sd-dhcp-client: respect TP_STATUS_CSUMNOTREADY

If an UDP packet has not passed through a hardware device, its checksum may not
have been computed. This is exposed through the TP_STATUS_CSUMNOTREADY sockopt.

When using raw sockets, skip checksum validation when TP_STATUS_CSUMNOTREADY
is set.

This is necessary for dhcp to work directly over a veth tunnel, e.g. as done
in systemd-nspawn.

diff --git a/src/libsystemd-dhcp/dhcp-internal.h b/src/libsystemd-dhcp/dhcp-internal.h
index 7b2e35cac6ad793c2a7c3522cbe5a1f32046c499..ce83b81631b651f562adc159b7b09767895e27a3 100644 (file)
--- a/src/libsystemd-dhcp/dhcp-internal.h
+++ b/src/libsystemd-dhcp/dhcp-internal.h
@@ -50,6 +50,6 @@ int dhcp_message_init(DHCPMessage *message, uint8_t op, uint32_t xid, uint8_t ty
 
 void dhcp_packet_append_ip_headers(DHCPPacket *packet, uint16_t len);
 
-int dhcp_packet_verify_headers(DHCPPacket *packet, size_t len);
+int dhcp_packet_verify_headers(DHCPPacket *packet, size_t len, bool checksum);
 
 #define log_dhcp_client(client, fmt, ...) log_meta(LOG_DEBUG, __FILE__, __LINE__, __func__, "DHCP CLIENT: " fmt, ##__VA_ARGS__)

diff --git a/src/libsystemd-dhcp/dhcp-network.c b/src/libsystemd-dhcp/dhcp-network.c
index 6c9d4ef999aec6fc87b13c76676788c85cd0394e..934e8bf13ee5837755958870c6129c3a0caa4e29 100644 (file)
--- a/src/libsystemd-dhcp/dhcp-network.c
+++ b/src/libsystemd-dhcp/dhcp-network.c
@@ -32,7 +32,7 @@
 
 int dhcp_network_bind_raw_socket(int index, union sockaddr_union *link)
 {
-        int s;
+        int s, one = 1;
 
         assert(index > 0);
         assert(link);
@@ -48,6 +48,9 @@ int dhcp_network_bind_raw_socket(int index, union sockaddr_union *link)
         link->ll.sll_halen = ETH_ALEN;
         memset(link->ll.sll_addr, 0xff, ETH_ALEN);
 
+        if (setsockopt (s, SOL_PACKET, PACKET_AUXDATA, &one, sizeof(one)) < 0)
+                return -errno;
+
         if (bind(s, &link->sa, sizeof(link->ll)) < 0) {
                 close_nointr_nofail(s);
                 return -errno;

diff --git a/src/libsystemd-dhcp/dhcp-packet.c b/src/libsystemd-dhcp/dhcp-packet.c
index 1937de4252110106aa7abf1fb2ad7842bed43267..8388e5622278c811c8ab4d810d7addbf98991b94 100644 (file)
--- a/src/libsystemd-dhcp/dhcp-packet.c
+++ b/src/libsystemd-dhcp/dhcp-packet.c
@@ -113,7 +113,7 @@ void dhcp_packet_append_ip_headers(DHCPPacket *packet, uint16_t len) {
         packet->ip.check = dhcp_checksum(&packet->ip, DHCP_IP_SIZE);
 }
 
-int dhcp_packet_verify_headers(DHCPPacket *packet, size_t len) {
+int dhcp_packet_verify_headers(DHCPPacket *packet, size_t len, bool checksum) {
         size_t hdrlen;
 
         assert(packet);
@@ -168,7 +168,7 @@ int dhcp_packet_verify_headers(DHCPPacket *packet, size_t len) {
                 return -EINVAL;
         }
 
-        if (packet->udp.check) {
+        if (checksum && packet->udp.check) {
                 packet->ip.check = packet->udp.len;
                 packet->ip.ttl = 0;
 

diff --git a/src/libsystemd-dhcp/sd-dhcp-client.c b/src/libsystemd-dhcp/sd-dhcp-client.c
index ee6e89eacb8ef76eae6607ac15c74d069c692b1d..0c82260dfd2e46510188b8843c5f79eacd2b0de1 100644 (file)
--- a/src/libsystemd-dhcp/sd-dhcp-client.c
+++ b/src/libsystemd-dhcp/sd-dhcp-client.c
@@ -886,8 +886,18 @@ static int client_receive_message_raw(sd_event_source *s, int fd,
                                       uint32_t revents, void *userdata) {
         sd_dhcp_client *client = userdata;
         _cleanup_free_ DHCPPacket *packet = NULL;
-        int buflen = 0, len, r;
         usec_t time_now;
+        uint8_t cmsgbuf[CMSG_LEN(sizeof(struct tpacket_auxdata))];
+        struct iovec iov = {};
+        struct msghdr msg = {
+                .msg_iov = &iov,
+                .msg_iovlen = 1,
+                .msg_control = cmsgbuf,
+                .msg_controllen = sizeof(cmsgbuf),
+        };
+        struct cmsghdr *cmsg;
+        bool checksum = true;
+        int buflen = 0, len, r;
 
         assert(s);
         assert(client);
@@ -901,11 +911,26 @@ static int client_receive_message_raw(sd_event_source *s, int fd,
         if (!packet)
                 return -ENOMEM;
 
-        len = read(fd, packet, buflen);
-        if (len < 0)
+        iov.iov_base = packet;
+        iov.iov_len = buflen;
+
+        len = recvmsg(fd, &msg, 0);
+        if (len < 0) {
+                log_dhcp_client(client, "could not receive message from raw "
+                                "socket: %s", strerror(errno));
                 return 0;
+        }
+
+        for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
+                if (cmsg->cmsg_level == SOL_PACKET && cmsg->cmsg_type == PACKET_AUXDATA) {
+                        struct tpacket_auxdata *aux = (void *)CMSG_DATA(cmsg);
+
+                        checksum = !(aux->tp_status & TP_STATUS_CSUMNOTREADY);
+                        break;
+                }
+        }
 
-        r = dhcp_packet_verify_headers(packet, len);
+        r = dhcp_packet_verify_headers(packet, len, checksum);
         if (r < 0)
                 return 0;