, ignore the request. */
286 if (bcmp(arp->arp_tpa, &d->myip, sizeof(arp->arp_tpa)))
287 return;
289 #ifdef ARP_DEBUG
290 if (debug) {
291 printf("arp_reply: to %s\n", ether_sprintf(arp->arp_sha));
293 #endif
295 arp->arp_op = htons(ARPOP_REPLY);
296 /* source becomes target */
297 bcopy(arp->arp_sha, arp->arp_tha, sizeof(arp->arp_tha));
298 bcopy(arp->arp_spa, arp->arp_tpa, sizeof(arp->arp_tpa));
299 /* here becomes source */
300 bcopy(d->myea, arp->arp_sha, sizeof(arp->arp_sha));
301 bcopy(&d->myip, arp->arp_spa, sizeof(arp->arp_spa));
304 * No need to get fancy here. If the send fails, the
305 * requestor will just ask again.
307 (void) sendether(d, pkt, sizeof(*arp) + 18,
308 arp->arp_tha, ETHERTYPE_ARP);