AP: Add support for Proxy ARP, DHCP snooping mechanism
Proxy ARP allows the AP devices to keep track of the hardware address to
IP address mapping of the STA devices within the BSS. When a request for
such information is made (i.e., ARP request, Neighbor Solicitation), the
AP will respond on behalf of the STA device within the BSS. Such
requests could originate from a device within the BSS or also from the
bridge. In the process of the AP replying to the request (i.e., ARP
reply, Neighbor Advertisement), the AP will drop the original request
frame. The relevant STA will not even know that such information was
ever requested.
This feature is a requirement for Hotspot 2.0, and is defined in IEEE
Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly
resides in the kernel bridge code, in order to optimize the performance
and simplify kernel implementation, the DHCP snooping code was added to
the hostapd.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-26 07:32:55 +02:00
|
|
|
/*
|
|
|
|
|
* DHCP snooping for Proxy ARP
|
|
|
|
|
* Copyright (c) 2014, Qualcomm Atheros, Inc.
|
|
|
|
|
*
|
|
|
|
|
* This software may be distributed under the terms of the BSD license.
|
|
|
|
|
* See README for more details.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include "utils/includes.h"
|
|
|
|
|
|
|
|
|
|
#include "utils/common.h"
|
2017-01-31 12:52:58 +01:00
|
|
|
#include "common/dhcp.h"
|
AP: Add support for Proxy ARP, DHCP snooping mechanism
Proxy ARP allows the AP devices to keep track of the hardware address to
IP address mapping of the STA devices within the BSS. When a request for
such information is made (i.e., ARP request, Neighbor Solicitation), the
AP will respond on behalf of the STA device within the BSS. Such
requests could originate from a device within the BSS or also from the
bridge. In the process of the AP replying to the request (i.e., ARP
reply, Neighbor Advertisement), the AP will drop the original request
frame. The relevant STA will not even know that such information was
ever requested.
This feature is a requirement for Hotspot 2.0, and is defined in IEEE
Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly
resides in the kernel bridge code, in order to optimize the performance
and simplify kernel implementation, the DHCP snooping code was added to
the hostapd.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-26 07:32:55 +02:00
|
|
|
#include "l2_packet/l2_packet.h"
|
|
|
|
|
#include "hostapd.h"
|
|
|
|
|
#include "sta_info.h"
|
|
|
|
|
#include "ap_drv_ops.h"
|
2014-11-01 02:18:35 +01:00
|
|
|
#include "x_snoop.h"
|
AP: Add support for Proxy ARP, DHCP snooping mechanism
Proxy ARP allows the AP devices to keep track of the hardware address to
IP address mapping of the STA devices within the BSS. When a request for
such information is made (i.e., ARP request, Neighbor Solicitation), the
AP will respond on behalf of the STA device within the BSS. Such
requests could originate from a device within the BSS or also from the
bridge. In the process of the AP replying to the request (i.e., ARP
reply, Neighbor Advertisement), the AP will drop the original request
frame. The relevant STA will not even know that such information was
ever requested.
This feature is a requirement for Hotspot 2.0, and is defined in IEEE
Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly
resides in the kernel bridge code, in order to optimize the performance
and simplify kernel implementation, the DHCP snooping code was added to
the hostapd.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-26 07:32:55 +02:00
|
|
|
#include "dhcp_snoop.h"
|
|
|
|
|
|
|
|
|
|
|
2015-01-30 17:38:47 +01:00
|
|
|
static const char * ipaddr_str(u32 addr)
|
|
|
|
|
{
|
|
|
|
|
static char buf[17];
|
|
|
|
|
|
|
|
|
|
os_snprintf(buf, sizeof(buf), "%u.%u.%u.%u",
|
|
|
|
|
(addr >> 24) & 0xff, (addr >> 16) & 0xff,
|
|
|
|
|
(addr >> 8) & 0xff, addr & 0xff);
|
|
|
|
|
return buf;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
AP: Add support for Proxy ARP, DHCP snooping mechanism
Proxy ARP allows the AP devices to keep track of the hardware address to
IP address mapping of the STA devices within the BSS. When a request for
such information is made (i.e., ARP request, Neighbor Solicitation), the
AP will respond on behalf of the STA device within the BSS. Such
requests could originate from a device within the BSS or also from the
bridge. In the process of the AP replying to the request (i.e., ARP
reply, Neighbor Advertisement), the AP will drop the original request
frame. The relevant STA will not even know that such information was
ever requested.
This feature is a requirement for Hotspot 2.0, and is defined in IEEE
Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly
resides in the kernel bridge code, in order to optimize the performance
and simplify kernel implementation, the DHCP snooping code was added to
the hostapd.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-26 07:32:55 +02:00
|
|
|
static void handle_dhcp(void *ctx, const u8 *src_addr, const u8 *buf,
|
|
|
|
|
size_t len)
|
|
|
|
|
{
|
|
|
|
|
struct hostapd_data *hapd = ctx;
|
|
|
|
|
const struct bootp_pkt *b;
|
|
|
|
|
struct sta_info *sta;
|
|
|
|
|
int exten_len;
|
|
|
|
|
const u8 *end, *pos;
|
|
|
|
|
int res, msgtype = 0, prefixlen = 32;
|
|
|
|
|
u32 subnet_mask = 0;
|
2014-11-28 21:31:38 +01:00
|
|
|
u16 tot_len;
|
AP: Add support for Proxy ARP, DHCP snooping mechanism
Proxy ARP allows the AP devices to keep track of the hardware address to
IP address mapping of the STA devices within the BSS. When a request for
such information is made (i.e., ARP request, Neighbor Solicitation), the
AP will respond on behalf of the STA device within the BSS. Such
requests could originate from a device within the BSS or also from the
bridge. In the process of the AP replying to the request (i.e., ARP
reply, Neighbor Advertisement), the AP will drop the original request
frame. The relevant STA will not even know that such information was
ever requested.
This feature is a requirement for Hotspot 2.0, and is defined in IEEE
Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly
resides in the kernel bridge code, in order to optimize the performance
and simplify kernel implementation, the DHCP snooping code was added to
the hostapd.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-26 07:32:55 +02:00
|
|
|
|
|
|
|
|
exten_len = len - ETH_HLEN - (sizeof(*b) - sizeof(b->exten));
|
|
|
|
|
if (exten_len < 4)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
b = (const struct bootp_pkt *) &buf[ETH_HLEN];
|
2014-11-28 21:31:38 +01:00
|
|
|
tot_len = ntohs(b->iph.tot_len);
|
|
|
|
|
if (tot_len > (unsigned int) (len - ETH_HLEN))
|
|
|
|
|
return;
|
|
|
|
|
|
2017-01-31 12:52:58 +01:00
|
|
|
if (WPA_GET_BE32(b->exten) != DHCP_MAGIC)
|
AP: Add support for Proxy ARP, DHCP snooping mechanism
Proxy ARP allows the AP devices to keep track of the hardware address to
IP address mapping of the STA devices within the BSS. When a request for
such information is made (i.e., ARP request, Neighbor Solicitation), the
AP will respond on behalf of the STA device within the BSS. Such
requests could originate from a device within the BSS or also from the
bridge. In the process of the AP replying to the request (i.e., ARP
reply, Neighbor Advertisement), the AP will drop the original request
frame. The relevant STA will not even know that such information was
ever requested.
This feature is a requirement for Hotspot 2.0, and is defined in IEEE
Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly
resides in the kernel bridge code, in order to optimize the performance
and simplify kernel implementation, the DHCP snooping code was added to
the hostapd.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-26 07:32:55 +02:00
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
/* Parse DHCP options */
|
2014-11-28 21:31:38 +01:00
|
|
|
end = (const u8 *) b + tot_len;
|
AP: Add support for Proxy ARP, DHCP snooping mechanism
Proxy ARP allows the AP devices to keep track of the hardware address to
IP address mapping of the STA devices within the BSS. When a request for
such information is made (i.e., ARP request, Neighbor Solicitation), the
AP will respond on behalf of the STA device within the BSS. Such
requests could originate from a device within the BSS or also from the
bridge. In the process of the AP replying to the request (i.e., ARP
reply, Neighbor Advertisement), the AP will drop the original request
frame. The relevant STA will not even know that such information was
ever requested.
This feature is a requirement for Hotspot 2.0, and is defined in IEEE
Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly
resides in the kernel bridge code, in order to optimize the performance
and simplify kernel implementation, the DHCP snooping code was added to
the hostapd.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-26 07:32:55 +02:00
|
|
|
pos = &b->exten[4];
|
2017-01-31 12:52:58 +01:00
|
|
|
while (pos < end && *pos != DHCP_OPT_END) {
|
AP: Add support for Proxy ARP, DHCP snooping mechanism
Proxy ARP allows the AP devices to keep track of the hardware address to
IP address mapping of the STA devices within the BSS. When a request for
such information is made (i.e., ARP request, Neighbor Solicitation), the
AP will respond on behalf of the STA device within the BSS. Such
requests could originate from a device within the BSS or also from the
bridge. In the process of the AP replying to the request (i.e., ARP
reply, Neighbor Advertisement), the AP will drop the original request
frame. The relevant STA will not even know that such information was
ever requested.
This feature is a requirement for Hotspot 2.0, and is defined in IEEE
Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly
resides in the kernel bridge code, in order to optimize the performance
and simplify kernel implementation, the DHCP snooping code was added to
the hostapd.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-26 07:32:55 +02:00
|
|
|
const u8 *opt = pos++;
|
|
|
|
|
|
2017-01-31 12:52:58 +01:00
|
|
|
if (*opt == DHCP_OPT_PAD)
|
AP: Add support for Proxy ARP, DHCP snooping mechanism
Proxy ARP allows the AP devices to keep track of the hardware address to
IP address mapping of the STA devices within the BSS. When a request for
such information is made (i.e., ARP request, Neighbor Solicitation), the
AP will respond on behalf of the STA device within the BSS. Such
requests could originate from a device within the BSS or also from the
bridge. In the process of the AP replying to the request (i.e., ARP
reply, Neighbor Advertisement), the AP will drop the original request
frame. The relevant STA will not even know that such information was
ever requested.
This feature is a requirement for Hotspot 2.0, and is defined in IEEE
Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly
resides in the kernel bridge code, in order to optimize the performance
and simplify kernel implementation, the DHCP snooping code was added to
the hostapd.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-26 07:32:55 +02:00
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
pos += *pos + 1;
|
|
|
|
|
if (pos >= end)
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
switch (*opt) {
|
2017-01-31 12:52:58 +01:00
|
|
|
case DHCP_OPT_SUBNET_MASK:
|
AP: Add support for Proxy ARP, DHCP snooping mechanism
Proxy ARP allows the AP devices to keep track of the hardware address to
IP address mapping of the STA devices within the BSS. When a request for
such information is made (i.e., ARP request, Neighbor Solicitation), the
AP will respond on behalf of the STA device within the BSS. Such
requests could originate from a device within the BSS or also from the
bridge. In the process of the AP replying to the request (i.e., ARP
reply, Neighbor Advertisement), the AP will drop the original request
frame. The relevant STA will not even know that such information was
ever requested.
This feature is a requirement for Hotspot 2.0, and is defined in IEEE
Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly
resides in the kernel bridge code, in order to optimize the performance
and simplify kernel implementation, the DHCP snooping code was added to
the hostapd.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-26 07:32:55 +02:00
|
|
|
if (opt[1] == 4)
|
|
|
|
|
subnet_mask = WPA_GET_BE32(&opt[2]);
|
|
|
|
|
if (subnet_mask == 0)
|
|
|
|
|
return;
|
|
|
|
|
while (!(subnet_mask & 0x1)) {
|
|
|
|
|
subnet_mask >>= 1;
|
|
|
|
|
prefixlen--;
|
|
|
|
|
}
|
|
|
|
|
break;
|
2017-01-31 12:52:58 +01:00
|
|
|
case DHCP_OPT_MSG_TYPE:
|
AP: Add support for Proxy ARP, DHCP snooping mechanism
Proxy ARP allows the AP devices to keep track of the hardware address to
IP address mapping of the STA devices within the BSS. When a request for
such information is made (i.e., ARP request, Neighbor Solicitation), the
AP will respond on behalf of the STA device within the BSS. Such
requests could originate from a device within the BSS or also from the
bridge. In the process of the AP replying to the request (i.e., ARP
reply, Neighbor Advertisement), the AP will drop the original request
frame. The relevant STA will not even know that such information was
ever requested.
This feature is a requirement for Hotspot 2.0, and is defined in IEEE
Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly
resides in the kernel bridge code, in order to optimize the performance
and simplify kernel implementation, the DHCP snooping code was added to
the hostapd.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-26 07:32:55 +02:00
|
|
|
if (opt[1])
|
|
|
|
|
msgtype = opt[2];
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (msgtype == DHCPACK) {
|
|
|
|
|
if (b->your_ip == 0)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
/* DHCPACK for DHCPREQUEST */
|
|
|
|
|
sta = ap_get_sta(hapd, b->hw_addr);
|
|
|
|
|
if (!sta)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "dhcp_snoop: Found DHCPACK for " MACSTR
|
2015-01-30 17:38:47 +01:00
|
|
|
" @ IPv4 address %s/%d",
|
2016-06-24 00:47:54 +02:00
|
|
|
MAC2STR(sta->addr),
|
|
|
|
|
ipaddr_str(be_to_host32(b->your_ip)),
|
2015-01-30 17:38:47 +01:00
|
|
|
prefixlen);
|
AP: Add support for Proxy ARP, DHCP snooping mechanism
Proxy ARP allows the AP devices to keep track of the hardware address to
IP address mapping of the STA devices within the BSS. When a request for
such information is made (i.e., ARP request, Neighbor Solicitation), the
AP will respond on behalf of the STA device within the BSS. Such
requests could originate from a device within the BSS or also from the
bridge. In the process of the AP replying to the request (i.e., ARP
reply, Neighbor Advertisement), the AP will drop the original request
frame. The relevant STA will not even know that such information was
ever requested.
This feature is a requirement for Hotspot 2.0, and is defined in IEEE
Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly
resides in the kernel bridge code, in order to optimize the performance
and simplify kernel implementation, the DHCP snooping code was added to
the hostapd.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-26 07:32:55 +02:00
|
|
|
|
|
|
|
|
if (sta->ipaddr == b->your_ip)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
if (sta->ipaddr != 0) {
|
|
|
|
|
wpa_printf(MSG_DEBUG,
|
2015-01-30 17:38:47 +01:00
|
|
|
"dhcp_snoop: Removing IPv4 address %s from the ip neigh table",
|
|
|
|
|
ipaddr_str(be_to_host32(sta->ipaddr)));
|
2014-11-06 01:15:46 +01:00
|
|
|
hostapd_drv_br_delete_ip_neigh(hapd, 4,
|
|
|
|
|
(u8 *) &sta->ipaddr);
|
AP: Add support for Proxy ARP, DHCP snooping mechanism
Proxy ARP allows the AP devices to keep track of the hardware address to
IP address mapping of the STA devices within the BSS. When a request for
such information is made (i.e., ARP request, Neighbor Solicitation), the
AP will respond on behalf of the STA device within the BSS. Such
requests could originate from a device within the BSS or also from the
bridge. In the process of the AP replying to the request (i.e., ARP
reply, Neighbor Advertisement), the AP will drop the original request
frame. The relevant STA will not even know that such information was
ever requested.
This feature is a requirement for Hotspot 2.0, and is defined in IEEE
Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly
resides in the kernel bridge code, in order to optimize the performance
and simplify kernel implementation, the DHCP snooping code was added to
the hostapd.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-26 07:32:55 +02:00
|
|
|
}
|
|
|
|
|
|
2014-11-06 01:15:46 +01:00
|
|
|
res = hostapd_drv_br_add_ip_neigh(hapd, 4, (u8 *) &b->your_ip,
|
|
|
|
|
prefixlen, sta->addr);
|
AP: Add support for Proxy ARP, DHCP snooping mechanism
Proxy ARP allows the AP devices to keep track of the hardware address to
IP address mapping of the STA devices within the BSS. When a request for
such information is made (i.e., ARP request, Neighbor Solicitation), the
AP will respond on behalf of the STA device within the BSS. Such
requests could originate from a device within the BSS or also from the
bridge. In the process of the AP replying to the request (i.e., ARP
reply, Neighbor Advertisement), the AP will drop the original request
frame. The relevant STA will not even know that such information was
ever requested.
This feature is a requirement for Hotspot 2.0, and is defined in IEEE
Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly
resides in the kernel bridge code, in order to optimize the performance
and simplify kernel implementation, the DHCP snooping code was added to
the hostapd.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-26 07:32:55 +02:00
|
|
|
if (res) {
|
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
|
"dhcp_snoop: Adding ip neigh table failed: %d",
|
|
|
|
|
res);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
sta->ipaddr = b->your_ip;
|
|
|
|
|
}
|
2014-11-03 23:10:24 +01:00
|
|
|
|
|
|
|
|
if (hapd->conf->disable_dgaf && is_broadcast_ether_addr(buf)) {
|
2014-11-28 17:36:40 +01:00
|
|
|
for (sta = hapd->sta_list; sta; sta = sta->next) {
|
|
|
|
|
if (!(sta->flags & WLAN_STA_AUTHORIZED))
|
|
|
|
|
continue;
|
2014-11-03 23:10:24 +01:00
|
|
|
x_snoop_mcast_to_ucast_convert_send(hapd, sta,
|
|
|
|
|
(u8 *) buf, len);
|
2014-11-28 17:36:40 +01:00
|
|
|
}
|
2014-11-03 23:10:24 +01:00
|
|
|
}
|
AP: Add support for Proxy ARP, DHCP snooping mechanism
Proxy ARP allows the AP devices to keep track of the hardware address to
IP address mapping of the STA devices within the BSS. When a request for
such information is made (i.e., ARP request, Neighbor Solicitation), the
AP will respond on behalf of the STA device within the BSS. Such
requests could originate from a device within the BSS or also from the
bridge. In the process of the AP replying to the request (i.e., ARP
reply, Neighbor Advertisement), the AP will drop the original request
frame. The relevant STA will not even know that such information was
ever requested.
This feature is a requirement for Hotspot 2.0, and is defined in IEEE
Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly
resides in the kernel bridge code, in order to optimize the performance
and simplify kernel implementation, the DHCP snooping code was added to
the hostapd.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-26 07:32:55 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
int dhcp_snoop_init(struct hostapd_data *hapd)
|
|
|
|
|
{
|
2014-11-01 02:18:35 +01:00
|
|
|
hapd->sock_dhcp = x_snoop_get_l2_packet(hapd, handle_dhcp,
|
|
|
|
|
L2_PACKET_FILTER_DHCP);
|
AP: Add support for Proxy ARP, DHCP snooping mechanism
Proxy ARP allows the AP devices to keep track of the hardware address to
IP address mapping of the STA devices within the BSS. When a request for
such information is made (i.e., ARP request, Neighbor Solicitation), the
AP will respond on behalf of the STA device within the BSS. Such
requests could originate from a device within the BSS or also from the
bridge. In the process of the AP replying to the request (i.e., ARP
reply, Neighbor Advertisement), the AP will drop the original request
frame. The relevant STA will not even know that such information was
ever requested.
This feature is a requirement for Hotspot 2.0, and is defined in IEEE
Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly
resides in the kernel bridge code, in order to optimize the performance
and simplify kernel implementation, the DHCP snooping code was added to
the hostapd.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-26 07:32:55 +02:00
|
|
|
if (hapd->sock_dhcp == NULL) {
|
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
|
"dhcp_snoop: Failed to initialize L2 packet processing for DHCP packet: %s",
|
|
|
|
|
strerror(errno));
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void dhcp_snoop_deinit(struct hostapd_data *hapd)
|
|
|
|
|
{
|
|
|
|
|
l2_packet_deinit(hapd->sock_dhcp);
|
|
|
|
|
}
|
